Bluetooth
Bluetooth
Bluetooth is a wireless technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.
An overview of Bluetooth:
- http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth
- http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems
- http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering
Bluetooth radio
Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):
| Class | Power | Range |
| Class 1 | 100mW (20 dBm) |
100m (325ft) |
| Class 2 | 2.5mW (4 dBm) |
10m (32ft) |
| Class 3 | 1mW (0 dBm) |
1m (3ft) |
- http://www.instructables.com/id/Increase-and-extend-the-range-of-a-USB-Bluetooth-d/#step0 Increase and extend the range of a USB Bluetooth
Overlapping channels BT/WiFi
| Center Frequency (2.4xx Ghz) |
BT 2.0 Channel |
BT 4.0 Channel |
WiFi channel (center freq. in GHz) | ||||
|---|---|---|---|---|---|---|---|
| 00 | Guard | Guard | |||||
| 01 | 1 (2.412) | ||||||
| 02 | 0 | 0 | |||||
| 03 | 1 | ||||||
| 04 | 2 | 1 | |||||
| 05 | 3 | ||||||
| 06 | 4 | 2 | 2 (2.417) | ||||
| 07 | 5 | ||||||
| 08 | 6 | 3 | |||||
| 09 | 7 | ||||||
| 10 | 8 | 4 | |||||
| 11 | 9 | 3 (2.422) | |||||
| 12 | 10 | 5 | |||||
| 13 | 11 | ||||||
| 14 | 12 | 6 | |||||
| 15 | 13 | ||||||
| 16 | 14 | 7 | 4 (2.427) | ||||
| 17 | 15 | ||||||
| 18 | 16 | 8 | |||||
| 19 | 17 | ||||||
| 20 | 18 | 9 | |||||
| 21 | 19 | 5 (2.432) | |||||
| 22 | 20 | 10 | |||||
| 23 | 21 | ||||||
| 24 | 22 | 11 | |||||
| 25 | 23 | ||||||
| 26 | 24 | 12 | 6 (2.437) | ||||
| 27 | 25 | ||||||
| 28 | 26 | 13 | |||||
| 29 | 27 | ||||||
| 30 | 28 | 14 | |||||
| 31 | 29 | 7 (2.442) | |||||
| 32 | 30 | 15 | |||||
| 33 | 31 | ||||||
| 34 | 32 | 16 | |||||
| 35 | 33 | ||||||
| 36 | 34 | 17 | 8 (2.447) | ||||
| 37 | 35 | ||||||
| 38 | 36 | 18 | |||||
| 39 | 37 | ||||||
| 40 | 38 | 19 | |||||
| 41 | 39 | 9 (2.452) | |||||
| 42 | 40 | 20 | |||||
| 43 | 41 | ||||||
| 44 | 42 | 21 | |||||
| 45 | 43 | ||||||
| 46 | 44 | 22 | 10 (2.457) | ||||
| 47 | 45 | ||||||
| 48 | 46 | 23 | |||||
| 49 | 47 | ||||||
| 50 | 48 | 24 | |||||
| 51 | 49 | 11 (2.462) | |||||
| 52 | 50 | 25 | |||||
| 53 | 51 | ||||||
| 54 | 52 | 26 | |||||
| 55 | 53 | ||||||
| 56 | 54 | 27 | 12 (2.467) | ||||
| 57 | 55 | ||||||
| 58 | 56 | 28 | |||||
| 59 | 57 | ||||||
| 60 | 58 | 29 | |||||
| 61 | 59 | 13 (2.472) | |||||
| 62 | 60 | 30 | |||||
| 63 | 61 | ||||||
| 64 | 62 | 31 | |||||
| 65 | 63 | ||||||
| 66 | 64 | 32 | |||||
| 67 | 65 | ||||||
| 68 | 66 | 33 | |||||
| 69 | 67 | ||||||
| 70 | 68 | 34 | |||||
| 71 | 69 | ||||||
| 72 | 70 | 35 | |||||
| 73 | 71 | ||||||
| 74 | 72 | 36 | |||||
| 75 | 73 | ||||||
| 76 | 74 | 37 | |||||
| 77 | 75 | ||||||
| 78 | 76 | 38 | |||||
| 79 | 77 | ||||||
| 80 | 78 | 39 | |||||
| 81 | Guard | ||||||
| 82 | Guard | ||||||
| 83 | |||||||
Bluetooth connection
The number of Bluetooth® devices you can connect at the same time depends on the Bluetooth® devices.
There are three type of connections in Bluetooth:
- Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
- Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
- Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.
Device icons
Shows the types of found Bluetooth® devices using icons.
| Icon | Device | 
|
 |
DUALSHOCK™4 wireless controller or other controller | Yes |
 |
PlayStation®Move motion controller | Yes |
 |
Computer | Yes |
 |
Mobile phone, smartphone | Yes |
 |
Headset | Yes |
 |
Speakers | Yes |
 |
Mouse | Yes |
 |
Keyboard | Yes |
 |
Printer | Yes |
Bluetooth Adressing
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
| Company_assigned | Company_id | ||||||||||
| Lower Adress Part (24-bit) transmitted with every packet as part of the packet header |
Upper Adress Part (8-bit) |
Non-Significant Adress Part (16-bit) assigned publicly by the IEEE | |||||||||
| lsbxxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxxmsb |
|---|---|---|---|---|---|---|---|---|---|---|---|
Class of Device/Service (CoD)
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.
The PS4 has a class of Device/Service (CoD) of 0x2c0100:
- Major Service Class: Audio (0x200000)
- Major Service Class: Capturing (0x80000)
- Major Service Class: Rendering (0x40000)
- Major Device Class : Computer (0x100)
(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)
(The dualshock 4 in a game controller mode has a class of Device/Service (CoD) of 0x002508.
Related Articles
| |||||||||||||||||||||||||||||||||||||
