Post on 21-Apr-2017
Build Your own iBeacon
iBeacon Workshop April 29, 2014
Andreessen Horowitz
Ramin Firoozye - @raminf
What is an iBeacon
- A Bluetooth Low Energy (BTLE) broadcast-only device - A BTLE peripheral (transmitter) - If connectable it can be configured - It is a simple transmitter of data:
- UUID (i.e. E2C56DB5-DFFB-48D2-B060-D0F5A71096E0) - Major (2 byte number) - Minor (2 byte number) - Proximity (via RSSI signal strength)
Typical iBeacon Platform
Beacon
Server Beacon UUID/major/minor Distance (immediate/near/
far)
Beacon data
LocationUser ID
Personalized Content
BTLE Nomenclature• Peripheral (transmitter) • Central (receiver) • iOS devices can be both at same time • Broadcast interval/duration • Channels: 37 data and 3 advertising • Connectable vs. not • TX Power • RSSI (Received Signal Strength Indicator)
An iBeacon is…• A BTLE peripheral • Based on BTLE advertising spec • Broadcasts a small amount of data • May be connectable (to configure) • Range: conservatively ~50ft • With RSSI+TX power can roughly
gauge distance — but not angle
TI Packet BTLE Sniffer Software (Windows) http://www.ti.com/tool/PACKET-SNIFFER
TI Packet BTLE Sniffer Development http://www.ti.com/tool/cc2540dk-mini
iBeacon Advertising Packet
Length: 47 !
Raw data (hex): D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5 !
RSSI [dBm]: -38
Raw Data
Access Address (4 bytes)
8E 89 BE D6
Advertising Channel/Data Channel PDU (2 .. 39 bytes)
40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
CRC (3 bytes) B9 21 04
RSSI (1 byte)
-38
Frame Checksum (1 byte)
A5
Header (2 bytes)
40 24 (36 bytes)
Advertising Address (6 bytes)
4C 16 CB 2A BB BA
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
CRC (3 bytes) EF E3 53
Advertising Data (0 .. 31 bytes)
02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
Access Address (4 bytes)
8E 89 BE D6
Fixed value for advertisement communication channels. For data channels, varies by connection.
0x40 = Undirected advertising 0x24 = 36 (number of bytes to follow)
Mac Address
RSSI (1 byte)
-38
FCS (1 byte)
A5
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
Advertising Data (0 .. 31 bytes)
02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
Length (1 byte)
Type (X byte)
•••
Data (Ad Length)
Length (1 byte)
Type (X byte)
Data (Ad Length)
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
Advertising Data (0 .. 31 bytes)
02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
Ad Length (1 byte)
0x02
Ad Type (1 byte)
0x01
Data (1 byte)
0x06 - Connectable/undirected
Ad Length (1 byte)
0x1A = 25
Ad Type (1 byte)
0xFF
Data Manufacturer specific data to follow
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
Manufacturer-specific Data (25 bytes)
4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
Manufacturer Type (2 bytes)
00 4C
iBeacon Ad Indicator (2 bytes)
15 02
https://www.bluetooth.org/en-us/specification/assigned-numbers/company-identifiers
Question Will iOS iBeacon software *require* manufacturer ID
to be 0x004C?
Answer: No As long as your ID starts with 0x00
•••Sucks to be TomTom
Also: this can all change
D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5
Manufacturer-specific Data (25 bytes)
4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00
Manufacturer Type (2 bytes)
00 4C
iBeacon Device Type (1 byte)
0x02
iBeacon UUID (16 bytes)
29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB
iBeacon Major (2 bytes)
00 00
iBeacon Minor (2 bytes)
00 00
Measured Tx Power at 1meter (1 byte)
C5 (-57)
iBeacon Data Length (1 byte)
0x15 (21)
• TX Power at 1 meter - calculated for each device • 0xC5 = 197 = 2’s complement (256-197) = -59dBM • Varies for each module manufacturer • Combine RSSI by TX Power to guess proximity • Apple has own formula • Basic version: RSSI * (1.0 / TX Power) • To be precise, make your own calibration formula • Break into 3 ranges: Immediate / Near / Far • Number can vary with RSSI fluctuation
Measuring General Proximity
• Device battery life (esp. w/ CR2032) • Obstruction
• Body (bag of water) • Walls / Doors / Furniture • Merchandise (i.e. clothing, solids, or liquids) • Reflective surfaces (i.e. mirror, foil)
• Interference (2.4 GHz) • Other devices • Microwave ovens !!!
RSSI Fluctuation
Bluetooth spectrum scan (including iBeacon)
Microwave running 30 ft. away(Shrimp Burrito)
Beacon Scanning Devices• iPhone (4s and later) / iPad (3rd gen iPad) • Android 4.3 and higher
• Google Nexus 5 and 7 (2013) • Samsung Galaxy S III or newer • More on their way
• Microsoft/Nokia • BTLE support in Windows Phone 8.1 dev • No access to broadcast data… yet
• Raspberry Pi (with BTLE dongle) • MacBooks (2012 onward)/new Mac Mini • Other devices? Wearables? :-)
• Need a BTLE Peripheral device • Phones/tablets: currently only Apple devices
can be peripherals • Popular BTLE module vendors:
• TI • Nordic • BlueGiga • CSR • Broadcom
Making a Beacon
• Firmware for Bluegiga BLE112
• BGScript - free compiler
• Windows only dev tools
• Flash firmware with TI programmer
• Scan for Beacon with iOS and Android
Quick Demo
iOS — Things to Remember• Can only scan for a given UUID • Can not get raw advertising data • Can have a device be both scanner and
transmitter at same time • Can return raw RSSI as well as enumerated
distance values (immediate / near / far) • Can remember UUID and launch app when
device in range • As of iOS 7.1 remembers UUID across
system restarts
iBeacon Myths
• Can locate people • Will send unsolicited ads to phones • Are unspoofable • Act like indoor GPS • Are only for coupons
• Are hard to build…
Enemy of all Beacons*
* Microwave burrito + reflective foil Photo: http://flic.kr/p/9j91ea
Beware
Q&ARamin Firoozye @raminf http://blog.firoozye.com {firstname} {lastinitial} AT gmail.com