What Is the Ibeacon Bluetooth Profile

What is the iBeacon Bluetooth Profile

For an iBeacon with ProximityUUID E2C56DB5-DFFB-48D2-B060-D0F5A71096E0, major 0, minor 0, and calibrated Tx Power of -59 RSSI, the transmitted BLE advertisement packet looks like this:

d6 be 89 8e 40 24 05 a2 17 6e 3d 71 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 52 ab 8d 38 a5

This packet can be broken down as follows:

d6 be 89 8e # Access address for advertising data (this is always the same fixed value)
40 # Advertising Channel PDU Header byte 0. Contains: (type = 0), (tx add = 1), (rx add = 0)
24 # Advertising Channel PDU Header byte 1. Contains: (length = total bytes of the advertising payload + 6 bytes for the BLE mac address.)
05 a2 17 6e 3d 71 # Bluetooth Mac address (note this is a spoofed address)
02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 # Bluetooth advertisement
52 ab 8d 38 a5 # checksum

The key part of that packet is the Bluetooth Advertisement, which can be broken down like this:

02 # Number of bytes that follow in first AD structure
01 # Flags AD type
1A # Flags value 0x1A = 000011010
bit 0 (OFF) LE Limited Discoverable Mode
bit 1 (ON) LE General Discoverable Mode
bit 2 (OFF) BR/EDR Not Supported
bit 3 (ON) Simultaneous LE and BR/EDR to Same Device Capable (controller)
bit 4 (ON) Simultaneous LE and BR/EDR to Same Device Capable (Host)
1A # Number of bytes that follow in second (and last) AD structure
FF # Manufacturer specific data AD type
4C 00 # Company identifier code (0x004C == Apple)
02 # Byte 0 of iBeacon advertisement indicator
15 # Byte 1 of iBeacon advertisement indicator
e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 # iBeacon proximity uuid
00 00 # major
00 00 # minor
c5 # The 2's complement of the calibrated Tx Power

Any Bluetooth LE device that can be configured to send a specific advertisement can generate the above packet. I have configured a Linux computer using Bluez to send this advertisement, and iOS7 devices running Apple's AirLocate test code pick it up as an iBeacon with the fields specified above. See: Use BlueZ Stack As A Peripheral (Advertiser)

This blog has full details about the reverse engineering process.

iBeacon protocol clarification

Standard iBeacons do not and cannot transmit anything besides a three-part identifier (UUID, Major, Minor) and a transmitter power calibration value. You cannot make them transmit a custom text message.

You could use lower-level Bluetooth LE for that as you suggest, but either way, you are going to have to build a custom app that can recognize signals from either type of beacon. And since you must have a custom app, you can easily deal with mapping identifiers to text messages. Like this:

iBeacon identifiers (UUID Major Minor)         Text Message
---------------------------------------- ------------------------
2F234454-CF6D-4A0F-ADF2-F4911BA9FFA6 1 1 welcome to my shop
2F234454-CF6D-4A0F-ADF2-F4911BA9FFA6 1 2 welcome to my other shop

How do you create a lookup table? There are lots of ways. You can hard-code it in your app with an Objective C switch statement, or a more sophisticated NSDictionary. You can use a home-grown web service to do the lookup, or you can use an off-the shelf web service for mapping key/value pairs to iBeacons, like my company's Proximity Kit.

Getting a unique hardware identifier with BTLE/iBeacons

Standard iBeacons do exactly this. They advertise a unique three part identifier (Proximity UUID/major/minor) that requires no handshake to read. It is detectable on iOS, Android, Mac and Linux platforms. The three part identifier is sent in the clear in a BLE advertisement.

More detail on this advertisement format is available here: What is the iBeacon Bluetooth Profile

Shameless plug: my company makes beacons and services that work with any standard iBeacon and are interchangeable with other vendors' products that are also standard iBeacons. More information about our beacons and services is available here: http://www.radiusnetworks.com

Is iBeacon proprietary?

Yes, Apple considers the iBeacon standard proprietary. They have a certification program for putting the logo on manufacturers approved to make devices meeting the standard. As the lead developer on the Android Beacon Library, I have to go to great lengths to keep the proprietary beacon format out of the source code so as to not to pollute a project covered by the Apache 2 license with intellectual property.

Because Bluetooth beacon transmissions are a simple byte sequence, they are trivial to decode and manipulate. But because it is easy to do something does not necessarily mean it is allowed in all jurisdictions.

What is and is not allowed by is up to the interpretation of lawyers and the judiciary. It is beyond my expertise and beyond the scope of this forum.

IBeacons with proximity and clickable button

IoT buttons like Amazon Dash and Bluetooth LE beacons like iBeacon have fundamental differences:

  • Amazon Dash connects to the internet over WiFi to make a web service call on button press, and requires configuration with your WiFi network. Other IoT buttons work similarly, although some connect to the internet via a nearby mobile device using Bluetooth. You must write some code and deploy it to a cloud server to do something whenever somebody taps the button.

  • Bluetooth LE beacons like iBeacon are transmit only Bluetooth LE devices that do not connect to the internet, but simply sent out a bluetooth packet with a unique identifier. These devices are much simpler, and rely on another bluetooth-enabled computer within 40 meters to be listening (typically a mobile phone). You must write an app on the mobile phone then does something when it detects the beacon transmission is detected.

Most Bluetooth LE beacons are always transmitting, although it is possible to buy ones that are click-on click-off like the RadBeacon Dot. This could provide similar functionality to a Amazon Dash if a mobile app is running nearby that can forward the detection to a similar cloud sever as used for an Amazon Dash solution.

Is it possible to create a beacon with Classic Bluetooth?

You certainly can. A Bluetooth LE beacon typically sends out regular advertisements with a unique identifier that can be picked up by a receiving device (typically a mobile phone) doing a Bluetooth LE scan. Since you can also send out advertisements and do scans with classic Bluetooth, you could build the same thing with this technology.

The main disadvantage is that classic Bluetooth uses much more power, both for transmitting the beacon signal and more importantly for doing the scans. So if you are using mobile phones to detect the beacons the battery drain will be much higher than if using Bluetooth LE.

Related Topics

Leave a reply