Wireless communications

From Vita Developer wiki
Jump to navigation Jump to search


PSVITA PCH-1101 Wireless card
ZOE_MP wireless card with EMI shields
ZOE_MP measurement
ZOE_MP wireless card
Antenna Position (PCH-1100)
Antenna Position (PCH-2000)

Wireless card

ZOE_MP wireless card backside
Model Board Modem SDRAM Antenna Switch Module
PCH1101 ZOE_MP
backside
[] Qualcomm MDM6200 [] Toshiba TY890A111222KA
[] Sony CXM3555ER
--- --- --- --- ---
ZOE_MP wireless card frontside
Model Board Power Management Power Amplifier Module Power Amplifier Module Power Amplifier Module Power Amplifier Module Power Amplifier Module Duplexer
PCH1101 ZOE_MP
front
[] Qualcomm PM8028 [] Avago ACPM-7868
GSM850/900 bands
DCS1800/PCS1900 bands
[] Avago ACPM-5001
UMTS band: 1
CDMA band: 6
[] Avago ACPM-5008
UMTS band: 8
[] Avago ACPM-5002
UMTS band: 2
[] Avago ACPM-5005
UMTS band: 5
CDMA BC0
[] Epcos 7964
--- --- --- --- --- --- --- --- ---

On motherboard backside, there are a Marvell 88W878S-BKB2 Avastar WLAN/Bluetooth/FM Single-Chip SoC.

Point Of Interest: On early manufactured Stock Keeping Units (mostly with release firmware such as 1.06) there is a known issue with faulty 3G sub boards. For more information on how to remedy check the errors page: C2-9693-7.

Mobile Data Modem

Qualcomm Gobi is a family of embedded mobile broadband modem products by Qualcomm. One of the more notable products that contain a Gobi modem is the PSVita, which contains a MDM6200™.

Individual Chipsets IMT-2000 Modem Peak Data Rates Application Processor Voice GPS USB Wifi
MDM6200 3G HSPA+, GSM/GPRS/EDGE Up to 14Mbps No Yes gpsOneGen 8 with GLONASS USB 2.0 HS Peripheral or Host Supported with External Wifi

Bluetooth.png Bluetooth / WiFi.png WiFi

Bluetooth

Bluetooth is a technology for creating personal area networks operating in the 2.4 GHz unlicensed band, with a default range of 10 meters.

An overview of Bluetooth:

Bluetooth radio

Bluetooth 2.0 uses frequencies between 2.4000 and 2.4835 GHz, and divides the band into 79 MHz channels (numbered 0-78), with frequency hopping at a rate of 1600 times per second. Channel 0 has a frequency centred at 2.4020 GHz, allowing a lower guard band of 2 MHz. Channel 78 has a frequency centred at 2.4800 GHz, allowing an upper guard band of 3.5 MHz. Bluetooth devices are divided into three classes, depending on their maximum transmitted power (and hence their maximum range):

Class Power Range
Class 1 100mW
(20 dBm)
100m
(325ft)
Class 2 2.5mW
(4 dBm)
10m
(32ft)
Class 3 1mW
(0 dBm)
1m
(3ft)

Overlapping channels BT/WiFi

Center Frequency
(2.4xx Ghz)
BT 2.0
Channel
BT 4.0
Channel
WiFi channel
(center freq. in GHz)
00 Guard Guard
01 1
(2.412)
02 0 0
03 1
04 2 1
05 3
06 4 2 2
(2.417)
07 5
08 6 3
09 7
10 8 4
11 9 3
(2.422)
12 10 5
13 11
14 12 6
15 13
16 14 7 4
(2.427)
17 15
18 16 8
19 17
20 18 9
21 19 5
(2.432)
22 20 10
23 21
24 22 11
25 23
26 24 12 6
(2.437)
27 25
28 26 13
29 27
30 28 14
31 29 7
(2.442)
32 30 15
33 31
34 32 16
35 33
36 34 17 8
(2.447)
37 35
38 36 18
39 37
40 38 19
41 39 9
(2.452)
42 40 20
43 41
44 42 21
45 43
46 44 22 10
(2.457)
47 45
48 46 23
49 47
50 48 24
51 49 11
(2.462)
52 50 25
53 51
54 52 26
55 53
56 54 27 12
(2.467)
57 55
58 56 28
59 57
60 58 29
61 59 13
(2.472)
62 60 30
63 61
64 62 31
65 63
66 64 32
67 65
68 66 33
69 67
70 68 34
71 69
72 70 35
73 71
74 72 36
75 73
76 74 37
77 75
78 76 38
79 77
80 78 39
81 Guard
82 Guard
83

Bluetooth connection

A PSVita (Bluetooth v2.1 + EDR) can connect up to seven (active) Bluetooth® devices at one time.

There are three type of connections in Bluetooth:

  • Single-slave: a point-to-point connection (only 2 Bluetooth units involved)
  • Piconet: One Bluetooth unit acts as the master of the piconet, whereas the (up to seven active) others units acts as slaves.
  • Scatternet: Multiple piconets with overlapping coverage areas form a scatternet.

Device icons

Shows the types of found Bluetooth® devices using icons.

Icon Device Ps-vita-logo.jpg Ps-vita-tv-logo-123aaaa.png
Bluetooth Wireless controller.png Wireless controller No Yes
Bluetooth BD Remote Control.png BD Remote Control No Yes
Bluetooth computer.png Computer Yes Yes
Bluetooth mobile-phone smartphone.png Mobile phone, smartphone Yes Yes
Bluetooth headset.png Headset Yes Yes
Bluetooth speakers.png Speakers Yes Yes
Bluetooth mouse.png Mouse Yes Yes
Bluetooth keyboard.png Keyboard Yes Yes
Bluetooth printer.png Printer Yes Yes
No icon Other devices Yes Yes

Bluetooth Profile

Bluetooth® devices that support the following profile can be paired with your system:

By using the Object Push Profile (OPP), on Firmware 3.18, the attempts forcing the connection to the Vita will give a loophole .

Bluetooth Adressing

Each Bluetooth unit has a unique 48-bit address (BD_ADDR).

Company_assigned Company_id
Lower Adress Part (24-bit)
transmitted with every packet as part of the packet header
Upper Adress Part (8-bit)
Non-Significant Adress Part (16-bit)
assigned publicly by the IEEE
lsbxxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxxmsb

Class of Device/Service (CoD)

In practice, most Bluetooth clients scan their surroundings in two successive steps: they first look for all bluetooth devices around them and find out their "class". You can do this on Linux with the hcitool scan command. Then, they use SDP in order to check if a device in a given class offers the type of service that they want.

The PlayStation Vita PCH-2000 has a class of Device/Service (CoD) 0x3e0100:

  • Major Service Class : Networking (LAN, Ad hoc etc) (0x20000)
  • Major Service Class : Rendering (printing, speaker etc) (0x40000)
  • Major Service Class : Capturing (scanner, microphone etc) (0x80000)
  • Major Service Class : Object Transfer (v-inbox, v-folder etc) (0x100000)
  • Major Service Class : Audio (speaker, microphone, headset service etc) (0x200000)
  • Major Device Class : Computer (desktop,notebook, PDA, organizers etc ) (0x100)
  • Minor Device Class : Uncategorized, code for device not assigned

(Online Generator http://bluetooth-pentest.narod.ru/software/bluetooth_class_of_device-service_generator.html)