Bluetooth
Bluetooth[edit | edit source]
Bluetooth is a wireless technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.
An overview of Bluetooth:
- http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth
- http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems
- http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering
Bluetooth radio[edit | edit source]
Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):
| Class | Power | Range |
| Class 1 | 100mW (20 dBm) |
100m (325ft) |
| Class 2 | 2.5mW (4 dBm) |
10m (32ft) |
| Class 3 | 1mW (0 dBm) |
1m (3ft) |
Bluetooth connection[edit | edit source]
The number of Bluetooth® devices you can connect at the same time depends on the Bluetooth® devices.
There are three type of connections in Bluetooth:
- Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
- Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
- Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.
Device icons[edit | edit source]
Shows the types of found Bluetooth® devices using icons.
| Icon | Device | 
|
 |
DUALSHOCK™4 wireless controller or other controller | Yes |
 |
PlayStation®Move motion controller | Yes |
 |
Computer | Yes |
 |
Mobile phone, smartphone | Yes |
 |
Headset | Yes |
 |
Speakers | Yes |
 |
Mouse | Yes |
 |
Keyboard | Yes |
 |
Printer | Yes |
Bluetooth Addressing[edit | edit source]
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
| Company_assigned | Company_id | ||||||||||
| Lower Adress Part (24-bit) transmitted with every packet as part of the packet header |
Upper Adress Part (8-bit) |
Non-Significant Adress Part (16-bit) assigned publicly by the IEEE | |||||||||
| lsbxxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxx | xxxxmsb |
|---|---|---|---|---|---|---|---|---|---|---|---|
Class of Device/Service (CoD)[edit | edit source]
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.
The PS4 has a class of Device/Service (CoD) of 0x2c0100:
- Major Service Class: Audio (0x200000)
- Major Service Class: Capturing (0x80000)
- Major Service Class: Rendering (0x40000)
- Major Device Class : Computer (0x100)
(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)
(The dualshock 4 in a game controller mode has a class of Device/Service (CoD) of 0x002508.
Related Articles[edit | edit source]
| |||||||||||||||||||||||||||||||||||||||||||||
