diff --git a/BrcmPatchRAM/BlueToolFixup.cpp b/BrcmPatchRAM/BlueToolFixup.cpp index a6e3c69..5e8a424 100644 --- a/BrcmPatchRAM/BlueToolFixup.cpp +++ b/BrcmPatchRAM/BlueToolFixup.cpp @@ -48,6 +48,27 @@ bool BlueToolFixup::start(IOService *provider) { static const uint8_t kSkipUpdateFilePathOriginal[] = "/etc/bluetool/SkipBluetoothAutomaticFirmwareUpdate"; static const uint8_t kSkipUpdateFilePathPatched[] = "/System/Library/CoreServices/boot.efi"; + +// Workaround 12.4 Beta 3+ bug where macOS may detect the Bluetooth chipset twice +// Once as internal, and second as an external dongle: +// 'ERROR -- Third Party Dongle has the same address as the internal module' +// Applicable for BCM2046 and BCM2070 chipsets (BT2.1) +static const uint8_t kSkipAddressCheckOriginal[] = +{ + 0x48, 0x89, 0xF3, // mov rbx, rsi + 0xE8, 0xE3, 0xF3, 0xFE, 0xFF, // call sub_1000c5bc6 + 0x85, 0xC0, // test eax, eax + 0x74, 0x1D, // je loc_1000d6804 +}; + +static const uint8_t kSkipAddressCheckPatched[] = +{ + 0x48, 0x89, 0xF3, // mov rbx, rsi + 0xE8, 0xE3, 0xF3, 0xFE, 0xFF, // call sub_1000c5bc6 + 0x85, 0xC0, // test eax, eax + 0x72, 0x1D, // jb short loc_1000d6804 +}; + static const uint8_t kVendorCheckOriginal[] = { 0x81, 0xFA, // cmp edx @@ -131,6 +152,7 @@ static void patched_cs_validate_page(vnode_t vp, memory_object_t pager, memory_o } else if (strcmp(path + dirLength, "bluetoothd") == 0) { searchAndPatch(data, PAGE_SIZE, path, kVendorCheckOriginal, kVendorCheckPatched); + searchAndPatch(data, PAGE_SIZE, path, kSkipAddressCheckOriginal, kSkipAddressCheckPatched); searchAndPatch(data, PAGE_SIZE, path, kBadChipsetCheckOriginal, kBadChipsetCheckPatched); if (shouldPatchBoardId) searchAndPatch(data, PAGE_SIZE, path, boardIdsWithUSBBluetooth[0], kBoardIdSize, BaseDeviceInfo::get().boardIdentifier, kBoardIdSize);