HACK HC-05(BLUETOOTH MODULE) FRIMWARE INTO HID FRIMWARE

-


This post helps you to change the firmware of the hc05 Bluetooth chip into hid enabled Bluetooth chip.

The HID stands for “HUMAN INTERFACE DEVICES” means things like your keyboard, mouse, printer, joysticks, etc.. Drivers get automatically installed in your computer without any external drivers needed.

 The hc05 default don’t have hid capability but, the chip hc05 uses is same clone of chip RN-42 uses (BC417), the RN-42 is an HID enabled chip. We gonna swap the firmware’s of rn42 into hc05.

[NOTE: this particular hc05 chip comes with serial interface in it if you perform this swap it no longer work as serial Bluetooth chip. If you want you can save the firmware of hc05 and re-swap again to work normal].

That being said what are the things we need to perform this task are:

1.  HC05 module for sure (duh!)

2.  RN-42 chip



{Wait if you are performing this task you must be very enthusiastic in electronics or extremely poor then why the hell you gonna buy an rn42 chip for...? don’t worry I’ll give links to rn42 firmware https://github.com/mmshivesh/HC05withHID } 

3.     Zadig software https://zadig.akeo.ie/

4.   FTDI  chip(usb to serial one) and download it driver

 https://github.com/lorf/csr-spi-ftdi

5.  Some 220ohms or 230ohms resistors

6.  Some wires to connect

7.  Solder and solder Iron

8.  Windows 10 pc or windows 7

9.  Csr software “BLUESUIT” to steal firmware

{This csr software is commercial one you gonna need to provide a valid business mail or work mail Gmail or outlook doesn’t works. They’ll verify and gives you access to firmware, but they might or they might not!, I’ll give you link for download the tool

https://drive.google.com/file/d/1d0VRoN2BFZpIo8pR75E049reoKHjuba6/view.}

Steps you need to follow:

1. Solder the wires to FTDI Chip with resistor:

The wires need to be soldered to the ftdi chip with a 220ohms resistors to chip like shown in the diagram.

2. Solder the wires to hc05 chip:

Connect and solder the ftdi soldered wires to hc05 bc417 chip as shown:



3. From ftdi driver folder copy file “usbspi.dll” from “libwin32” and install all software’s (ZADIG, BLUESUIT)




4. Plugin the ftdi first and open zadig program

5. Then go to blue suit installed folder and paste the file (keep the real file for backup by renaming it)




6. Plugin the ftdi first and open zadig program, do this if there is no chip listed in the menu go to the “options” “select all devices” then your device shows up.



7. From the options select the “FT232R UART” and and select the driver as “libusbk”, Then press reinstall driver

8. Then after launch the blue flash tool and press stop processor after its ready then click dump (keep this for backup and save it some folder).






9. PS_TOOL software then select the “SPI BCCMD” under port select   the“FT232R” module then set ok

10. Go to “FILE” then select “dump” and save it in some folder for backup.




11. Then goto the backup folder create a new file “update.psr” then open the “dump.psr” and copy the entries and values, paste it in update.spr



The entries are:

1. PSKEY_BDADDR

2. PSKEY_ANA_FTRIM

3. PSKEY_ANA_FREQ



Then save the files

12. Then again launch the blue suit app and click stop processor and  choose the rn42 firmware file select the rn42.xpv then click download



13. When finished click start processor

 

14. Again launch pstool app select the “SPI BCCMD” under port select the “FT232R” module then set ok.Now we need to change the settings for our new hc05 hid module default they are in rn42 module settings.

 

15. Then goto file select merge navigate to update.psr and select it if you done everything right you’ll see the led behavior changes than before.

 


16. Then use this program from my serial communication blog and upload it to Arduino by connecting it normally like the hc05

https://batlara.blogspot.com/2021/05/how-touse-any-arduino-digital-pins-to.html



17. Then open serial monitor then select “no line ending” then type $$$ and hit send, it should return CMD

Then change serial setting to newline and type SF,1 it should return AOK

Then type s~,6 it should return AOK

Then type SN,YOUR_CHOICE_OF_NAME

Then then type SH,0230 for hid keyboard and mouse combo it returns AOK

Then type R,1 to reboot

Now use your phone or pc to check the Bluetooth the name should be YOUR_CHOICE_OF_NAME popped as keyboard symbol click pair and pair with it



Check it now by select the serial monitor and select no line ending and type anything and hit send.

 


there you go you have hid enabled hc05 you can use it for kind of hid devices just change SH,0230 here is link for commands

https://stackoverflow.com/questions/16243602/arduino-rn-42-bluetooth-module-hid#:~:text=The%20module%20should%20be%20set,set%20it%20to%20keyboard%20mode. 

for further confusion clearance watch this video

https://www.youtube.com/watch?v=y8PcNbAA6AQ 

 

 

 

 

 


Comments

Post a Comment

Popular posts from this blog

HACK AND CLONE CAR KEY FOB, MY EPIC FAILURE...!!

-
Image
In this blog post i'm sharing my experience on cloning the my car key fob signal and how to do it properly. first things frist the cars now a days comes with a wireless remote key where u get atleast 2 or 3 options like lock,unlocking ,trunk(we call it as dickey!!!).....these options let your car access wirelessly and some cars are completly keyless for even driving. the keys of the cars are actually communicating with certain frequency like 433.xxxMHz or some countries uses 315.xxxMHz...the car companies uses an algorithm called " ROLLING CODES "...these are not that esay to crack cause they change every time u press key and once the key transmitted it cannot be used again... but a hacker named "samy kamakar" demonstrated an attack called REPLAY ATTACK where u simply transmitt the signal by recording the key fob away from car or blocking the signal and then recording. so this is how i've tried it..frist i needed to listen to the signals as possible in 10KHz...
Read more

secrets of arduino atmega328p adc

-
Image
In this tutorials i'm gonna tell you all about the adc present in arduino famous boards like UNO,NANO,MINI....the atmega328p chips consist of the " 10-bit resolution adc " inside the uC. The type of adc is used in is  Successive approximation ADC . these are kind are slow but gives good resolution though. let's dig in registers of adc in atmega328p. To read analog input we need The reg " ADMUX ". T he adc reg have a Pin called AREF (adc reference voltage). The gives 10-bit number i.e 0-1023, 0-0V & 1023-5V. it measures using this formula       Vin = (Analog Ref * analogRead() ) / 1024 we need stable AREF voltage we can use internal 1.1V reference or we need to provide a stable voltage anywhere between 0.3V-5V externally. [NOTE: if ur are planning to provide external voltage to aref pin present on arduino uno,nano,mini, the recommended value is less than 5v to be safe on safe side cause the voltage of external 5v source may not be 5v exactly so if it i...
Read more