Editing Wireless communications
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 2: | Line 2: | ||
[[File:PSVita-wireless-card.jpg| | [[File:PSVita-wireless-card.jpg|250px|thumb|right|PSVITA PCH-1101 Wireless card]] | ||
[[File:Wireless-card-ZOE-MP-EMI-shields.jpg| | [[File:Wireless-card-ZOE-MP-EMI-shields.jpg|200px|thumb|right|ZOE_MP wireless card with EMI shields]] | ||
[[File:ZOE_MP-Measurement.jpg|200px|thumb|right|ZOE_MP measurement]] | [[File:ZOE_MP-Measurement.jpg|200px|thumb|right|ZOE_MP measurement]] | ||
Line 12: | Line 12: | ||
[[File:Antenna-position.png|200px|thumb|right|Antenna Position (PCH-1100)]] | [[File:Antenna-position.png|200px|thumb|right|Antenna Position (PCH-1100)]] | ||
[[File:Antenna.png| | [[File:Antenna.png|130px|thumb|right|Antenna Position (PCH-2000)]] | ||
== Wireless card == | == Wireless card == | ||
Line 44: | Line 44: | ||
!! style="background-color:#ffffff; color:#123AAA;" |Power Amplifier Module | !! style="background-color:#ffffff; color:#123AAA;" |Power Amplifier Module | ||
!! style="background-color:#ffffff; color:#123AAA;" |Power Amplifier Module | !! style="background-color:#ffffff; color:#123AAA;" |Power Amplifier Module | ||
!! style="background-color:#ffffff; color:#123AAA;" | | !! style="background-color:#ffffff; color:#123AAA;" |Duplexer | ||
|- | |- | ||
| style="background-color:#ffffff; color:#123AAA;" |PCH1101 || style="background-color:#ffffff; color:#123AAA;" |ZOE_MP<br /> front || <span style="background:red">[]</span> Qualcomm PM8028 || <span style="background:orange">[]</span> [http://www.avagotech.com/docs/AV02-2665EN Avago ACPM-7868]<br /> [http://en.wikipedia.org/wiki/GSM_frequency_bands GSM850/900 bands]<br /> DCS1800/PCS1900 bands || <span style="background:Aqua">[]</span> [http://www.avagotech.com/docs/AV02-2476EN Avago ACPM-5001]<br /> [http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 1] <br />CDMA band: 6 || <span style="background:black">[]</span> [http://www.avagotech.com/docs/AV02-2480EN Avago ACPM-5008] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 8] || <span style="background:blue">[]</span> [http://www.avagotech.com/docs/AV02-2477EN Avago ACPM-5002] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 2] || <span style="background:purple">[]</span> [http://www.avagotech.com/docs/AV02-2479EN Avago ACPM-5005] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 5] <br />CDMA BC0 || <span style="background:yellow">[]</span> [http://en.tdk.eu/inf/40/ds/mc/B7964.pdf Epcos 7964] | | style="background-color:#ffffff; color:#123AAA;" |PCH1101 || style="background-color:#ffffff; color:#123AAA;" |ZOE_MP<br /> front || <span style="background:red">[]</span> Qualcomm PM8028 || <span style="background:orange">[]</span> [http://www.avagotech.com/docs/AV02-2665EN Avago ACPM-7868]<br /> [http://en.wikipedia.org/wiki/GSM_frequency_bands GSM850/900 bands]<br /> DCS1800/PCS1900 bands || <span style="background:Aqua">[]</span> [http://www.avagotech.com/docs/AV02-2476EN Avago ACPM-5001]<br /> [http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 1] <br />CDMA band: 6 || <span style="background:black">[]</span> [http://www.avagotech.com/docs/AV02-2480EN Avago ACPM-5008] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 8] || <span style="background:blue">[]</span> [http://www.avagotech.com/docs/AV02-2477EN Avago ACPM-5002] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 2] || <span style="background:purple">[]</span> [http://www.avagotech.com/docs/AV02-2479EN Avago ACPM-5005] <br />[http://en.wikipedia.org/wiki/UMTS_frequency_bands UMTS band: 5] <br />CDMA BC0 || <span style="background:yellow">[]</span> [http://en.tdk.eu/inf/40/ds/mc/B7964.pdf Epcos 7964] | ||
Line 56: | Line 56: | ||
Point Of Interest: On early manufactured [[SKU_Models|Stock Keeping Units]] (mostly with release firmware such as 1.06) there is a known issue with faulty 3G sub boards. For more information on how to remedy check the [[Error_Codes#C2|errors page]]: C2-9693-7. | Point Of Interest: On early manufactured [[SKU_Models|Stock Keeping Units]] (mostly with release firmware such as 1.06) there is a known issue with faulty 3G sub boards. For more information on how to remedy check the [[Error_Codes#C2|errors page]]: C2-9693-7. | ||
<gallery> | <gallery> | ||
Line 63: | Line 61: | ||
File:Playstation-vita-comm-back-web.jpg|ZOE_MP front (labelled as back by TECHINSIGHTS.com) | File:Playstation-vita-comm-back-web.jpg|ZOE_MP front (labelled as back by TECHINSIGHTS.com) | ||
File:PM8028_HG11-VK495-200_diemrk.jpg|Qualcomm PM8028 die mark | File:PM8028_HG11-VK495-200_diemrk.jpg|Qualcomm PM8028 die mark | ||
</gallery> | </gallery> | ||
=== Mobile Data Modem === | === Mobile Data Modem === | ||
Qualcomm Gobi is a family of embedded mobile broadband modem products by Qualcomm. One of the more notable products that contain a Gobi modem is the PSVita, which contains a MDM6200™. | |||
{| class="wikitable" style="text-align: center;border:3px double #123AAA;" | {| class="wikitable" style="text-align: center;border:3px double #123AAA;" | ||
Line 84: | Line 81: | ||
| MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi | | MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi | ||
|- | |- | ||
|} | |} | ||
=== Related articles === | === Related articles === | ||
*[[Components]] ( | *[[Components]]) | ||
== [[File:Bluetooth.png|10px]] Bluetooth / [[File:WiFi.png|20px]] WiFi == | |||
=== Bluetooth === | |||
Bluetooth is a technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters. | |||
An overview of Bluetooth: | |||
*http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth <!-- the formatting on that article is so 1990 --> | |||
*http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems | |||
*http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering | |||
=== Bluetooth radio === | |||
Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range): | |||
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;" | |||
|- | |||
| style="background-color:#ffffff; color:#123AAA;" |'''Class''' | |||
| style="background-color:#ffffff; color:#123AAA;" |'''Power''' | |||
| style="background-color:#ffffff; color:#123AAA;" |'''Range''' | |||
|- | |||
| Class 1 || 100mW<br />(20 dBm) || 100m<br />(325ft) | |||
|- | |||
| Class 2 || 2.5mW<br />(4 dBm) || 10m<br />(32ft) | |||
|- | |||
| Class 3 || 1mW<br />(0 dBm) || 1m<br />(3ft) | |||
|- | |||
|} | |||
*http://www.instructables.com/id/Increase-and-extend-the-range-of-a-USB-Bluetooth-d/#step0 Increase and extend the range of a USB Bluetooth | |||
=== Overlapping channels BT/WiFi === | |||
*[http://www.vitadevwiki.com/index.php?title=File:BT-Wifi-channels.png archaic BT/Wifi channels] | |||
{| class="wikitable" | |||
|- | |||
! Center Frequency<br />(2.4xx Ghz) !! BT 2.0<br />Channel !! BT 4.0<br />Channel !! colspan="5" | WiFi channel<br />(center freq. in GHz) | |||
|- | |||
| 00 || rowspan="2" | Guard || rowspan="2" | Guard | |||
|- | |||
| 01 || rowspan="23" style="background-color: #afafaf;" | 1<br />(2.412) | |||
|- | |||
| 02 || 0 || rowspan="2" style="background-color: #6666ff;" | 0 | |||
|- | |||
| 03 || 1 | |||
|- | |||
| 04 || 2 || rowspan="2" style="background-color: #6666ff;" | 1 | |||
|- | |||
| 05 || 3 | |||
|- | |||
| 06 || 4 || rowspan="2" style="background-color: #6666ff;" | 2 || rowspan="23" style="background-color: #afafaf;" | 2<br />(2.417) | |||
|- | |||
| 07 || 5 | |||
|- | |||
| 08 || 6 || rowspan="2" style="background-color: #6666ff;" | 3 | |||
|- | |||
| 09 || 7 | |||
|- | |||
| 10 || 8 || rowspan="2" style="background-color: #6666ff;" | 4 | |||
|- | |||
| 11 || 9 || rowspan="23" style="background-color: #afafaf;" | 3<br />(2.422) | |||
|- | |||
| 12 || 10 || rowspan="2" style="background-color: #6666ff;" | 5 | |||
|- | |||
| 13 || 11 | |||
|- | |||
| 14 || 12 || rowspan="2" style="background-color: #6666ff;" | 6 | |||
|- | |||
| 15 || 13 | |||
|- | |||
| 16 || 14 || rowspan="2" style="background-color: #6666ff;" | 7 || rowspan="23" style="background-color: #afafaf;" | 4<br />(2.427) | |||
|- | |||
| 17 || 15 | |||
|- | |||
| 18 || 16 || rowspan="2" style="background-color: #6666ff;" | 8 | |||
|- | |||
| 19 || 17 | |||
|- | |||
| 20 || 18 || rowspan="2" style="background-color: #6666ff;" | 9 | |||
|- | |||
| 21 || 19 || rowspan="23" style="background-color: #afafaf;" | 5<br />(2.432) | |||
|- | |||
| 22 || 20 || rowspan="2" style="background-color: #6666ff;" | 10 | |||
|- | |||
| 23 || 21 | |||
|- | |||
| 24 || 22 || rowspan="2" style="background-color: #6666ff;" | 11 | |||
|- | |||
| 25 || 23 | |||
|- | |||
| 26 || 24 || rowspan="2" style="background-color: #6666ff;" | 12 || rowspan="23" style="background-color: #afafaf;" | 6<br />(2.437) | |||
|- | |||
| 27 || 25 | |||
|- | |||
| 28 || 26 || rowspan="2" style="background-color: #6666ff;" | 13 | |||
|- | |||
| 29 || 27 | |||
|- | |||
| 30 || 28 || rowspan="2" style="background-color: #6666ff;" | 14 | |||
|- | |||
| 31 || 29 || rowspan="23" style="background-color: #afafaf;" | 7<br />(2.442) | |||
|- | |||
| 32 || 30 || rowspan="2" style="background-color: #6666ff;" | 15 | |||
|- | |||
| 33 || 31 | |||
|- | |||
| 34 || 32 || rowspan="2" style="background-color: #6666ff;" | 16 | |||
|- | |||
| 35 || 33 | |||
|- | |||
| 36 || 34 || rowspan="2" style="background-color: #6666ff;" | 17 || rowspan="23" style="background-color: #afafaf;" | 8<br />(2.447) | |||
|- | |||
| 37 || 35 | |||
|- | |||
| 38 || 36 || rowspan="2" style="background-color: #6666ff;" | 18 | |||
|- | |||
| 39 || 37 | |||
|- | |||
| 40 || 38 || rowspan="2" style="background-color: #6666ff;" | 19 | |||
|- | |||
| 41 || 39 || rowspan="23" style="background-color: #afafaf;" | 9<br />(2.452) | |||
|- | |||
| 42 || 40 || rowspan="2" style="background-color: #6666ff;" | 20 | |||
|- | |||
| 43 || 41 | |||
|- | |||
| 44 || 42 || rowspan="2" style="background-color: #6666ff;" | 21 | |||
|- | |||
| 45 || 43 | |||
|- | |||
| 46 || 44 || rowspan="2" style="background-color: #6666ff;" | 22 || rowspan="23" style="background-color: #afafaf;" | 10<br />(2.457) | |||
|- | |||
| 47 || 45 | |||
|- | |||
| 48 || 46 || rowspan="2" style="background-color: #6666ff;" | 23 | |||
|- | |||
| 49 || 47 | |||
|- | |||
| 50 || 48 || rowspan="2" style="background-color: #6666ff;" | 24 | |||
|- | |||
| 51 || 49 || rowspan="23" style="background-color: #afafaf;" | 11<br />(2.462) | |||
|- | |||
| 52 || 50 || rowspan="2" style="background-color: #6666ff;" | 25 | |||
|- | |||
| 53 || 51 | |||
|- | |||
| 54 || 52 || rowspan="2" style="background-color: #6666ff;" | 26 | |||
|- | |||
| 55 || 53 | |||
|- | |||
| 56 || 54 || rowspan="2" style="background-color: #6666ff;" | 27 || rowspan="23" style="background-color: #afafaf;" | 12<br />(2.467) | |||
|- | |||
| 57 || 55 | |||
|- | |||
| 58 || 56 || rowspan="2" style="background-color: #6666ff;" | 28 | |||
|- | |||
| 59 || 57 | |||
|- | |||
| 60 || 58 || rowspan="2" style="background-color: #6666ff;" | 29 | |||
|- | |||
| 61 || 59 || rowspan="23" style="background-color: #afafaf;" | 13<br />(2.472) | |||
|- | |||
| 62 || 60 || rowspan="2" style="background-color: #6666ff;" | 30 | |||
|- | |||
| 63 || 61 | |||
|- | |||
| 64 || 62 || rowspan="2" style="background-color: #6666ff;" | 31 | |||
|- | |||
| 65 || 63 | |||
|- | |||
| 66 || 64 || rowspan="2" style="background-color: #6666ff;" | 32 | |||
|- | |||
| 67 || 65 | |||
|- | |||
| 68 || 66 || rowspan="2" style="background-color: #6666ff;" | 33 | |||
|- | |||
| 69 || 67 | |||
|- | |||
| 70 || 68 || rowspan="2" style="background-color: #6666ff;" | 34 | |||
|- | |||
| 71 || 69 | |||
|- | |||
| 72 || 70 || rowspan="2" style="background-color: #6666ff;" | 35 | |||
|- | |||
| 73 || 71 | |||
|- | |||
| 74 || 72 || rowspan="2" style="background-color: #6666ff;" | 36 | |||
|- | |||
| 75 || 73 | |||
|- | |||
| 76 || 74 || rowspan="2" style="background-color: #6666ff;" | 37 | |||
|- | |||
| 77 || 75 | |||
|- | |||
| 78 || 76 || rowspan="2" style="background-color: #6666ff;" | 38 | |||
|- | |||
| 79 || 77 | |||
|- | |||
| 80 || 78 || rowspan="2" style="background-color: #6666ff;" | 39 | |||
|- | |||
| 81 || rowspan="3" | Guard | |||
|- | |||
| 82 || rowspan="2" | Guard | |||
|- | |||
| 83 | |||
|- | |||
|} | |||
=== Bluetooth connection === | |||
A PSVita [http://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v2.1_.2B_EDR (Bluetooth v2.1 + EDR)] can connect up to seven (active) Bluetooth® devices at one time. | |||
There are three type of connections in Bluetooth: | |||
*Single-slave: a point-to-point connection (only 2 Bluetooth units involved) | |||
*Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves. | |||
*Scatternet: Multiple piconets with overlapping coverage areas form a scatternet. | |||
=== Device icons === | |||
Shows the types of found Bluetooth® devices using icons. | |||
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;" | |||
|- | |||
| style="background-color:#ffffff; color:#123AAA;" |'''Icon''' | |||
| style="background-color:#ffffff; color:#123AAA;" |'''Device''' | |||
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-logo.jpg|70px]] | |||
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-tv-logo-123aaaa.png|70px]] | |||
|- | |||
| [[File:Bluetooth_Wireless_controller.png]] || Wireless controller || {{No}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_BD_Remote_Control.png]] || BD Remote Control || {{No}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_computer.png]] || Computer || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_mobile-phone_smartphone.png]] || Mobile phone, smartphone || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_headset.png]] || Headset || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_speakers.png]] || Speakers || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_mouse.png]] || Mouse || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_keyboard.png]] || Keyboard || {{Yes}} || {{Yes}} | |||
|- | |||
| [[File:Bluetooth_printer.png]] || Printer || {{Yes}} || {{Yes}} | |||
|- | |||
| '''No icon''' || Other devices || {{Yes}} || {{Yes}} | |||
|- | |||
|} | |||
=== Bluetooth Profile === | |||
*http://en.wikipedia.org/wiki/List_of_Bluetooth_profiles | |||
Bluetooth® devices that support the following profile can be paired with your system: | |||
*[https://developer.bluetooth.org/TechnologyOverview/Pages/A2DP.aspx A2DP (Advanced Audio Distribution Profile)] | |||
*[https://developer.bluetooth.org/TechnologyOverview/Pages/AVRCP.aspx AVRCP (Audio/Video Remote Control Profile)] | |||
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HSP.aspx HSP (Headset Profile)] | |||
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HID.aspx HID (Human Interface Device Profile)] | |||
*HFP (3G model only?), PBAP (3G model only?)? | |||
By using the Object Push Profile (OPP), on [[Template:Firmware_revisions|Firmware]] 3.18, the attempts forcing the connection to the Vita will give a loophole . | |||
=== Bluetooth Adressing === | |||
Each Bluetooth unit has a unique 48-bit address (BD_ADDR). | |||
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;" | |||
|- | |||
|colspan="6"|'''Company_assigned''' | |||
|colspan="6"|'''Company_id''' | |||
|- | |||
|colspan="6"|'''L'''ower '''A'''dress '''P'''art (24-bit)<br />transmitted with every packet as part of the packet header | |||
|colspan="2"|'''U'''pper '''A'''dress '''P'''art (8-bit)<br /> | |||
|colspan="4"|'''N'''on-Significant '''A'''dress '''P'''art (16-bit)<br />[http://standards-oui.ieee.org/oui.txt assigned publicly by the IEEE] | |||
|- | |||
!width="70"|<sub>lsb</sub>xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx | |||
!width="70"|xxxx<sup>msb</sup> | |||
|- | |||
|} | |||
=== Class of Device/Service (CoD) === | |||
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want. | |||
The PlayStation Vita PCH-2000 has a [https://www.bluetooth.org/en-us/specification/assigned-numbers/baseband class of Device/Service (CoD)] 0x3e0100: | |||
* | *Major Service Class : Networking (LAN, Ad hoc etc) (0x20000) | ||
*Major Service Class : Rendering (printing, speaker etc) (0x40000) | |||
*Major Service Class : Capturing (scanner, microphone etc) (0x80000) | |||
*Major Service Class : Object Transfer (v-inbox, v-folder etc) (0x100000) | |||
*Major Service Class : Audio (speaker, microphone, headset service etc) (0x200000) | |||
*Major Device Class : Computer (desktop,notebook, PDA, organizers etc ) (0x100) | |||
*Minor Device Class : Uncategorized, code for device not assigned | |||
<small>(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)</small> | |||