openaptx icon indicating copy to clipboard operation
openaptx copied to clipboard

Published 20 hours ago verified publisher icon arkq

AptX Adaptive support #2

Open leleobhz opened this issue 2 years ago • 12 comments

Following up #1 to track aptX Adaptive support.

leleobhz avatar Jul 25 '22 10:07 leleobhz

@Arkq do you already know the .so and binary files that do aptX Adaptive in a phone?

leleobhz avatar Jul 25 '22 10:07 leleobhz

The only library that I've got is this one: https://github.com/Arkq/openaptx/blob/master/archive/qdsp6/capi_v2_aptX_CLHDAD_Encoder.so Unfortunately, it's for QDSP6 platform which is rater nor suitable (for me) for reverse engineering.

arkq avatar Jul 25 '22 10:07 arkq

@Arkq you'll probably won't find ARM or X86 versions of aptX Adaptive library. However, QDSP6 (aka Hexagon DSP) is kinda supported in Ghidra and in Binary Ninja. Here are newer V2.2 and V3 QDSP6 encoder libraries. Looks like V2.2 is the latest aptX Adaptive version, and V3 is called aptX Lossless. As for decoder libraries, it's worse. I do have object files for their Kalimba architecture 4 (used in QCC Bluetooth SoCs), but some of them may be stripped. There exists disassembler for this architecture (well, actually full GNU binutils build is also available as well as compiler).

anonymix007 avatar Aug 18 '22 18:08 anonymix007

The problem with QDSP6 is that the algorithm in there is not as straightforward as in x86/ARM code. I've been checking it in IDA but I was not able to get anything useful (in a timeframe I can invest in that).

arkq avatar Aug 18 '22 19:08 arkq

Can you also take a look at Kalimba versions? I added few examples of object files as well as objdump binary. Maybe it will be easier to add support of Kalimba to i.e. Ghidra and only after that try to reverse it.

UPD: There also exists QEMU for Hexagon. Wonder if it would be possible to just use library as-is instead of reverse engineering it. UPD2: There's also Kalimba simulator software (linux binary also exists), maybe it could be used as well

anonymix007 avatar Aug 18 '22 19:08 anonymix007

Can you also take a look at Kalimba versions?

Yes, these binaries might be reversible at least based on symbols in them. Anyway Kalimba is not a general purpose CPU, so the assembler code might not be easy to read.

arkq avatar Aug 19 '22 04:08 arkq

@arkq I think I found x86 executables for decoding aptX Adaptive (looks like this includes aptX Lossless as well, which seems to be v2.2 of aptX Adaptive) and aptX Voice (so maybe finally better quality for calls). Would you be interested in taking a look into them?

anonymix007 avatar Dec 17 '22 21:12 anonymix007

Yes, I can take a look at it. You can send it on my email or submit PR for this repo with lib added to archives directory. I'm not sure whether I will be able to reverse it to C code in a reasonable time period (I've got lots of other things on my head currently), but at leas I will check how much effort will be required :)

arkq avatar Dec 17 '22 22:12 arkq

@arkq PR was submitted. It will probably be a lot of effort, maybe even more than kalimba ones (they at least have the debug information)

anonymix007 avatar Dec 17 '22 23:12 anonymix007

Do we have progress on this?

Carbon-Axion avatar May 23 '23 16:05 Carbon-Axion

Nope. Maybe if there was Ghidra for Kalimba, it wouldn't be hard to reverse engineer. Using those executables directly (inside of the emulator) might be easier until someone will add it to Ghidra or IDA (ISA docs are not public tho I have them).

anonymix007 avatar May 23 '23 16:05 anonymix007