Wireless communications: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
 
(24 intermediate revisions by 2 users not shown)
Line 84: Line 84:
| MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE  || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi
| MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE  || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi
|-
|-
The communication of the Modem appears to be PCIe, instead of the more common (Used on WWAN modems for laptops.) USB interface. So, the Vita might have PCIe available for use along with USB. In case anyone wants to try putting a mPCIe SSD in it or even hook up an external GPU to the Vita.
</br>
Physical Pin Layout:</br>
    Top</br>
    1                                                    51</br>
      --------| |------------------</br>
      --------| |------------------</br>
    2                                                  52</br>
    Bottom</br>
</br>
</br>
Used pins:</br>
Legend:</br>
        * = Connected</br>
        - = Not Connected</br>
</br>
    Top</br>
    1                                                    51</br>
      ********| |******************</br>
      *******-| |--**--***----*----</br>
    2                                                  52</br>
    Bottom</br>
</br>
</br>
Labled pins (Section incomplete):</br>
    Legend:</br>
        S = Signal Pin</br>
        P = Vcc or GND pin</br>
        U = Signal pin pulled up to Vcc</br>
        D = Signal pin pulled down to GND</br>
        - = Not Connected</br>
</br>
    Top</br>
    1                                                                  51</br>
      DSSDPSPS| |SSPSSSPSDDDDDDDDDS</br>
      PPPSSSS-| |--PP--SSP----P----</br>
    2                                                          52</br>
    Bottom</br>
</br>
</br>
Labled pinout:</br>
    Top:</br>
    1: WAKE#</br>
    3: Reserved (Wireless Coexistence Interface)</br>
    5: Reserved (Wireless Coexistence Interface)</br>
    7: CLKREQ#</br>
    9: GND</br>
    11: REFCLK-</br>
    13: REFCLK+</br>
    15: NC or GND</br>
    -</br>
    17: Reserved</br>
    19: Reserved</br>
    21: GND</br>
    23: PERn0</br>
    25: PERp0</br>
    27: GND</br>
    29: GND</br>
    31: PETn0</br>
    33: PETp0</br>
    35: GND</br>
    37: Reserved (Second PCIe lane. Tied to GND)</br>
    39: Reserved (Second PCIe lane. Tied to GND)</br>
    41: Reserved (Second PCIe lane. Tied to GND)</br>
    43: Reserved (Second PCIe lane. Tied to GND)</br>
    45: Reserved (Second PCIe lane. Tied to GND)</br>
    47: Reserved (Second PCIe lane. Tied to GND)</br>
    49: Reserved (Second PCIe lane. Tied to GND)</br>
    51: Reserved (W_DISABLE2#)</br>
</br>
</br>
    Bottom:</br>
    2: 3.3V</br>
    4: GND</br>
    6: 1.5V</br>
    8: VCC (SIM Card)</br>
    10: I/O (SIM Card)</br>
    12: CLK (SIM Card)</br>
    14: RST (SIM Card)</br>
    -</br>
    22: PERST#</br>
    24: +3.3Vaux</br>
    30: SMB_CLK</br>
    32: SMB_DATA</br>
    34: GND</br>
    44: LED_WLAN#</br>
</code>
|}
|}


Line 90: Line 177:
*[[Components]] (Parent Component is Half Mini PCIe Module)
*[[Components]] (Parent Component is Half Mini PCIe Module)


== [[File:Bluetooth.png|10px]] Bluetooth / [[File:WiFi.png|20px]] WiFi ==


=== Bluetooth ===
== [[File:Bluetooth.png|10px]] Bluetooth ==
Bluetooth is a technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.


An overview of Bluetooth:
*[[Bluetooth]]


*http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth <!-- the formatting on that article is so 1990 -->
== GPS ==
*https://learn.sparkfun.com/tutorials/bluetooth-basics bluetooth basics
*http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems
*http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering


=== Bluetooth radio ===
== [[File:WiFi.png|20px]] WiFi ==


Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):
Module based on Marvell SD8787.
 
Firmware in wlanbt_robin_img_ax.skprx starting at offset 305.
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
| style="background-color:#ffffff; color:#123AAA;" |'''Class'''
| style="background-color:#ffffff; color:#123AAA;" |'''Power'''
| style="background-color:#ffffff; color:#123AAA;" |'''Range'''
|-
| Class 1 || 100mW<br />(20 dBm) || 100m<br />(325ft)
|-
| Class 2 || 2.5mW<br />(4 dBm) || 10m<br />(32ft)
|-
| Class 3 || 1mW<br />(0 dBm) || 1m<br />(3ft)
|-
|}
 
*http://www.instructables.com/id/Increase-and-extend-the-range-of-a-USB-Bluetooth-d/#step0 Increase and extend the range of a USB Bluetooth
 
=== Overlapping channels BT/WiFi ===
 
*[http://www.vitadevwiki.com/index.php?title=File:BT-Wifi-channels.png archaic BT/Wifi channels]
 
{| class="wikitable"
|-
! Center Frequency<br />(2.4xx Ghz) !! BT 2.0<br />Channel !! BT 4.0<br />Channel !! colspan="5" | WiFi channel<br />(center freq. in GHz)
|-
| 00 || rowspan="2" | Guard || rowspan="2" | Guard
|-
| 01 || rowspan="23" style="background-color: #afafaf;" | 1<br />(2.412)
|-
| 02 || 0 || rowspan="2" style="background-color: #6666ff;" | 0
|-
| 03 || 1
|-
| 04 || 2 || rowspan="2" style="background-color: #6666ff;" | 1
|-
| 05 || 3
|-
| 06 || 4 || rowspan="2" style="background-color: #6666ff;" | 2 || rowspan="23" style="background-color: #afafaf;" | 2<br />(2.417)
|-
| 07 || 5
|-
| 08 || 6 || rowspan="2" style="background-color: #6666ff;" | 3
|-
| 09 || 7
|-
| 10 || 8 || rowspan="2" style="background-color: #6666ff;" | 4
|-
| 11 || 9 || rowspan="23" style="background-color: #afafaf;" | 3<br />(2.422)
|-
| 12 || 10 || rowspan="2" style="background-color: #6666ff;" | 5
|-
| 13 || 11
|-
| 14 || 12 || rowspan="2" style="background-color: #6666ff;" | 6
|-
| 15 || 13
|-
| 16 || 14 || rowspan="2" style="background-color: #6666ff;" | 7 || rowspan="23" style="background-color: #afafaf;" | 4<br />(2.427)
|-
| 17 || 15
|-
| 18 || 16 || rowspan="2" style="background-color: #6666ff;" | 8
|-
| 19 || 17
|-
| 20 || 18 || rowspan="2" style="background-color: #6666ff;" | 9
|-
| 21 || 19 || rowspan="23" style="background-color: #afafaf;" | 5<br />(2.432)
|-
| 22 || 20 || rowspan="2" style="background-color: #6666ff;" | 10
|-
| 23 || 21
|-
| 24 || 22 || rowspan="2" style="background-color: #6666ff;" | 11
|-
| 25 || 23
|-
| 26 || 24 || rowspan="2" style="background-color: #6666ff;" | 12 || rowspan="23" style="background-color: #afafaf;" | 6<br />(2.437)
|-
| 27 || 25
|-
| 28 || 26 || rowspan="2" style="background-color: #6666ff;" | 13
|-
| 29 || 27
|-
| 30 || 28 || rowspan="2" style="background-color: #6666ff;" | 14
|-
| 31 || 29 || rowspan="23" style="background-color: #afafaf;" | 7<br />(2.442)
|-
| 32 || 30 || rowspan="2" style="background-color: #6666ff;" | 15
|-
| 33 || 31
|-
| 34 || 32 || rowspan="2" style="background-color: #6666ff;" | 16
|-
| 35 || 33
|-
| 36 || 34 || rowspan="2" style="background-color: #6666ff;" | 17 || rowspan="23" style="background-color: #afafaf;" | 8<br />(2.447)
|-
| 37 || 35
|-
| 38 || 36 || rowspan="2" style="background-color: #6666ff;" | 18
|-
| 39 || 37
|-
| 40 || 38 || rowspan="2" style="background-color: #6666ff;" | 19
|-
| 41 || 39 || rowspan="23" style="background-color: #afafaf;" | 9<br />(2.452)
|-
| 42 || 40 || rowspan="2" style="background-color: #6666ff;" | 20
|-
| 43 || 41
|-
| 44 || 42 || rowspan="2" style="background-color: #6666ff;" | 21
|-
| 45 || 43
|-
| 46 || 44 || rowspan="2" style="background-color: #6666ff;" | 22 || rowspan="23" style="background-color: #afafaf;" | 10<br />(2.457)
|-
| 47 || 45
|-
| 48 || 46 || rowspan="2" style="background-color: #6666ff;" | 23
|-
| 49 || 47
|-
| 50 || 48 || rowspan="2" style="background-color: #6666ff;" | 24
|-
| 51 || 49 || rowspan="23" style="background-color: #afafaf;" | 11<br />(2.462)
|-
| 52 || 50 || rowspan="2" style="background-color: #6666ff;" | 25
|-
| 53 || 51
|-
| 54 || 52 || rowspan="2" style="background-color: #6666ff;" | 26
|-
| 55 || 53
|-
| 56 || 54 || rowspan="2" style="background-color: #6666ff;" | 27 || rowspan="23" style="background-color: #afafaf;" | 12<br />(2.467)
|-
| 57 || 55
|-
| 58 || 56 || rowspan="2" style="background-color: #6666ff;" | 28
|-
| 59 || 57
|-
| 60 || 58 || rowspan="2" style="background-color: #6666ff;" | 29
|-
| 61 || 59 || rowspan="23" style="background-color: #afafaf;" | 13<br />(2.472)
|-
| 62 || 60 || rowspan="2" style="background-color: #6666ff;" | 30
|-
| 63 || 61
|-
| 64 || 62 || rowspan="2" style="background-color: #6666ff;" | 31
|-
| 65 || 63
|-
| 66 || 64 || rowspan="2" style="background-color: #6666ff;" | 32
|-
| 67 || 65
|-
| 68 || 66 || rowspan="2" style="background-color: #6666ff;" | 33
|-
| 69 || 67
|-
| 70 || 68 || rowspan="2" style="background-color: #6666ff;" | 34
|-
| 71 || 69
|-
| 72 || 70 || rowspan="2" style="background-color: #6666ff;" | 35
|-
| 73 || 71
|-
| 74 || 72 || rowspan="2" style="background-color: #6666ff;" | 36
|-
| 75 || 73
|-
| 76 || 74 || rowspan="2" style="background-color: #6666ff;" | 37
|-
| 77 || 75
|-
| 78 || 76 || rowspan="2" style="background-color: #6666ff;" | 38
|-
| 79 || 77
|-
| 80 || 78 || rowspan="2" style="background-color: #6666ff;" | 39
|-
| 81 || rowspan="3" | Guard
|-
| 82 || rowspan="2" | Guard
|-
| 83
|-
|}
 
=== Bluetooth connection ===
 
A PSVita [http://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v2.1_.2B_EDR (Bluetooth v2.1 + EDR)] can connect up to seven (active) Bluetooth® devices at one time.
 
There are three type of (oriented) connections in Bluetooth:
 
*Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
*Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
*Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.
 
=== Device icons ===
 
Shows the types of found Bluetooth® devices using icons.
 
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
| style="background-color:#ffffff; color:#123AAA;" |'''Icon'''
| style="background-color:#ffffff; color:#123AAA;" |'''Device'''
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-logo.jpg|70px]]
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-tv-logo-123aaaa.png|70px]]
|-
| [[File:Bluetooth_Wireless_controller.png]] || Wireless controller || {{No}} || {{Yes}}
|-
| [[File:Bluetooth_BD_Remote_Control.png]] || BD Remote Control || {{No}} || {{Yes}}
|-
| [[File:Bluetooth_computer.png]] || Computer || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_mobile-phone_smartphone.png]] || Mobile phone, smartphone || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_headset.png]] || Headset || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_speakers.png]] || Speakers || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_mouse.png]] || Mouse || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_keyboard.png]] || Keyboard || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_printer.png]] || Printer || {{Yes}} || {{Yes}}
|-
| '''No icon''' || Other devices || {{Yes}} || {{Yes}}
|-
|}
 
=== Bluetooth Profile ===
 
*http://en.wikipedia.org/wiki/List_of_Bluetooth_profiles
 
Bluetooth® devices that support the following profile can be paired with your system:
 
*[https://developer.bluetooth.org/TechnologyOverview/Pages/A2DP.aspx A2DP (Advanced Audio Distribution Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/AVRCP.aspx AVRCP (Audio/Video Remote Control Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HSP.aspx HSP (Headset Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HID.aspx HID (Human Interface Device Profile)]
*HFP (3G model only?), PBAP (3G model only?)?
 
By using the Object Push Profile (OPP), on [[Template:Firmware_revisions|Firmware]] 3.18,  the attempts forcing the connection to the Vita will give a loophole .
 
===== A2DP =====
 
===== AVRCP =====
 
===== HSP =====
 
===== HID =====
 
===== OPP =====
 
OPP defines the roles of push server and push client. These roles are analogous to and must interoperate with the server and client device roles that GOEP defines.
 
The Object Push Profile (OPP) provides basic functions for exchange of binary objects, mainly used for vCards in Bluetooth.
 
vCard is a file format standard for electronic business cards. Since vCards are not worth being especially protected, no authorisation procedure is performed before OPP transactions.
 
Supported OBEX commands are connect, disconnect, put, get and abort.
 
====== Usage Scenarios ======
 
An example scenario would be the exchange of a contact or appointment between two mobile phones, or a mobile phone and a PC.
 
=== Bluetooth Adressing ===
 
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
 
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
|colspan="6"|'''Company_assigned'''
|colspan="6"|'''Company_id'''
|-
|colspan="6"|'''L'''ower '''A'''dress '''P'''art (24-bit)<br />transmitted with every packet as part of the packet header
|colspan="2"|'''U'''pper '''A'''dress '''P'''art  (8-bit)<br />
|colspan="4"|'''N'''on-Significant '''A'''dress '''P'''art (16-bit)<br />[http://standards-oui.ieee.org/oui.txt assigned  publicly by the IEEE]
|-
!width="70"|<sub>lsb</sub>xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx<sup>msb</sup>
|-
|}
 
=== Class of Device/Service (CoD) ===
 
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.
 
The PlayStation Vita PCH-2000 has a [https://www.bluetooth.org/en-us/specification/assigned-numbers/baseband class of Device/Service (CoD)] 0x3e0100:
 
*Major Service Class : Networking (LAN, Ad hoc etc)  (0x20000)
*Major Service Class : Rendering (printing, speaker etc)  (0x40000)
*Major Service Class : Capturing (scanner, microphone etc) (0x80000)
*Major Service Class : Object Transfer (v-inbox, v-folder etc) (0x100000)
*Major Service Class : Audio (speaker, microphone, headset service etc) (0x200000)
 
*Major Device Class : Computer (desktop,notebook, PDA, organizers etc ) (0x100)
 
*Minor Device Class : Uncategorized, code for device not assigned
 
<small>(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)</small>

Latest revision as of 15:17, 6 December 2022


PSVITA PCH-1101 Wireless card
ZOE_MP wireless card with EMI shields
ZOE_MP measurement
ZOE_MP wireless card
Antenna Position (PCH-1100)
Antenna Position (PCH-2000)

Wireless card[edit | edit source]

ZOE_MP wireless card backside
Model Board Modem SDRAM Antenna Switch Module
PCH1101 ZOE_MP
backside
[] Qualcomm MDM6200 [] Toshiba TY890A111222KA
[] Sony CXM3555ER
--- --- --- --- ---
ZOE_MP wireless card frontside
Model Board Power Management Power Amplifier Module Power Amplifier Module Power Amplifier Module Power Amplifier Module Power Amplifier Module SAW Duplexer
PCH1101 ZOE_MP
front
[] Qualcomm PM8028 [] Avago ACPM-7868
GSM850/900 bands
DCS1800/PCS1900 bands
[] Avago ACPM-5001
UMTS band: 1
CDMA band: 6
[] Avago ACPM-5008
UMTS band: 8
[] Avago ACPM-5002
UMTS band: 2
[] Avago ACPM-5005
UMTS band: 5
CDMA BC0
[] Epcos 7964
--- --- --- --- --- --- --- --- ---

On motherboard backside, there are a Marvell 88W878S-BKB2 Avastar WLAN/Bluetooth/FM Single-Chip SoC.

Point Of Interest: On early manufactured Stock Keeping Units (mostly with release firmware such as 1.06) there is a known issue with faulty 3G sub boards. For more information on how to remedy check the errors page: C2-9693-7.


Gallery[edit | edit source]

Mobile Data Modem[edit | edit source]

Qualcomm Gobi is a family of embedded mobile broadband modem products by Qualcomm. One of the more notable products that contain a Gobi modem is the PSVita, which contains a MDM6200™ (note:the MDM6600 got closer specs than the MDM6270).

The communication of the Modem appears to be PCIe, instead of the more common (Used on WWAN modems for laptops.) USB interface. So, the Vita might have PCIe available for use along with USB. In case anyone wants to try putting a mPCIe SSD in it or even hook up an external GPU to the Vita.
Physical Pin Layout:
Top
1 51
--------| |------------------
--------| |------------------
2 52
Bottom


Used pins:
Legend:
* = Connected
- = Not Connected

Top
1 51
********| |******************
*******-| |--**--***----*----
2 52
Bottom


Labled pins (Section incomplete):
Legend:
S = Signal Pin
P = Vcc or GND pin
U = Signal pin pulled up to Vcc
D = Signal pin pulled down to GND
- = Not Connected

Top
1 51
DSSDPSPS| |SSPSSSPSDDDDDDDDDS
PPPSSSS-| |--PP--SSP----P----
2 52
Bottom


Labled pinout:
Top:
1: WAKE#
3: Reserved (Wireless Coexistence Interface)
5: Reserved (Wireless Coexistence Interface)
7: CLKREQ#
9: GND
11: REFCLK-
13: REFCLK+
15: NC or GND
-
17: Reserved
19: Reserved
21: GND
23: PERn0
25: PERp0
27: GND
29: GND
31: PETn0
33: PETp0
35: GND
37: Reserved (Second PCIe lane. Tied to GND)
39: Reserved (Second PCIe lane. Tied to GND)
41: Reserved (Second PCIe lane. Tied to GND)
43: Reserved (Second PCIe lane. Tied to GND)
45: Reserved (Second PCIe lane. Tied to GND)
47: Reserved (Second PCIe lane. Tied to GND)
49: Reserved (Second PCIe lane. Tied to GND)
51: Reserved (W_DISABLE2#)


Bottom:
2: 3.3V
4: GND
6: 1.5V
8: VCC (SIM Card)
10: I/O (SIM Card)
12: CLK (SIM Card)
14: RST (SIM Card)
-
22: PERST#
24: +3.3Vaux
30: SMB_CLK
32: SMB_DATA
34: GND
44: LED_WLAN#
Individual Chipsets IMT-2000 Modem Peak Data Rates Application Processor Voice GPS USB Wifi
MDM6200 3G HSPA+, GSM/GPRS/EDGE Up to 14Mbps No Yes gpsOneGen 8 with GLONASS USB 2.0 HS Peripheral or Host Supported with External Wifi

Related articles[edit | edit source]

  • Components (Parent Component is Half Mini PCIe Module)


Bluetooth.png Bluetooth[edit | edit source]

GPS[edit | edit source]

WiFi.png WiFi[edit | edit source]

Module based on Marvell SD8787. Firmware in wlanbt_robin_img_ax.skprx starting at offset 305.