Changing BLE MAC address in SDK 3.5.2

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
JeGu_2199941
Level 5
Level 5
25 likes received 10 likes received 10 likes given

There is a bug in SDK versions prior to 3.5.2 (included), where the device fails to pair with a peer after the stock API "wiced_bt_set_local_bdaddr" is called.

BCM4343w modules have the same Bluetooth MAC address

Re: Changing Bluetooth MAC address with Wi-Fi SDK 3.3.1 

And here are some workarounds for this issue. (without using the stock API at all)

Purpose:

1. assign BLE MAC address at compile time

2. change BLE MAC address at run time

The default BLE MAC used at run time is stored in APP_CODE binary.

It actually comes from libraries/drivers/bluetooth/firmware/<MODEL>/<FREQUENCY>/bt_firmware_image.c

Where <MODEL> and <FREQUENCY> can be found in platform definitions.

For example, in my case <MODEL>=43438A1, <FREQUENCY>=37_4MHz.

Find the stock BLE MAC address in the file and modify as you want. (the byte order may be different from your convention)

const uint8_t brcm_patchram_buf[] =

{

        0x4C,0xFC,0x46,0x00,0x17,0x21,0x00,0x42,0x52,0x43,0x4D,0x63,0x66,0x67,0x53,0x00,

        0x00,0x00,0x00,0x32,0x00,0x00,0x00,0x01,0x01,0x04,0x18,0x92,0x00,0x00,0x00,0x03,

//        0x06,0xAC,0x1F,0x12,0xA1,0x43,0x43,0x00,0x01,0x1C,0x42,0x17,0x21,0x00,0x00,0x00,

        0x06,

#ifdef REVERSED_PRODUCT_MAC_ADDRESS_BYTES

      REVERSED_PRODUCT_MAC_ADDRESS_BYTES,

#else

          0xAC,0x1F,0x12,0xA1,0x43,0x43,

#endif

                                0x00,0x01,0x1C,0x42,0x17,0x21,0x00,0x00,0x00,

        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

        0x00,0x00,0x00,0x00,0x00,0x00,0xFE,0x00,0x00,0x4C,0xFC,0xFF,0x42,0x17,0x21,0x00,

        0x42,0x52,0x43,0x4D,0x63,0x66,0x67,0x44,0x00,0x00,0x00,0x00,0xF1,0x39,0x00,0x00,

With the above modification BLE MAC address should be assigned at compile time.

To change BLE MAC address at run time we need to modify the content in APP_CODE (MCU internal flash) before BLE is brought up.

I do  this right after "wiced_init" is called.

#include "waf_platform.h"

extern const uint8_t brcm_patchram_buf[];

platform_write_flash_chunk((uint32_t)&brcm_patchram_buf[OFFSET_TO_MAC], new_mac, 6);

I'm still testing if this cause any further problems, but so far so good.

I'll be happy if this helps anyone, and I'll be appreciated if any bug/fix is provided as feedback.

0 Likes
3 Replies
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Thanks for the contribution xavier@candyhouse

vik86mingweijakewtorresgangi

0 Likes
JeGu_2199941
Level 5
Level 5
25 likes received 10 likes received 10 likes given

I found a issue that "platform_write_flash_chunk" may fail.

reproduce procedure:

1. implement : generate new MAC address every time on boot and try modify APP_CODE by above method.

2.  make target : "<project>-<platform> download run" => it runs as expected

3. reboot by button or make target : "<project>-<platform> run"

4. from now on "platform_write_flash_chunk" always fail

Does anyone know if there is a more reliable way to write MCU internal flash?

0 Likes

I guess there is no simple way to partly modify internal flash arbitrarily.

"platform_write_flash_chunk" assumes the sector is already erased and is only capable of changing bits from 1 to 0.

Thus the run time method in original post may only work ONCE to change MAC address from FF:FF:FF:FF:FF:FF to a new one.

Further execution will only work if new address is different from existing address by "1=>0" bit operations.

0 Likes