AppDevelopment – BeaconZone Blog

Reverse Engineering iBeacon and Eddystone Bluetooth GATT Services

For some of our beacons such the manufacturers haven’t documented their Bluetooth Service Characteristics. This means that while they are ok for scanning/proximity type applications, you can’t write your own app to, for example, change programmatically the UUID, major and minor, transmit power, advertising period and must rely on the manufacturer’s configuration app. While this of no consequence for the majority of uses that set and forget settings, more ambitious scenarios might want directly access the Bluetooth GATT services to change settings.

Uri Shaked has a great article on Medium on how to Reverse Engineer a Bluetooth Lightbulb. His method uses the developer logging in Android 4.4 and later to allow inspection of the Bluetooth packets and hence the Bluetooth Services and Characteristics that are being used. This method can equally be used with iBeacon and Eddystone beacons to reverse engineer the Bluetooth GATT information.

Another method is to use a Bluetooth sniffer. This listens in on the Bluetooth communication between two devices. One way of doing this is with Nordic Semiconductor’s Sniffer software on a dongle. There’s a tutorial on JimmyIoT.

It’s usually ill-advised to reverse engineer interfaces to discover undocumented features because the manufacturer can change the implementation thus breaking your solution. However, it’s very rare that firmware is ever updated in beacons and when it is, it’s usually only to fix bugs rather than change the implementation.

Integrating Beacons into Existing Systems

There are three main ways beacons can be integrated into existing systems:

1. Using Smartphone Apps

Beacons are usually stationary. Apps on users’ smartphone use the standard Bluetooth iOS and Android APIs to detect beacons and send information to your cloud or servers, typically via HTTP(S).

2. Using Ethernet/WiFi Gateways

Beacons are using moving. Gateways in fixed positions detect beacons and send information to your cloud or servers, typically via HTTP(S) or MQTT.

3. Using an Intermediate Platform Such as a Real Time Location System (RTLS)

This is a variant on #2 in that gateways send information to a system such as BeaconRTLS™ or PrecisionRTLS™. These systems have HTTP(S) APIs that can be used by your cloud or servers.

More information:
What are beacons?
Beacons for the Internet of Things (IoT)

If you need more project specific help we also offer consultancy and feasibility studies.

Working with GATT on Android

Most of the time, beacons transmit and the receiving software such as apps on iOS and Android or applications on single board computers (SBC) only read the advertising data. There’s no connection to the beacon. However, for programmatic setup of beacon parameters or accessing some sensor data, applications might need to connect via what’s known as Bluetooth GATT.

There’s an article on How to Work Properly With BT LE On Android. It provides some useful pointers such as not performing scanning and GATT connection simultaneously, avoiding auto-connect and not blocking GATT callbacks.

GATT can be unreliable on Android. While scanning for advertising data usually works very well, we have found that GATT connections fail all the time on about 5% of devices. This is due to poorly implemented OS Bluetooth software. This means beacon manufacturer-supplied configuration apps sometimes can’t connect. The only solution is to use a different phone (or the iOS version of the app on iPhone).

Scanning iBeacon and Eddystone Using Android

Dinkar Kumar has a recent walk through tutorial on how to create an app to scan for beacons on Android.

It shows how to use BluetoothManager to get an instance of BluetoothAdapter for using BluetoothLeScanner. The source code is on GitHub.

View further posts on Android app programming

Caching Information in iOS and Android Beacon Apps

If you are developing a beacon app to receive unique iBeacon and Eddystone ids (as opposed to URLs), an area you should think about is caching text, images and other media.

Beacons transmit unique ids and these ids need to match up with information held elsewhere, not on the beacon, that determine what the app does and what’s displayed to the user. The problem is that in many scenarios the beacons have to be placed where the user is likely to have no or poor Internet connectivity. Poor connectivity can be as just as bad as no connectivity if larger size media such as images needs to be downloaded.

Your app and sometimes server design might need to take into account the caching of information. Some of this information can usually be bundled with the app at the time of install while information that needs to be up to date might need to be fetched ahead of time. In some cases, you might need to use a combination of the two with information bundled with the app being replaced as new information becomes available.

Here are the kinds of things you need to think about:

What information is included at the time of install. In the extreme case, where you think a large number of people will be foreign and roaming, this could be all your information.
Whether the bundled information needs to be updated at the time of install.
A server side mechanism to determine when information is out of date and needs to refreshed. Such mechanisms should prevent the same information from being downloaded more than once.
A client, app side mechanism to get notified of information updates.
Whether the information is updated in app background or under control of the user.
For optimal display of images, provision of different size images for different (screen) size devices.
Strategies to reduce client device resources (battery) and server stress. This might include grouping associated information that’s likely to have to be used together.
What the end user sees when information is being updated or not available yet.
If and how information eventually gets purged to save space.

A alternative to complex caching schemes is to provide free on-site WiFi. This is particularly suitable for indoor visitor spaces such as museums and galleries. This way the app can be less complex and data fetched as needed. However, remember there will always be some people who, for security reasons, won’t connect to public WiFi.

iBeacon Triggered iOS App Source Code

There’s a new app for iOS called Stepping In & Out that uses iBeacons to remind you when you move into or out of an area containing a beacon.

The source code is available on GitHub. It provides an example how to create an app using Swift that triggers when going into and out of zones. This can also be used for commercially oriented applications.

Gluon Beacons Example

Gluon is a Java-based cross platform tool that creates applications for desktop, Android and iOS devices using the Gluon Scene Builder.

There’s a Beacons code sample that shows how to scan for beacons or broadcast as a beacon.

View iBeacons

Debugging Bluetooth on iOS

There’s a new article at Bluetooth.com that explains how to capture Bluetooth packets on iOS. The PacketLogger can decode all protocols defined by the Bluetooth Special Interest Group (SIG) and Apple, perform filtering, automatically highlight problems and search and export data.

This will work for both Core Location and Core Bluetooth. Core Location is using the iBeacon APIs while the lower level Core Bluetooth allows scanning and connection to any Bluetooth LE devices, not just beacons. It’s best to use the Core Location APIs and only use Core Bluetooth for more involved scenarios not supported by Core Location.

Note that Core Bluetooth, even though it’s lower level, can’t scan the iBeacon UUD, major and minor. Apple hides these values to force you to use Core Location.

There’s also an Apple session video from WWDC 2019 explaining Core Bluetooth and PacketLogger.

Bluetooth LE Developer Questions

Here are the top questions we get asked as a Bluetooth LE developer:

For apps, can the app work without Bluetooth and location on?
No. There’s no special OS mechanism on iOS nor Android that uses Bluetooth LE without the user having Bluetooth and location on. Many users leave Bluetooth and location on to allow ease of use with cars and audio headphones. Location is also usually one due to use with maps.
How does leaving Bluetooth on affect battery life?
Bluetooth is no longer drains the battery as was the case in the early days of smartphones. It can be left on with negligible extra battery use.
What’s the maximum range?
The range depends most on the Bluetooth device to are connecting to. Most devices, running on battery, work 50m to 100m. Devices with larger batteries, running from mains or USB can work up hundreds of metres. We have a device that works up to 4000m.
What SDK should be used?
Most, but not all, SDKs and 3rd party libraries tend to be poorly implemented/documented, tie your code into using a particular beacon and rarely get updated to use newer mobile platform APIs. We recommend software use the iOS and Android Bluetooth APIs directly to make your code independent of the beacon type and readily able to be updated when the mobile platforms themselves are updated.

Read about our Bluetooth LE Software Development Services

Open Source iBeacon CMS

There’s often the requirement to show data triggered by beacons detected by iOS and Android apps. There are many SaaS subscription systems to do this for you but what if you want to host the data yourself or have a large number of beacons where SaaS solutions aren’t economically viable?

You could create your own CMS. However, take a look at SBCMS. SMCMS provides a simple open source CMS that can be hosted on your own server or automatically on a Heroku cloud server instance.

Learn more:

Trigger Data and Beacon Servers

Software Development Services