参考:
How I hacked Google Daydream controller
How I hacked Google Daydream controller (Part IV)
反编译代码:
private static UUID A = UUID.fromString("0000180f-0000-1000-8000-00805f9b34fb");
static final String a = bbr.class.getSimpleName();
public static final UUID d = UUID.fromString("00002902-0000-1000-8000-00805f9b34fb");
public static final UUID e = UUID.fromString("0000180a-0000-1000-8000-00805f9b34fb");
public static final UUID f = UUID.fromString("00002a29-0000-1000-8000-00805f9b34fb");
public static final UUID g = UUID.fromString("00002a24-0000-1000-8000-00805f9b34fb");
public static final UUID h = UUID.fromString("00002a25-0000-1000-8000-00805f9b34fb");
public static final UUID i = UUID.fromString("00002a26-0000-1000-8000-00805f9b34fb");
public static final UUID j = UUID.fromString("00002a28-0000-1000-8000-00805f9b34fb");
public static final UUID k = UUID.fromString("00002a27-0000-1000-8000-00805f9b34fb");
public static final UUID l = UUID.fromString("00002a19-0000-1000-8000-00805f9b34fb");
public static final UUID m = UUID.fromString("0000fef5-0000-1000-8000-00805f9b34fb");
public static final UUID n = UUID.fromString("0000fe55-0000-1000-8000-00805f9b34fb");
private final VrCoreApplication B;
private BluetoothDevice C;
static final String A = bcj.class.getSimpleName();
private static UUID C = UUID.fromString("00000001-1000-1000-8000-00805f9b34fb");
private static UUID D = UUID.fromString("00000002-1000-1000-8000-00805f9b34fb");
if (C.equals(paramBluetoothGattCharacteristic.getUuid()))
{
localObject4 = paramBluetoothGattCharacteristic.getValue();
paramBluetoothGattCharacteristic = this.P;
if (localObject4 != null) {}
try
{
Object localObject1 = this.O;
if (localObject4.length < 19)
{
localObject1 = bbq.a;
i = localObject4.length;
localObject4 = new java/lang/StringBuilder;
((StringBuilder)localObject4).<init>(46);
Log.e((String)localObject1, "Invalid number of bytes to decode: " + i);
i = 0;
if (i != 0) {
break label781;
}
}
}
finally {}
}
}
((bbq)localObject2).b = ((byte[])localObject4);
((bbq)localObject2).c = 0;
((bbq)localObject2).d = ((bbq)localObject2).a(9, false);
((bbq)localObject2).a(5, false);
int i5 = ((bbq)localObject2).a(13, true);
int i = ((bbq)localObject2).a(13, true);
int i7 = ((bbq)localObject2).a(13, true);
int i4 = ((bbq)localObject2).a(13, true);
int i1 = ((bbq)localObject2).a(13, true);
int n = ((bbq)localObject2).a(13, true);
int j = ((bbq)localObject2).a(13, true);
int m = ((bbq)localObject2).a(13, true);
int i2 = ((bbq)localObject2).a(13, true);
int k = ((bbq)localObject2).a(8, false);
int i3 = ((bbq)localObject2).a(8, false);
int i6 = ((bbq)localObject2).a(5, false);
((bbq)localObject2).s[0] = bbq.a(i5);
((bbq)localObject2).s[1] = bbq.a(i);
((bbq)localObject2).s[2] = bbq.a(i7);
float[] arrayOfFloat = ((bbq)localObject2).s;
Object localObject4 = ((bbq)localObject2).t;
float f2 = arrayOfFloat[0];
float f3 = arrayOfFloat[1];
float f1 = arrayOfFloat[2];
float f4 = f2 * f2 + f3 * f3 + f1 * f1;
数据帧定义:
Daydream Controller数据帧格式,按照bit位定义如下, bit000~bit008:时间戳(0~511) bit009~bit013:包号(0~31) bit014~bit026:地磁 X bit027~bit039:地磁 Y bit040~bit052:地磁 Z bit053~bit065:ACC X bit066~bit078:ACC Y bit079~bit091:ACC Z bit092~bit104:Gyro X bit105~bit117:Gyro Y bit118~bit130:Gyro Z bit131~bit138:Touch X bit139~bit146:Touch Y bit147:Click bit148:Home bit149:App bit150:Volume - bit151:Volume +
原始数据:
解析结果:
Connection Interval:
硬件及软件信息:
MCU:Dialog DA14681 Touch: IQS525 Battery: Coslight CA491539P(218-mAh) LMP Version: Bluetooth Core Specification 4.1 Service: 0000fe55-0000-1000-8000-00805f9b34fb Characteristic:00000001-1000-1000-8000-00805f9b34fb Characteristic property:Notification
相关资源:
