Alex CamiloI repeaded the sequence of reads and writes exactly.
Writing a full 16 bytes of key, reading a few times, and then setting 0xfb to 01 seems to yeald results.
The tablet is now spitting out 6 bytes that change with the stylus. I need to fix my decryption function or try the 0xfb 01 trick in unencrypted mode before i can begin decoding stuff.
Accessory Bytes: FD 5A 4D 51 0E 5E Accessory Bytes: 10 43 75 5E 0E DE Accessory Bytes: A7 42 AC 53 48 DA Accessory Bytes: 9D 42 A5 52 5A D5 Accessory Bytes: 58 42 65 52 BE D5 Accessory Bytes: 59 42 7E 52 78 D5 Accessory Bytes: 5B 42 40 52 25 DA Accessory Bytes: 44 42 AE 52 01 D5 Accessory Bytes: 7A 42 15 53 AA D5 Accessory Bytes: 9B 42 EE 53 3E D5 Accessory Bytes: AE 42 ED 53 78 D4This is the startup procedure so far. I'm not sure how much of these extra delays or reads i need. I was tryig to match what the wii does.
Serial.println("enc start");
// to start, init in unenc mode
_writeRegister(0xF0, 0x55);
_writeRegister(0xFB, 0x00);
delay(100);
_burstReadWithAddress(0xfa);
delay(100);
_writeRegister(0xF0, 0xAA); // enable enc mode?
delay(90);
_burstWriteWithAddress(0x40,_key_table_1,8);
_burstWriteWithAddress(0x48,_key_table_1+0x8,8);
delay(100);
_burstReadWithAddress(0x20);
_burstReadWithAddress(0x28);
delay(100);
_burstReadWithAddress(0x30);
_burstReadWithAddress(0x38);
delay(100);
_burstReadWithAddress(0x00);
delay(100);
_burstReadWithAddress(0x00);
delay(100);
_writeRegister(0xfb,0x01);
_burstReadWithAddress(0x00);
delay(100);
_burstReadWithAddress(0x00);
delay(100);
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.