Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,741,682 Members 42,146 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Change Bluetooth Address

Tip us?
 
RodneyMcKay
Old
(Last edited by RodneyMcKay; 26th May 2014 at 06:45 AM.) Reason: Fixed-Info Confirmed
#1  
Member - OP
Thanks Meter 2
Posts: 41
Join Date: Dec 2008
Default [Q] Change Bluetooth Address

I'm looking for some help verifying a few bits of information before I take a leap and risk bricking my phone. I need to change my bluetooth address. With any luck back to my original hardware address. I do have the original address, as "btnvtool -p" outputs a different address than is reported in 'about phone' -> 'status'. I problem is that both my wife and I have the same phone with the same ROM history, and now we both have the same improper mac address.

By way of links provided by another helpful users I have partial information in Russian. http://4pda.ru/forum/index.php?showt...#entry28414922 post 6853. I think I understand what to do via google translate and my partial understanding of how this works. The post points me to the /misc partition but I can't find any useful information about the partition for this phone that would backup the claims. Also the specific location that the post references, offset 4000, contains a string "ANDROID-BOOT!". While "ANDROI" is hex of 414E44524F49 which matches my incorrect mac address, the fact that it says "BOOT" makes me worry about changing it.

I'm hoping someone can help me any verify that this string isn't part of the boot process, or that the /misc partition isn't required to boot recovery. I feel fairly confident that I could create a flashable zip to restore a backup of this partition if needed. Below is my cleaned translation of the Russian post. If anyone with an e970 and a proper BT address could complete the first half, dd the partition to a file and check out the contents in a hex editor, I would feel much better about doing the rest.

Code:
Select Code
Hello, using this method you can restore your original Bluetooth addresses. The active mac address is in raw MISC partition at hex  offset 4000, it is not spelled out or anything. 
perform the following (root is required)

ADB shell
su 
dd if=/dev/block/platform/msm_sdcc.1/by-name/misc of=/sdcard/misc.img
    and get at the file on the SD card and in a HEX editor zero the MAC address starting at hex offset 4000, save the file. Save the changed file to your phone: 
su 
dd if=/sdcard/misc.img of=/dev/block/platform/msm_sdcc.1/by-name/misc
reboot 

After rebooting the details in the “About Phone” should show the real MAC BT.
----------

So I found a little corroborating evidence to this post. I found this post about the LS970(Sprint LGOG) stating that "All rooted LGOG Bluetooth MAC addresses are 41:4E:44:52:4F:49". Reading the thread a bit, I found a link to a "BT MAC FIX" script found with this kernel.

Looking at what the file does, it uses btnvtool to get the real mac and writes it to byte 16384 ( hex 4000 ) of the misc partition. Seeing as this file has people confirming it works, I took the leap. It worked. Problem solved.

Sound like to me this is a problem as old as unlocking with freegee. Could be wrong but that seems like the common denominator to me from the posts I was reading. And yes for the record, now the dump of the misc partition now reads "******D-BOOT!" *s to hide my real mac.
 
mindstormsguy
Old
#2  
Member
Thanks Meter 9
Posts: 34
Join Date: Oct 2012
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
 
WJThomas
Old
#3  
Senior Member
Thanks Meter 59
Posts: 100
Join Date: Jan 2012
Quote:
Originally Posted by mindstormsguy View Post
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
I believe everyone that used freegee to root/unlock have the corrupted BTmac address. I also believe that it is only an issue when two of these devices try to use BT in close proximity, but you never know what device the person beside you will have.

I had not done anything about my BT until just now. The .zip just puts a script in the userinit.d folder. The script is run every boot. I do not recall what my BTmac address was, but the script does change it from the default.

I deleted the script and rebooted. My BTmac address reverted back to the default. I restored the script and my BTmac address changed back. This shows that the change is not permanent, and the script needs to be run every boot.

Did you flash the .zip, or just extract and run the script?
Tags
bt bluetooth mac misc e970
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes