Build Your own iBeacon

Build Your own iBeacon

iBeacon Workshop April 29, 2014

Andreessen Horowitz

Ramin Firoozye - @raminf

What is an iBeacon

- A Bluetooth Low Energy (BTLE) broadcast-only device - A BTLE peripheral (transmitter) - If connectable it can be configured - It is a simple transmitter of data:

- UUID (i.e. E2C56DB5-DFFB-48D2-B060-D0F5A71096E0) - Major (2 byte number) - Minor (2 byte number) - Proximity (via RSSI signal strength)

Typical iBeacon Platform

Beacon

Server Beacon UUID/major/minor Distance (immediate/near/

far)

Beacon data

LocationUser ID

Personalized Content

BTLE Nomenclature• Peripheral (transmitter) • Central (receiver) • iOS devices can be both at same time • Broadcast interval/duration • Channels: 37 data and 3 advertising • Connectable vs. not • TX Power • RSSI (Received Signal Strength Indicator)

An iBeacon is…• A BTLE peripheral • Based on BTLE advertising spec • Broadcasts a small amount of data • May be connectable (to configure) • Range: conservatively ~50ft • With RSSI+TX power can roughly

gauge distance — but not angle

TI Packet BTLE Sniffer Software (Windows) http://www.ti.com/tool/PACKET-SNIFFER

TI Packet BTLE Sniffer Development http://www.ti.com/tool/cc2540dk-mini

iBeacon Advertising Packet

Length: 47 !

Raw data (hex): D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5 !

RSSI [dBm]: -38

Raw Data

Access Address (4 bytes)

8E 89 BE D6

Advertising Channel/Data Channel PDU (2 .. 39 bytes)

40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00

D6 BE 89 8E 40 24 BA BB 2A CB 16 4C 02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00 C5 04 21 B9 38 A5

CRC (3 bytes) B9 21 04

RSSI (1 byte)

-38

Frame Checksum (1 byte)

A5

Header (2 bytes)

40 24 (36 bytes)

Advertising Address (6 bytes)

4C 16 CB 2A BB BA


CRC (3 bytes) EF E3 53

Advertising Data (0 .. 31 bytes)

02 01 06 1A FF 4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00

Access Address (4 bytes)

8E 89 BE D6

Fixed value for advertisement communication channels. For data channels, varies by connection.

0x40 = Undirected advertising 0x24 = 36 (number of bytes to follow)

Mac Address

RSSI (1 byte)

-38

FCS (1 byte)

A5




Length (1 byte)

Type (X byte)

•••

Data (Ad Length)

Length (1 byte)

Type (X byte)

Data (Ad Length)




Ad Length (1 byte)

0x02

Ad Type (1 byte)

0x01

Data (1 byte)

0x06 - Connectable/undirected

Ad Length (1 byte)

0x1A = 25

Ad Type (1 byte)

0xFF

Data Manufacturer specific data to follow


Manufacturer-specific Data (25 bytes)

4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00

Manufacturer Type (2 bytes)

00 4C

iBeacon Ad Indicator (2 bytes)

15 02

https://www.bluetooth.org/en-us/specification/assigned-numbers/company-identifiers

Question Will iOS iBeacon software *require* manufacturer ID

to be 0x004C?

Answer: No As long as your ID starts with 0x00

•••Sucks to be TomTom

Also: this can all change


Manufacturer-specific Data (25 bytes)

4C 00 02 15 29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB 00 00 00 00

Manufacturer Type (2 bytes)

00 4C

iBeacon Device Type (1 byte)

0x02

iBeacon UUID (16 bytes)

29 5D 73 80 B2 A0 4F 5E 88 52 B4 70 BA 60 AB BB

iBeacon Major (2 bytes)

00 00

iBeacon Minor (2 bytes)

00 00

Measured Tx Power at 1meter (1 byte)

C5 (-57)

iBeacon Data Length (1 byte)

0x15 (21)

• TX Power at 1 meter - calculated for each device • 0xC5 = 197 = 2’s complement (256-197) = -59dBM • Varies for each module manufacturer • Combine RSSI by TX Power to guess proximity • Apple has own formula • Basic version: RSSI * (1.0 / TX Power) • To be precise, make your own calibration formula • Break into 3 ranges: Immediate / Near / Far • Number can vary with RSSI fluctuation

Measuring General Proximity

• Device battery life (esp. w/ CR2032) • Obstruction

• Body (bag of water) • Walls / Doors / Furniture • Merchandise (i.e. clothing, solids, or liquids) • Reflective surfaces (i.e. mirror, foil)

• Interference (2.4 GHz) • Other devices • Microwave ovens !!!

RSSI Fluctuation

Bluetooth spectrum scan (including iBeacon)

Microwave running 30 ft. away(Shrimp Burrito)

Beacon Scanning Devices• iPhone (4s and later) / iPad (3rd gen iPad) • Android 4.3 and higher

• Google Nexus 5 and 7 (2013) • Samsung Galaxy S III or newer • More on their way

• Microsoft/Nokia • BTLE support in Windows Phone 8.1 dev • No access to broadcast data… yet

• Raspberry Pi (with BTLE dongle) • MacBooks (2012 onward)/new Mac Mini • Other devices? Wearables? :-)

• Need a BTLE Peripheral device • Phones/tablets: currently only Apple devices

can be peripherals • Popular BTLE module vendors:

• TI • Nordic • BlueGiga • CSR • Broadcom

Making a Beacon

• Firmware for Bluegiga BLE112

• BGScript - free compiler

• Windows only dev tools

• Flash firmware with TI programmer

• Scan for Beacon with iOS and Android

Quick Demo

iOS — Things to Remember• Can only scan for a given UUID • Can not get raw advertising data • Can have a device be both scanner and

transmitter at same time • Can return raw RSSI as well as enumerated

distance values (immediate / near / far) • Can remember UUID and launch app when

device in range • As of iOS 7.1 remembers UUID across

system restarts

iBeacon Myths

• Can locate people • Will send unsolicited ads to phones • Are unspoofable • Act like indoor GPS • Are only for coupons

• Are hard to build…

Enemy of all Beacons*

* Microwave burrito + reflective foil Photo: http://flic.kr/p/9j91ea

Beware

Q&ARamin Firoozye @raminf http://blog.firoozye.com {firstname} {lastinitial} AT gmail.com

http://gmail.com

Devices & Hardware

Build Your own iBeacon