I am not sure if it has been posted before or not. I've tried searching but then there is no where to be found. In this tutorial , we'll be looking at on how to create dummy kexts that can be used an injectors to inject our device id and vendor id without the need of modifying the actual kext in /System/Library/Extensions. The biggest advantage of it is that we can get to keep the latest kext . This covers up the basic understandings on how you could create your own injector for say your bluetooth.kext or for your SATA.kext or just about anything , even your nVidia.kext. it makes it easier so that you don't have to mess with.

Note : These injectors would only work if they are placed in /Extra/Extensions or in your EFI partition (/Extras). they would not work if its placed in /System/Library/Extensions as obviously these are dummy kexts. I mean if you want to place it in /System/Library/Extensions , wouldn't it be better just to edit the kext and add your device ID

Now lets talk a look at a dummy info.plist and what each string does . I would like to thank TeaTeam for this as I've used this LegacyNC10bluetooth injector as the sample , however I've edited it to make it work for my Bluetooth



Shall we take a look at one key by one key which can be altered. The ones that I do not mention are constants , meaning that you shouldn't alter them unless you know what you're doing

<key>CFBundleDevelopmentRegion</key> - Its generally set to English
<key>CFBundleIdentifier</key>- Its an identifer used by the kext when its loaded (i am not sure how to explain this , I do hope someone with better command of the english language and understanding how this works , would help me to explain it better). I would simply call it loading name, suppose if you made a fix for your wifi (broadcom for instance) you can call it com.<yourname>.<whatever you did>. Generally it has to start with .com.<something>.<whatsthefixabout>
<key>CFBundleName</key> The english name for it , you can say "Bluetooth MSI Wind U100 Fix" or whatever fix that you did. Its up to you
<key>CFBundleInfoDictionaryVersion</key> - The Version number you want to give it. Its up to you. If you gave this 6.0
<key>CFBundleVersion</key> - Again its up to you , if you gave the previous one a 6.0 , then this value should be larger , say something like 6.6.1 or something like that.

Now here comes the Important part , in this case I'll be adding injector information to the CSRBLuetoothkext. So first I've to open a genuine CSRKext to take a look at it. If you're editing Atheros or Broadcom kext , then look inside IO80211Family.kext --> plugins --> AppleBCM. If you're editing nvidia resman , then look at its info.plist

<key> VideoKilledTheRadioStar </key>- This key corresponds to what you're about to inject . You can call it MSIWindu100_bluetooth , nvidia_5200_fix , or anything. in this case I called it as videoKilledtheradiostar, yes it was taken from a song.


Below your key , you would see another list of CFBundleIndentifer , IOClass , IOmatchCategory , IONameMatch , IOProbeScore , IOProviderClass. Now in order for us to find out these values . It may vary from one kext to another kext , but you're able to see it. So let me take a snippet of the original CSR bluetooth kext with an ID


and mine



Notice the similarities , generally i've to take a snippet of how it looks like in the actual kext , copy a <dict> and then change few of the things such as my idProduct and idVendor. For some kexts , its IONameMatch , so just see how the real thing looks like and copy that and just alter it to your device id and to your vendor id and voila. You may want to add IOProbeScore if you wish , so that it gets a higher priority to be loaded , I did not put in this case as its not needed.

The most crucial part is


I've seen some kexts without this part such as Xyz' Atheros Injector they do work fine. However for this bluetooth when i tried removing it , poof it did nothing. It did not inject and my bluetooth did not work. So thats the actual reason why mr tea added this up. To get what this kext needs , look at its original kext , you'll have to copy its OSBundleLibaries to your injector kext. Again it varies from one kext to another.

Bam there you go , thats how you make your very own injector for your device. You don't have to edit any more of your bluetooth kext or patch it up in order for you to get it to work. You can get to enjoy the latest drivers from Apple too. This is how kexts like IOAHCIInjector work. If you want to get more experience on how it works , I suggest you to take a look at some of the popular kexts such as LegacyAppleHDA , IOAHCInjector and see how these dummy kexts work

I've attached a dummy kext that you can look (just in case if you dont have one)

This is my first draft , as I've more spare time. I am be sure to add more spices. Advices from the great gurus , sith lords , jedi masters are always welcomed. I thought of documenting it as it would be useful for someone especially those who still do modify by hand in /S/L/E
 VideoKilledTheRadioStar.kext.zip ( 2.7K ) Number of downloads: 196


Kexts which works great with an "injector/legacy kext"
- NvidiaResMan - generally I got them to load fine in /E/E .
- Broadcom and Atheros wifi kext - as Xyz has done one
- Bluetooth
- AppleYukonKext - seems to be working great with a legacy kext from /E/E

These are the kexts which I've tested which works great with injected value from a dummy kext in /Extra/Extensions



This post has been edited by prasys: Nov 30 2009, 03:08 PM

Great explanation. Question. How can I get it to override a different kext? For instance in Snow Leopard for some reason my D-Link DBT120 is loading AppleUSBBluetoothHCIController.kext instead of CSRUSBBluetoothHCIController.kext. In 10.5 Leopard I know the DBT120 used the CSRUSBBluetoothHCIController.kext and functioned properly. In Snow Leopard it is not.

You can add AppleUSBBluetoothHCIController.kext to blacklist kext , so that it does not get loaded and/or give the injector for CSR Bluetooth a higher iOProbescore so that it gets loaded first

At one point I actually removed the AppleUSBBluetoothHCIController.kext but then I totally lost Bluetooth. Feels like a bug Apple hasn't squashed yet. The real problem is that since Snow Leopard I've lost the "Let this device wake computer option" in the preferences. Bluetooth works fine I just can't wake my computer with my new Magic Mouse.

You also bring up another good topic. You should describe how to make a disabler kext in your tutorial.

This post has been edited by kDawg: Dec 5 2009, 05:01 PM

Old topic, but interesting. This does assume that the driver software is in the kext in /S/L/E, right? OTherwise, it doesn't matter what you inject.

Also, Clover (and Chameleon?) have kext injection. Does this work the same way?

No they do not work the same way. Kext injection injects the kext files into the OS filesystem. Device injection injects the device properties into IODeviceTree.