What is the iBeacon Bluetooth Profile

Question

I d like to create my own iBeacon with some Bluetooth Low Energy dev kits  Apple has yet to release a specification for iBeacons  however  a few hardware developers have reverse Engineered the iBeacon from the AirLocate Sample code and started selling iBeacon dev kits  So what is the iBeacon Bluetooth Profile  Bluetooth Low Energy uses GATT for LE profile service discovery  So I think we need to know the Attribute Handle  Attribute Type  Attribute Value  and maybe the Attribute Permissions of the iBeacon attribute  So for an iBeacon with a UUID of E2C56DB5-DFFB-48D2-B060-D0F5A71096E0  a major value of 1 and a minor value of 1 what would the Bluetooth GATT profile service be  Here are some assumptions I ve made from the discussion on Apple s forums and through the docs   You only need to see the profile service  GATT  of a Bluetooth peripheral to know it is an iBeacon   The Major and Minor keys are encoded somewhere in this profile service   Heres some companies with iBeacon Dev Kits that seem to have this figure out already   http   redbearlab com ibeacon  http   kontakt io   Hopefully  in time we will have a profile posted on Bluetooth org like these  https   www bluetooth org en-us specification adopted-specifications

User · Answer

iBeacon Profile contains 31 Bytes which includes the followings

Prefix - 9 Bytes - which include s the adv data and Manufacturer data
UUID - 16 Bytes
Major - 2 Bytes
Minor - 2 Bytes
TxPower - 1 Byte

User · Answer

For an iBeacon with ProximityUUID E2C56DB5-DFFB-48D2-B060-D0F5A71096E0  major 0  minor 0  and calibrated Tx Power of -59 RSSI  the transmitted BLE advertisement packet looks like this   d6 be 89 8e 40 24 05 a2 17 6e 3d 71 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 52 ab 8d 38 a5  This packet can be broken down as follows   d6 be 89 8e   Access address for advertising data  this is always the same fixed value  40   Advertising Channel PDU Header byte 0   Contains   type   0    tx add   1    rx add   0  24   Advertising Channel PDU Header byte 1   Contains    length   total bytes of the advertising payload   6 bytes for the BLE mac address   05 a2 17 6e 3d 71   Bluetooth Mac address  note this is a spoofed address  02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5   Bluetooth advertisement 52 ab 8d 38 a5   checksum   The key part of that packet is the Bluetooth Advertisement  which can be broken down like this   02   Number of bytes that follow in first AD structure 01   Flags AD type 1A   Flags value 0x1A   000011010      bit 0  OFF  LE Limited Discoverable Mode    bit 1  ON  LE General Discoverable Mode    bit 2  OFF  BR EDR Not Supported    bit 3  ON  Simultaneous LE and BR EDR to Same Device Capable  controller     bit 4  ON  Simultaneous LE and BR EDR to Same Device Capable  Host  1A   Number of bytes that follow in second  and last  AD structure FF   Manufacturer specific data AD type 4C 00   Company identifier code  0x004C    Apple  02   Byte 0 of iBeacon advertisement indicator 15   Byte 1 of iBeacon advertisement indicator e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0   iBeacon proximity uuid 00 00   major  00 00   minor  c5   The 2 s complement of the calibrated Tx Power   Any Bluetooth LE device that can be configured to send a specific advertisement can generate the above packet   I have configured a Linux computer using Bluez to send this advertisement  and iOS7 devices running Apple s AirLocate test code pick it up as an iBeacon with the fields specified above   See  Use BlueZ Stack As A Peripheral  Advertiser   This blog has full details about the reverse engineering process

User · Answer

Just to reconcile the difference between sandeepmistry s answer and davidgyoung s answer   02 01 1a 1a ff 4C 00   Is part of the advertising data format specification  1     02   length of following AD structure   01    lt  lt Flags gt  gt  AD Structure  2    1a   read as b00011010          In this case  LE General Discoverable         and simultaneous BR EDR but this may vary by device     1a   length of following AD structure   FF   Manufacturer specific data  3  4C00   Apple Inc  4  0215      some 2-byte header   Missing from the AD is a Service  5  definition   I think the iBeacon protocol itself has no relationship to the GATT and standard service discovery   If you download RedBearLab s iBeacon program  you ll see that they happen to use the GATT for configuring the advertisement parameters  but this seems to be specific to their implementation  and not part of the spec   The AirLocate program doesn t seem to use the GATT for configuration  for instance  according to LightBlue and or other similar programs I tried   References    Core Bluetooth Spec v4  Vol 3  Part C  11 Vol 3  Part C  18 1 Vol 3  Part C  18 11 https   www bluetooth org en-us specification assigned-numbers company-identifiers Vol 3  Part C  18 2

User · Answer

It seems to based on advertisement data  particularly the manufacturer data   4C00 02 15 585CDE931B0142CC9A1325009BEDC65E 0000 0000 C5   lt company identifier  2 bytes  gt   lt type  1 byte  gt   lt data length  1 byte  gt       lt uuid  16 bytes  gt   lt major  2 bytes  gt   lt minor  2 bytes  gt   lt RSSI   1m gt     Apple Company Identifier  Little Endian   0x004c data type  0x02    iBeacon data length  0x15   21  uuid  585CDE931B0142CC9A1325009BEDC65E  major  0000 minor  0000  meaured power at 1 meter  0xc5   -59   I have this node js script working on Linux with the sample AirLocate app example

User · Answer

It   s very simple  it just advertises a string which contains a few characters conforming to Apple   s iBeacon standard  you can refer the Link      http   glimwormbeacons com learn what-makes-an-ibeacon-an-ibeacon

User · Answer

If the reason you ask this question is because you want to use Core Bluetooth to advertise as an iBeacon rather than using the standard API  you can easily do so by advertising an NSDictionary such as         kCBAdvDataAppleBeaconKey    lt a7c4c5fa a8dd4ba1 b9a8a240 584f02d3 00040fa0 c5 gt       See this answer for more information

[ios] What is the iBeacon Bluetooth Profile

Examples related to ios

Examples related to bluetooth

Examples related to bluetooth-lowenergy

Examples related to reverse-engineering

Examples related to ibeacon