Editing Wireless communications

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 84: Line 84:
| MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE  || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi
| MDM6200 || 3G || HSPA+, GSM/GPRS/EDGE  || Up to 14Mbps || {{No}} || {{Yes}} || gpsOneGen 8 with GLONASS|| USB 2.0 HS Peripheral or Host|| Supported with External Wifi
|-
|-
The communication of the Modem appears to be PCIe, instead of the more common (Used on WWAN modems for laptops.) USB interface. So, the Vita might have PCIe available for use along with USB. In case anyone wants to try putting a mPCIe SSD in it or even hook up an external GPU to the Vita.
</br>
Physical Pin Layout:</br>
    Top</br>
    1                                                    51</br>
      --------| |------------------</br>
      --------| |------------------</br>
    2                                                  52</br>
    Bottom</br>
</br>
</br>
Used pins:</br>
Legend:</br>
        * = Connected</br>
        - = Not Connected</br>
</br>
    Top</br>
    1                                                    51</br>
      ********| |******************</br>
      *******-| |--**--***----*----</br>
    2                                                  52</br>
    Bottom</br>
</br>
</br>
Labled pins (Section incomplete):</br>
    Legend:</br>
        S = Signal Pin</br>
        P = Vcc or GND pin</br>
        U = Signal pin pulled up to Vcc</br>
        D = Signal pin pulled down to GND</br>
        - = Not Connected</br>
</br>
    Top</br>
    1                                                                  51</br>
      DSSDPSPS| |SSPSSSPSDDDDDDDDDS</br>
      PPPSSSS-| |--PP--SSP----P----</br>
    2                                                          52</br>
    Bottom</br>
</br>
</br>
Labled pinout:</br>
    Top:</br>
    1: WAKE#</br>
    3: Reserved (Wireless Coexistence Interface)</br>
    5: Reserved (Wireless Coexistence Interface)</br>
    7: CLKREQ#</br>
    9: GND</br>
    11: REFCLK-</br>
    13: REFCLK+</br>
    15: NC or GND</br>
    -</br>
    17: Reserved</br>
    19: Reserved</br>
    21: GND</br>
    23: PERn0</br>
    25: PERp0</br>
    27: GND</br>
    29: GND</br>
    31: PETn0</br>
    33: PETp0</br>
    35: GND</br>
    37: Reserved (Second PCIe lane. Tied to GND)</br>
    39: Reserved (Second PCIe lane. Tied to GND)</br>
    41: Reserved (Second PCIe lane. Tied to GND)</br>
    43: Reserved (Second PCIe lane. Tied to GND)</br>
    45: Reserved (Second PCIe lane. Tied to GND)</br>
    47: Reserved (Second PCIe lane. Tied to GND)</br>
    49: Reserved (Second PCIe lane. Tied to GND)</br>
    51: Reserved (W_DISABLE2#)</br>
</br>
</br>
    Bottom:</br>
    2: 3.3V</br>
    4: GND</br>
    6: 1.5V</br>
    8: VCC (SIM Card)</br>
    10: I/O (SIM Card)</br>
    12: CLK (SIM Card)</br>
    14: RST (SIM Card)</br>
    -</br>
    22: PERST#</br>
    24: +3.3Vaux</br>
    30: SMB_CLK</br>
    32: SMB_DATA</br>
    34: GND</br>
    44: LED_WLAN#</br>
</code>
|}
|}


Line 177: Line 90:
*[[Components]] (Parent Component is Half Mini PCIe Module)
*[[Components]] (Parent Component is Half Mini PCIe Module)


== [[File:Bluetooth.png|10px]] Bluetooth / [[File:WiFi.png|20px]] WiFi ==


== [[File:Bluetooth.png|10px]] Bluetooth ==
=== Bluetooth ===
Bluetooth is a technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.


*[[Bluetooth]]
An overview of Bluetooth:


== GPS ==
*http://engineeringagenda.com/agenda/2013/09/bluetooth/ An introduction to Bluetooth <!-- the formatting on that article is so 1990 -->
*https://learn.sparkfun.com/tutorials/bluetooth-basics bluetooth basics
*http://www.eetimes.com/document.asp?doc_id=1200909 An introduction to debugging Bluetooth in embedded systems
*http://travisgoodspeed.blogspot.fr/2011/12/introduction-to-bluetooth-rfcomm.html Introduction to Bluetooth RFCOMM Reverse Engineering
*http://imperia.rz.rub.de:9085/imperia/md/content/seminare/itsss07/slides_bluetooth_security_and_hacks.pdf (or http://gsyc.es/~anto/ubicuos2/bluetooth_security_and_hacks.pdf) Bluetooth Security & Hacks


== [[File:WiFi.png|20px]] WiFi ==
=== Bluetooth radio ===


Module based on Marvell SD8787.
Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):
Firmware in wlanbt_robin_img_ax.skprx starting at offset 305.
 
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
| style="background-color:#ffffff; color:#123AAA;" |'''Class'''
| style="background-color:#ffffff; color:#123AAA;" |'''Power'''
| style="background-color:#ffffff; color:#123AAA;" |'''Range'''
|-
| Class 1 || 100mW<br />(20 dBm) || 100m<br />(325ft)
|-
| Class 2 || 2.5mW<br />(4 dBm) || 10m<br />(32ft)
|-
| Class 3 || 1mW<br />(0 dBm) || 1m<br />(3ft)
|-
|}
 
*http://www.instructables.com/id/Increase-and-extend-the-range-of-a-USB-Bluetooth-d/#step0 Increase and extend the range of a USB Bluetooth
*http://trifinite.org/trifinite_stuff_lds.html Long Distance Snarf showed that the range of Class 2 Bluetooth radios could be extended to 1.78 km (1.11 mi) with directional antennas and signal amplifiers.
 
=== Overlapping channels BT/WiFi ===
 
*[http://www.vitadevwiki.com/index.php?title=File:BT-Wifi-channels.png archaic BT/Wifi channels]
 
{| class="wikitable"
|-
! Center Frequency<br />(2.4xx Ghz) !! BT 2.0<br />Channel !! BT 4.0<br />Channel !! colspan="5" | WiFi channel<br />(center freq. in GHz)
|-
| 00 || rowspan="2" | Guard || rowspan="2" | Guard
|-
| 01 || rowspan="23" style="background-color: #afafaf;" | 1<br />(2.412)
|-
| 02 || 0 || rowspan="2" style="background-color: #6666ff;" | 0
|-
| 03 || 1
|-
| 04 || 2 || rowspan="2" style="background-color: #6666ff;" | 1
|-
| 05 || 3
|-
| 06 || 4 || rowspan="2" style="background-color: #6666ff;" | 2 || rowspan="23" style="background-color: #afafaf;" | 2<br />(2.417)
|-
| 07 || 5
|-
| 08 || 6 || rowspan="2" style="background-color: #6666ff;" | 3
|-
| 09 || 7
|-
| 10 || 8 || rowspan="2" style="background-color: #6666ff;" | 4
|-
| 11 || 9 || rowspan="23" style="background-color: #afafaf;" | 3<br />(2.422)
|-
| 12 || 10 || rowspan="2" style="background-color: #6666ff;" | 5
|-
| 13 || 11
|-
| 14 || 12 || rowspan="2" style="background-color: #6666ff;" | 6
|-
| 15 || 13
|-
| 16 || 14 || rowspan="2" style="background-color: #6666ff;" | 7 || rowspan="23" style="background-color: #afafaf;" | 4<br />(2.427)
|-
| 17 || 15
|-
| 18 || 16 || rowspan="2" style="background-color: #6666ff;" | 8
|-
| 19 || 17
|-
| 20 || 18 || rowspan="2" style="background-color: #6666ff;" | 9
|-
| 21 || 19 || rowspan="23" style="background-color: #afafaf;" | 5<br />(2.432)
|-
| 22 || 20 || rowspan="2" style="background-color: #6666ff;" | 10
|-
| 23 || 21
|-
| 24 || 22 || rowspan="2" style="background-color: #6666ff;" | 11
|-
| 25 || 23
|-
| 26 || 24 || rowspan="2" style="background-color: #6666ff;" | 12 || rowspan="23" style="background-color: #afafaf;" | 6<br />(2.437)
|-
| 27 || 25
|-
| 28 || 26 || rowspan="2" style="background-color: #6666ff;" | 13
|-
| 29 || 27
|-
| 30 || 28 || rowspan="2" style="background-color: #6666ff;" | 14
|-
| 31 || 29 || rowspan="23" style="background-color: #afafaf;" | 7<br />(2.442)
|-
| 32 || 30 || rowspan="2" style="background-color: #6666ff;" | 15
|-
| 33 || 31
|-
| 34 || 32 || rowspan="2" style="background-color: #6666ff;" | 16
|-
| 35 || 33
|-
| 36 || 34 || rowspan="2" style="background-color: #6666ff;" | 17 || rowspan="23" style="background-color: #afafaf;" | 8<br />(2.447)
|-
| 37 || 35
|-
| 38 || 36 || rowspan="2" style="background-color: #6666ff;" | 18
|-
| 39 || 37
|-
| 40 || 38 || rowspan="2" style="background-color: #6666ff;" | 19
|-
| 41 || 39 || rowspan="23" style="background-color: #afafaf;" | 9<br />(2.452)
|-
| 42 || 40 || rowspan="2" style="background-color: #6666ff;" | 20
|-
| 43 || 41
|-
| 44 || 42 || rowspan="2" style="background-color: #6666ff;" | 21
|-
| 45 || 43
|-
| 46 || 44 || rowspan="2" style="background-color: #6666ff;" | 22 || rowspan="23" style="background-color: #afafaf;" | 10<br />(2.457)
|-
| 47 || 45
|-
| 48 || 46 || rowspan="2" style="background-color: #6666ff;" | 23
|-
| 49 || 47
|-
| 50 || 48 || rowspan="2" style="background-color: #6666ff;" | 24
|-
| 51 || 49 || rowspan="23" style="background-color: #afafaf;" | 11<br />(2.462)
|-
| 52 || 50 || rowspan="2" style="background-color: #6666ff;" | 25
|-
| 53 || 51
|-
| 54 || 52 || rowspan="2" style="background-color: #6666ff;" | 26
|-
| 55 || 53
|-
| 56 || 54 || rowspan="2" style="background-color: #6666ff;" | 27 || rowspan="23" style="background-color: #afafaf;" | 12<br />(2.467)
|-
| 57 || 55
|-
| 58 || 56 || rowspan="2" style="background-color: #6666ff;" | 28
|-
| 59 || 57
|-
| 60 || 58 || rowspan="2" style="background-color: #6666ff;" | 29
|-
| 61 || 59 || rowspan="23" style="background-color: #afafaf;" | 13<br />(2.472)
|-
| 62 || 60 || rowspan="2" style="background-color: #6666ff;" | 30
|-
| 63 || 61
|-
| 64 || 62 || rowspan="2" style="background-color: #6666ff;" | 31
|-
| 65 || 63
|-
| 66 || 64 || rowspan="2" style="background-color: #6666ff;" | 32
|-
| 67 || 65
|-
| 68 || 66 || rowspan="2" style="background-color: #6666ff;" | 33
|-
| 69 || 67
|-
| 70 || 68 || rowspan="2" style="background-color: #6666ff;" | 34
|-
| 71 || 69
|-
| 72 || 70 || rowspan="2" style="background-color: #6666ff;" | 35
|-
| 73 || 71
|-
| 74 || 72 || rowspan="2" style="background-color: #6666ff;" | 36
|-
| 75 || 73
|-
| 76 || 74 || rowspan="2" style="background-color: #6666ff;" | 37
|-
| 77 || 75
|-
| 78 || 76 || rowspan="2" style="background-color: #6666ff;" | 38
|-
| 79 || 77
|-
| 80 || 78 || rowspan="2" style="background-color: #6666ff;" | 39
|-
| 81 || rowspan="3" | Guard
|-
| 82 || rowspan="2" | Guard
|-
| 83
|-
|}
 
=== Bluetooth connection ===
 
[[File:Piconet.jpg|300px|thumb|right|Piconet]]
 
[[File:Scatternet.jpg|300px|thumb|right|Scatternet]]
 
A PSVita [http://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v2.1_.2B_EDR (Bluetooth v2.1 + EDR)] can connect up to seven (active) Bluetooth® devices at one time.
 
There are three type of (oriented) connections in Bluetooth:
 
*Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
*Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
*Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.
 
=== Device icons ===
 
Shows the types of found Bluetooth® devices using icons.
 
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
| style="background-color:#ffffff; color:#123AAA;" |'''Icon'''
| style="background-color:#ffffff; color:#123AAA;" |'''Device'''
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-logo.jpg|70px]]
| style="background-color:#ffffff; color:#123AAA;" |[[File:Ps-vita-tv-logo-123aaaa.png|70px]]
|-
| [[File:Bluetooth_Wireless_controller.png]] || Wireless controller || {{No}} || {{Yes}}
|-
| [[File:Bluetooth_BD_Remote_Control.png]] || BD Remote Control || {{No}} || {{Yes}}
|-
| [[File:Bluetooth_computer.png]] || Computer || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_mobile-phone_smartphone.png]] || Mobile phone, smartphone || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_headset.png]] || Headset || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_speakers.png]] || Speakers || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_mouse.png]] || Mouse || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_keyboard.png]] || Keyboard || {{Yes}} || {{Yes}}
|-
| [[File:Bluetooth_printer.png]] || Printer || {{Yes}} || {{Yes}}
|-
| '''No icon''' || Other devices || {{Yes}} || {{Yes}}
|-
|}
 
=== Protocol and layers ===
 
[[File:Protocol_stack.jpg|400px|thumb|right|Protocol and layers]]
 
*Bluetooth standard has many protocols that are organized into different layers.
 
*The layer structure of Bluetooth does not follow OS1 model, TCP/IP model or any other known model.
 
*Bluetooth makes use of a protocol stack, which makes it simple to seperate application logic from physical data connections.
 
==== Radio layer ====
 
The Bluetooth radio layer corresponds to the physical layer of OSI model.
 
• It deals with ratio transmission and modulation.
 
• The radio layer moves data from master to slave or vice versa.
 
• It is a low power system that uses 2.4 GHz ISM band in a range of 10 meters.
 
• This band is divided into 79 channels of 1MHz each. Bluetooth uses the Frequency Hopping Spread Spectrum (FHSS) method in the physical layer to avoid interference from other devices or networks.
 
• Bluetooth hops 1600 times per second, i.e. each device changes its modulation frequency 1600 times per second.
 
• In order to change bits into a signal, it uses a version of FSK called GFSK i.e. FSK with Gaussian bandwidth filtering.
 
==== Baseband Layer ====
 
• Baseband layer is equivalent to the MAC sublayer in LANs.
 
• Bluetooth uses a form of TDMA called TDD-TDMA (time division duplex TDMA).
 
• Master and slave stations communicate with each other using time slots.
 
• The master in each piconet defines the time slot of 625 µsec.
 
• In TDD- TDMA, communication is half duplex in which receiver can send and receive data but not at the same time.
 
• If the piconet has only no slave; the master uses even numbered slots (0, 2, 4, ...) and the slave uses odd-numbered slots (1, 3, 5, .... ). Both master and slave communicate in half
duplex mode. In slot 0, master sends & secondary receives; in slot 1, secondary sends and primary receives.
 
• If piconet has more than one slave, the master uses even numbered slots. The slave sends in the next odd-numbered slot if the packet in the previous slot was addressed to it.
 
• In Baseband layer, two types of links can be created between a master and slave. These are:
 
===== 1. Asynchronous Connection-less (ACL) =====
• It is used for packet switched data that is available at irregular intervals.
 
• ACL delivers traffic on a best effort basis. Frames can be lost & may have to be retransmitted.
 
• A slave can have only one ACL link to its master.
 
• Thus ACL link is used where correct delivery is preferred over fast delivery.
 
• The ACL can achieve a maximum data rate of 721 kbps by using one, three or more slots.
 
===== 2. Synchronous Connection Oriented (SCO) =====
 
• sco is used for real time data such as sound. It is used where fast delivery is preferred over accurate delivery.
 
• In an sco link, a physical link is created between the master and slave by reserving specific slots at regular intervals.
 
• Damaged packet; are not retransmitted over sco links.
 
• A slave can have three sco links with the master and can send data at 64 Kbps.
 
==== Logical Link, Control Adaptation Protocol Layer (L2CAP) ====
 
• The logical unit link control adaptation protocol is equivalent to logical link control sublayer of LAN.
 
• The ACL link uses L2CAP for data exchange but sco channel does not use it.
 
• The various function of L2CAP is:
 
===== 1. Segmentation and reassembly =====
 
• L2CAP receives the packets of upto 64 KB from upper layers and divides them into frames for transmission.
 
• It adds extra information to define the location of frame in the original packet.
 
• The L2CAP reassembles the frame into packets again at the destination.
 
===== 2. Multiplexing =====
 
• L2CAP performs multiplexing at sender side and demultiplexing at receiver side.
 
• At the sender site, it accepts data from one of the upper layer protocols frames them and deliver them to the Baseband layer.
 
• At the receiver site, it accepts a frame from the baseband layer, extracts the data, and delivers them to the appropriate protocol1ayer.
 
===== 3. Quality of Service (QOS) =====
 
• L2CAP handles quality of service requirements, both when links are established and during normal operation.
 
• It also enables the devices to negotiate the maximum payload size during connection establishment.
 
=== Bluetooth Profile ===
 
*http://en.wikipedia.org/wiki/List_of_Bluetooth_profiles
 
Bluetooth® devices that support the following profile can be paired with your system:
 
*[https://developer.bluetooth.org/TechnologyOverview/Pages/A2DP.aspx A2DP (Advanced Audio Distribution Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/AVRCP.aspx AVRCP (Audio/Video Remote Control Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HSP.aspx HSP (Headset Profile)]
*[https://developer.bluetooth.org/TechnologyOverview/Pages/HID.aspx HID (Human Interface Device Profile)]
*HFP (3G model only?), PBAP (3G model only?)?
 
By using the [https://developer.bluetooth.org/TechnologyOverview/Pages/OPP.aspx Object Push Profile (OPP)], on [[Template:Firmware_revisions|Firmware]] 3.18,  the attempts forcing the connection to the Vita will give a loophole .
 
===== A2DP =====
 
===== AVRCP =====
 
===== HSP =====
 
===== HID =====
 
===== OPP =====
 
OPP defines the roles of push server and push client. These roles are analogous to and must interoperate with the server and client device roles that GOEP defines.
 
The Object Push Profile (OPP) provides basic functions for exchange of binary objects, mainly used for vCards in Bluetooth.
 
vCard is a file format standard for electronic business cards. Since vCards are not worth being especially protected, no authorisation procedure is performed before OPP transactions.
 
Supported OBEX commands are connect, disconnect, put, get and abort.
 
====== Usage Scenarios ======
 
An example scenario would be the exchange of a contact or appointment between two mobile phones, or a mobile phone and a PC.
 
=== Bluetooth Adressing ===
 
Each Bluetooth unit has a unique 48-bit address (BD_ADDR).
 
{| class="wikitable" style="text-align: center;border:3px solid #123AAA;"
|-
|colspan="6"|'''Company_assigned'''
|colspan="6"|'''Company_id'''
|-
|colspan="6"|'''L'''ower '''A'''dress '''P'''art (24-bit)<br />transmitted with every packet as part of the packet header
|colspan="2"|'''U'''pper '''A'''dress '''P'''art  (8-bit)<br />
|colspan="4"|'''N'''on-Significant '''A'''dress '''P'''art (16-bit)<br />[http://standards-oui.ieee.org/oui.txt assigned  publicly by the IEEE]
|-
!width="70"|<sub>lsb</sub>xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx
!width="70"|xxxx<sup>msb</sup>
|-
|}
 
=== Class of Device/Service (CoD) ===
 
In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.
 
The PlayStation Vita PCH-2000 has a [https://www.bluetooth.org/en-us/specification/assigned-numbers/baseband class of Device/Service (CoD)] 0x3e0100:
 
*Major Service Class : Networking (LAN, Ad hoc etc)  (0x20000)
*Major Service Class : Rendering (printing, speaker etc)  (0x40000)
*Major Service Class : Capturing (scanner, microphone etc) (0x80000)
*Major Service Class : Object Transfer (v-inbox, v-folder etc) (0x100000)
*Major Service Class : Audio (speaker, microphone, headset service etc) (0x200000)
 
*Major Device Class : Computer (desktop,notebook, PDA, organizers etc ) (0x100)
 
*Minor Device Class : Uncategorized, code for device not assigned
 
<small>(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)</small>
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page: