Build your OWN Apple iBeacon with a Raspberry Pi
DIY Bluetooth LE zone tracking
Feature US department store Macy’s recently said it is implementing iPhone-based tracking tech the better to encourage browsing punters to buy. Of course, Macy has chosen to pitch this as an Apple technology - figuring, presumably, iPhone owners are more receptive to inducements delivered through technology and have more cash to splash than Android fans.
But the fact is, the system Apple calls iBeacon simply makes use of features already part of the Bluetooth Low Energy (LE) spec.
This got me thinking: how difficult would it be to build a similar system of my own? Not very hard at all, it turns out. Choose the right kit and it can be quite cheap too. I created my beacon using a £30 Raspberry Pi and a £12 Bluetooth 4.0 USB dongle.
Surely this can’t be an Apple iBeacon? Yes it can
Bluetooth LE incorporates a protocol for beacon devices to identify themselves. Each sends out a short packet of data "advertising" which can contain up to 31 bytes of user-defined data. Apple’s iBeacon specification, such as it is, stores four values in this space: a “Proximity” 128-bit UUID and two 16-bit numbers, “Major” and “Minor”.
Apple has a good example of how these variables are used: a department store chain - Macy’s, say - adopts a single UUID for all its beacons. It uses the value of the Major variable to distinguish one shop from another, and the value of the Minor variable to differentiate between beacons in one shop’s departments.
Not all Bluetooth dongles are Linux-friendly. A handy resource listing well-behaving ones can be found at the Embedded Linux Wiki. A branded one will set you back around a tenner, generic ones less. I used IoGear’s GBU521.
Next, prepare your Pi. You need to install the official Linux Bluetooth software stack, BlueZ, and various USB development packages, some using the
apt-get tool at the command line, others by compiling the code.
First run this:
sudo apt-get install libusb-dev libdbus-1-dev libglib2.0-dev libudev-dev libical-dev libreadline-dev
Next install BlueZ’s source files and compile it. The version at the time of writing was 5.11.
sudo wget www.kernel.org/pub/linux/bluetooth/bluez-5.11.tar.xz sudo unxz bluez-5.11.tar.xz sudo tar xvf bluez-5.11.tar cd bluez-5.11 sudo ./configure --disable-systemd sudo make sudo make install
This will take a while, but when it’s done, you can reboot and plug in the dongle.
Decoding the iBeacon protocol
There’s no version of the
uuidgen utility readily available for the Pi, so I used this website. The 16 pairs of two-digit hexadecimal values - each pair is dubbed an "octet" in the jargon - along with Major and Minor pair of octets, need to be punched into the Pi’s Bluetooth sub-system using BlueZ’s
sudo hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 [ 92 77 83 0A B2 EB 49 0F A1 DD 7F E3 8C 49 2E DE ] [ 00 00 ] [ 00 00 ] C5 00
Note that the square brackets are NOT part of the command - I’ve added them solely to show where the UUID, Major then Minor codes go. The ‘C5’ after them is a value representing transmitted power level. Just cut and paste the line above and replace the UUID with your own.
Not all Bluetooth dongles are Pi pals
This is how you decode the command: the "hci0" identifies your Bluetooth dongle, "cmd" tells
hcitool to send the following command data to the device. The "0x08" is the Bluetooth command group - the "OGF" in the official parlance - and "0x0008" is the specific command ("OCF"), HCI_LE_Set_Advertising_Data.
The first "1E" is the number of “significant” octets in the advertising data that follow, up to a maximum of 31. The non-significant part should only comprise pairs of zeroes to take the number of octets up to 31 and which, to save power, are not transmitted.
The ad data is split into groups, each formatted with a single octet providing the number of remaining octets in the group - essentially it tells the Bluetooth sub-system how further along the list of octets is the next group. It’s followed by a single octet which defines the type of data, and then any number of octets holding the data itself. You can put as many of these groups into the advertising data packet as you can fit into the 31 octets allowed.
In my example, the first "02" in the sequence says the first block of ad data is two octets long. The next octet, "01" says the advertising octet(s) following are Bluetooth flags, and the "1A" is the binary value derived when certain of those flags are set.
‘1A’ says the next group is 26 octets long, and the "FF" identifies the group as manufacturer-specific data. The Bluetooth 4.0 specification says the next two octets have to expose the manufacturer: the "4C 00" is Apple’s Bluetooth manufacturer ID.
In the Zone: location notification on a Metawatch smartwatch
I’m not yet sure what the "02" and "15" signify, but as I say, the Proximity UUID, Major and Minor values, and the power level complete the 26 octets of manufacturer data - and the 30 octets of the entire advertising data.
hcitool command formats the iBeacon advertising signal. Telling the Pi to begin sending out that signal requires the following command:
sudo hciconfig hci0 leadv
You can disable LE beacon activity with the command:
sudo hciconfig hci0 noleadv
Update If you don’t see your beacon after issuing the
leadv command, try
sudo hciconfig hci0 noscan which stops the dongle looking for other Bluetooth devices. This can interfere with the beacon operation.
And it’s an obvious next step to create scripts to set all this up and activate LE advertising whenever the Pi boots up, but I won’t be covering that here. If you’d like to do that, there’s a very good tutorial written by Washington DC-based Radius Networks here.
Sponsored: Global DDoS threat landscape report