Wireless communications: Difference between revisions
m (→Bluetooth) |
|||
Line 101: | Line 101: | ||
*http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems | *http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems | ||
*http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering | *http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering | ||
*http://gsyc.es/~anto/ubicuos2/bluetooth_security_and_hacks.pdf Bluetooth Security & Hacks | |||
=== Bluetooth radio === | === Bluetooth radio === |
Revision as of 15:43, 15 June 2015
Wireless card
Model | Board | Modem | SDRAM | Antenna Switch Module |
---|---|---|---|---|
PCH1101 | ZOE_MP backside |
[] Qualcomm MDM6200 | [] Toshiba TY890A111222KA |
[] Sony CXM3555ER |
--- | --- | --- | --- | --- |
Model | Board | Power Management | Power Amplifier Module | Power Amplifier Module | Power Amplifier Module | Power Amplifier Module | Power Amplifier Module | SAW Duplexer |
---|---|---|---|---|---|---|---|---|
PCH1101 | ZOE_MP front |
[] Qualcomm PM8028 | [] Avago ACPM-7868 GSM850/900 bands DCS1800/PCS1900 bands |
[] Avago ACPM-5001 UMTS band: 1 CDMA band: 6 |
[] Avago ACPM-5008 UMTS band: 8 |
[] Avago ACPM-5002 UMTS band: 2 |
[] Avago ACPM-5005 UMTS band: 5 CDMA BC0 |
[] Epcos 7964 |
--- | --- | --- | --- | --- | --- | --- | --- | --- |
On motherboard backside, there are a Marvell 88W878S-BKB2 Avastar WLAN/Bluetooth/FM Single-Chip SoC.
Point Of Interest: On early manufactured Stock Keeping Units (mostly with release firmware such as 1.06) there is a known issue with faulty 3G sub boards. For more information on how to remedy check the errors page: C2-9693-7.
Gallery
Mobile Data Modem
Qualcomm Gobi is a family of embedded mobile broadband modem products by Qualcomm. One of the more notable products that contain a Gobi modem is the PSVita, which contains a MDM6200™ (note:the MDM6600 got closer specs than the MDM6270).
Individual Chipsets | IMT-2000 | Modem | Peak Data Rates | Application Processor | Voice | GPS | USB | Wifi |
MDM6200 | 3G | HSPA+, GSM/GPRS/EDGE | Up to 14Mbps | No | Yes | gpsOneGen 8 with GLONASS | USB 2.0 HS Peripheral or Host | Supported with External Wifi |
Related articles
- Components (Parent Component is Half Mini PCIe Module)
Bluetooth / WiFi
Bluetooth
Bluetooth is a technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.
An overview of Bluetooth:
- http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth
- https://learn.sparkfun.com/tutorials/bluetooth-basics bluetooth basics
- http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems
- http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering
- http://gsyc.es/~anto/ubicuos2/bluetooth_security_and_hacks.pdf Bluetooth Security & Hacks
Bluetooth radio
Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):
Class | Power | Range |
Class 1 | 100mW (20 dBm) |
100m (325ft) |
Class 2 | 2.5mW (4 dBm) |
10m (32ft) |
Class 3 | 1mW (0 dBm) |
1m (3ft) |
- http://www.instructables.com/id/Increase-and-extend-the-range-of-a-USB-Bluetooth-d/#step0 Increase and extend the range of a USB Bluetooth
- http://trifinite.org/trifinite_stuff_lds.html Long Distance Snarf showed that the range of Class 2 Bluetooth radios could be extended to 1.78 km (1.11 mi) with directional antennas and signal amplifiers.
Overlapping channels BT/WiFi
Center Frequency (2.4xx Ghz) |
BT 2.0 Channel |
BT 4.0 Channel |
WiFi channel (center freq. in GHz) | ||||
---|---|---|---|---|---|---|---|
00 | Guard | Guard | |||||
01 | 1 (2.412) | ||||||
02 | 0 | 0 | |||||
03 | 1 | ||||||
04 | 2 | 1 | |||||
05 | 3 | ||||||
06 | 4 | 2 | 2 (2.417) | ||||
07 | 5 | ||||||
08 | 6 | 3 | |||||
09 | 7 | ||||||
10 | 8 | 4 | |||||
11 | 9 | 3 (2.422) | |||||
12 | 10 | 5 | |||||
13 | 11 | ||||||
14 | 12 | 6 | |||||
15 | 13 | ||||||
16 | 14 | 7 | 4 (2.427) | ||||
17 | 15 | ||||||
18 | 16 | 8 | |||||
19 | 17 | ||||||
20 | 18 | 9 | |||||
21 | 19 | 5 (2.432) | |||||
22 | 20 | 10 | |||||
23 | 21 | ||||||
24 | 22 | 11 | |||||
25 | 23 | ||||||
26 | 24 | 12 | 6 (2.437) | ||||
27 | 25 | ||||||
28 | 26 | 13 | |||||
29 | 27 | ||||||
30 | 28 | 14 | |||||
31 | 29 | 7 (2.442) | |||||
32 | 30 | 15 | |||||
33 | 31 | ||||||
34 | 32 | 16 | |||||
35 | 33 | ||||||
36 | 34 | 17 | 8 (2.447) | ||||
37 | 35 | ||||||
38 | 36 | 18 | |||||
39 | 37 | ||||||
40 | 38 | 19 | |||||
41 | 39 | 9 (2.452) | |||||
42 | 40 | 20 | |||||
43 | 41 | ||||||
44 | 42 | 21 | |||||
45 | 43 | ||||||
46 | 44 | 22 | 10 (2.457) | ||||
47 | 45 | ||||||
48 | 46 | 23 | |||||
49 | 47 | ||||||
50 | 48 | 24 | |||||
51 | 49 | 11 (2.462) | |||||
52 | 50 | 25 | |||||
53 | 51 | ||||||
54 | 52 | 26 | |||||
55 | 53 | ||||||
56 | 54 | 27 | 12 (2.467) | ||||
57 | 55 | ||||||
58 | 56 | 28 | |||||
59 | 57 | ||||||
60 | 58 | 29 | |||||
61 | 59 | 13 (2.472) | |||||
62 | 60 | 30 | |||||
63 | 61 | ||||||
64 | 62 | 31 | |||||
65 | 63 | ||||||
66 | 64 | 32 | |||||
67 | 65 | ||||||
68 | 66 | 33 | |||||
69 | 67 | ||||||
70 | 68 | 34 | |||||
71 | 69 | ||||||
72 | 70 | 35 | |||||
73 | 71 | ||||||
74 | 72 | 36 | |||||
75 | 73 | ||||||
76 | 74 | 37 | |||||
77 | 75 | ||||||
78 | 76 | 38 | |||||
79 | 77 | ||||||
80 | 78 | 39 | |||||
81 | Guard | ||||||
82 | Guard | ||||||
83 |
Bluetooth connection
A PSVita (Bluetooth v2.1 + EDR) can connect up to seven (active) Bluetooth® devices at one time.
There are three type of (oriented) connections in Bluetooth:
- Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
- Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
- Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.
Device icons
Shows the types of found Bluetooth® devices using icons.
Bluetooth Profile
Bluetooth® devices that support the following profile can be paired with your system:
- A2DP (Advanced Audio Distribution Profile)
- AVRCP (Audio/Video Remote Control Profile)
- HSP (Headset Profile)
- HID (Human Interface Device Profile)
- HFP (3G model only?), PBAP (3G model only?)?
By using the Object Push Profile (OPP), on Firmware 3.18, the attempts forcing the connection to the Vita will give a loophole .
A2DP
AVRCP
HSP
HID
OPP
OPP defines the roles of push server and push client. These roles are analogous to and must interoperate with the server and client device roles that GOEP defines.
The Object Push Profile (OPP) provides basic functions for exchange of binary objects, mainly used for vCards in Bluetooth.
vCard is a file format standard for electronic business cards. Since vCards are not worth being especially protected, no authorisation procedure is performed before OPP transactions.
Supported OBEX commands are connect, disconnect, put, get and abort.
Usage Scenarios
An example scenario would be the exchange of a contact or appointment between two mobile phones, or a mobile phone and a PC.
Bluetooth Adressing
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
Company_assigned | Company_id | ||||||||||
Lower Adress Part (24-bit) transmitted with every packet as part of the packet header |
Upper Adress Part (8-bit) |
Non-Significant Adress Part (16-bit) assigned publicly by the IEEE | |||||||||
lsbxxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxxmsb |
---|
Class of Device/Service (CoD)
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.
The PlayStation Vita PCH-2000 has a class of Device/Service (CoD) 0x3e0100:
- Major Service Class : Networking (LAN, Ad hoc etc) (0x20000)
- Major Service Class : Rendering (printing, speaker etc) (0x40000)
- Major Service Class : Capturing (scanner, microphone etc) (0x80000)
- Major Service Class : Object Transfer (v-inbox, v-folder etc) (0x100000)
- Major Service Class : Audio (speaker, microphone, headset service etc) (0x200000)
- Major Device Class : Computer (desktop,notebook, PDA, organizers etc ) (0x100)
- Minor Device Class : Uncategorized, code for device not assigned
(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)