Author: Support

Reverse Engineering iBeacon and Eddystone Bluetooth GATT Services

For some of our beacons such the manufacturers haven’t documented their Bluetooth Service Characteristics. This means that while they are ok for scanning/proximity type applications, you can’t write your own app to, for example, change programmatically the UUID, major and minor, transmit power, advertising period and must rely on the manufacturer’s configuration app. While this of no consequence for the majority of uses that set and forget settings, more ambitious scenarios might want directly access the Bluetooth GATT services to change settings.

Uri Shaked has a great article on Medium on how to Reverse Engineer a Bluetooth Lightbulb. His method uses the developer logging in Android 4.4 and later to allow inspection of the Bluetooth packets and hence the Bluetooth Services and Characteristics that are being used. This method can equally be used with iBeacon and Eddystone beacons to reverse engineer the Bluetooth GATT information.

Another method is to use a Bluetooth sniffer. This listens in on the Bluetooth communication between two devices. One way of doing this is with Nordic Semiconductor’s Sniffer software on a dongle. There’s a tutorial on JimmyIoT.

It’s usually ill-advised to reverse engineer interfaces to discover undocumented features because the manufacturer can change the implementation thus breaking your solution. However, it’s very rare that firmware is ever updated in beacons and when it is, it’s usually only to fix bugs rather than change the implementation.

Processing on Bluetooth Device or Smartphone?

There’s often a dilemma when creating Bluetooth systems whether to place the processing on the smartphone or on the Bluetooth device.

The efficient and accurate prediction of an individual’s heart rate using wearable devices is crucial for various personal care applications. A new study Energy-efficient Wearable-to-Mobile Offload of Machine Learning Inference for Photoplethysmogram-based Heart-Rate Estimation (pdf) from the Universita di Bologna, Italy, looks into the trade-offs between carrying out heart rate tracking on the device itself or delegating the work to a mobile device.

The research introduces CHRIS, an inference system that uses the interconnectedness between a smartwatch and a smartphone. This system assesses the balance between energy consumption and heart rate tracking error. Depending on the connection status, a user-specified error, energy constraints and an estimate of the input difficulty, CHRIS employs two heart rate prediction algorithms. These are executed on either the smartwatch or the phone.

CHRIS showed the potential to achieve up to 2.03 times energy reduction on the smartwatch by deferring processing off the smartwatch, without a reduction on the tracking accuracy.

Indoor Tracking of Individuals with Mild Cognitive Impairment

There’s new research from the USA on Indoor Localization using Bluetooth and Inertial Motion Sensors in Distributed Edge and Cloud Computing Environment (PDF). The paper describes a low-cost, scalable, edge computing system for tracking indoor movements in a large indoor facility. The system uses Bluetooth Low Energy (BLE) and Inertial Measurement Unit sensors (IMU) and is designed to facilitate therapeutic activities for individuals with Mild Cognitive Impairment.


The implementation involved instrumenting a facility with 39 edge computing systems and an on-premise fog server. Subjects carried BLE beacon and IMU sensors on-body. The researchers developed an adaptive trilateration approach that considered the temporal density of hits from the BLE beacon to surrounding edge devices to handle inconsistent coverage of edge devices in large spaces with varying signal strength. They also integrated IMU-based tracking methods using a dead-reckoning technique to improve the system’s accuracy.


The conclusions of the study showed that the proposed system could robustly localise the position of multiple people with an average error of 4 meters across the entire study space, also showing 87% accuracy for room-level localisations. The integration of IMU-based dead-reckoning with Bluetooth-based localisation further enhanced the system’s accuracy.

Using Packet Loss to Infer Location

There’s new research from the University of Illinois titled Packet Reception Probability: Packets That You Can’t Decode Can Help Keep You Safe (pdf). Many existing systems estimate distance using the Receiver Signal Strength Indicator (RSSI) which is negatively impacted by sampling bias and multipath effects. As an alternative, the study uses Packet Reception Probability (PRP) that utilises packet loss to estimate distance.

Localisation is achieved through a Bayesian-PRP approach that also includes an explicit model of multipath. To facilitate straightforward deployment, there’s no need for any modifications to hardware, firmware, or driver-level on standard devices and only minimal training is required.

A variety of devices were used including Bluvision iBeeks, BluFi, a Texas Instrument Packet Sniffer, a laptop, and Android smartphones (Nexus5x). 60 iBeacons were deployed in a library and 38 in a retail store. The Texas Instrument Packet Sniffer, connected to a Windows laptop was used for packet reception from beacons. Android phones were equipped with a purpose-built Android app.

PRP was found to provide metre-level accuracy with just six devices in known locations and 12 training locations. Combining PRP with RSSI was found to be beneficial at short distances up to 2m. Beyond distances of 2m, fusing the two is less effective than using PRP alone because RSSI becomes de-correlated with distance.

VR, Digital Twins and Bluetooth Beacons

There’s new research from School of Electronic Engineering, Dublin City University, Dublin into using Bluetooth beacons to enhance Digital Twin VR Experiences. The paper BeTwin: Enhancing VR Experiences with BLE Beacon-based Digital Twins integrates Bluetooth Low Energy (BLE) beacons with a digital twin environment to enhance and customize a virtual 3D platform.

The beacons are used to bring information from real objects into the virtual platform. The article investigates the impact of beacon distance, energy levels and the number of beacons on the system performance. The proposed mechanism employs beacons to easily add and remove objects in a real-virtual world twinned context.

The findings indicated that the most time-consuming aspect of the system was the generation of objects, which was largely dependent on the duration it takes for the VR application to receive and process messages from the Raspberry Pi. The experiments showed that the application can efficiently handle beacon messages and create corresponding virtual content provided that the beacons are positioned in close proximity to the beacon reader.

Programming Bluetooth with Python on Linux

Python is an increasingly popular programming language due to its simplicity and readability. The gatt-python library for Python that facilitates the implementation and communication with Bluetooth Low Energy devices using the Generic Attribute Profile (GATT). GATT is the specification for the transmission and reception of short data over a Bluetooth Low Energy link.

The SDK supports a range of functionalities, including device discovery, connection and disconnection, custom GATT profile implementation and access to all Bluetooth GATT services and characteristics. It also allows for reading and writing characteristic values and subscribing to notifications for changes in these values. The library is only compatible with Linux because it uses the D-Bus API of BlueZ for Bluetooth device interaction.

Predicting Use of Bluetooth Frequency Bands

There’s new research on predicting the channel access of Bluetooth Low Energy (BLE) devices conducted by a team from Silicon Austria Labs GmbH and Johannes Kepler University in Austria. The team aimed to estimate the channels used by multiple BLE connections by passively listening to the channel, with the goal of predicting future channel access to avoid collisions in other wireless networks.

The hardware setup for this research consisted of six Nordic NRF52840 BLE devices that formed three BLE connection pairs, and one sniffer based on the Ubertooth One. This setup allowed the researchers to actively monitor and analyse the BLE channel.

Channel hopping over time

The researchers demonstrated that by passively listening they could reconstruct channel access algorithms for multiple BLE connections in parallel. This approach can be used in new applications to avoid collisions in wireless networks, particularly in applications with high reliability requirements.

Powering Bluetooth Sensor Beacons via Micro-Energy Harvesting

Recent research A Comprehensive Study on the Internet of Things (IoT) and Micro-Energy Harvesting from Ambient Sources, from researchers in Spain, discusses the potential of micro-energy harvesting (MEH) as a sustainable power source for Internet of Things (IoT) devices, specifically Bluetooth sensors.

Micro-Energy Harvesting (MEH) is a technology that captures and converts small amounts of environmental energy such as like light, heat, or motion into electrical energy, which can power small electronic devices. The study suggests that MEH could be a sustainable solution for powering Internet of Things (IoT) devices, including Bluetooth sensors, due to their low power requirements.

The benefits of MEH include reducing the need for costly and environmentally harmful battery replacements and enabling the deployment of IoT devices in remote or hard-to-reach areas. The study also points out challenges, such as the small and variable amount of energy that can be harvested, which may not provide a reliable power supply for devices that need a steady source of energy. However, even with small temperature gradients between the environment and the cold side of the thermoelectric generator, it wass possible to make several communications per hour.

Sensor Beacons

Factors that Impact the Cost of a Bluetooth Beacon

One of the factors affecting the cost of a Bluetooth beacon is the quality of the hardware used. The beacon’s components, such as the Bluetooth chip, battery, antenna and casing all contribute to the overall cost. High-quality components typically result in a higher-priced beacon but they also provide better range and longevity.

Larger beacons with longer battery lives tend to be more expensive because they require higher capacity batteries, more efficient Bluetooth chips or both. The advantage is that they need to be replaced less frequently, potentially reducing maintenance costs over time.

The range of features that a beacon supports can also affect its cost. Some beacons are designed to be basic, providing only the core functionality of broadcasting a signal. Others offer advanced features like motion sensing, temperature monitoring or water resistance. These additional features increase the beacon’s usefulness, but they also increase its cost.

Small battery, low cost beacon vs large battery, waterproof, higher cost beacon

The software that accompanies the beacon and the level of customer support provided by the manufacturer also affects the price. Companies that offer the best documentation, apps and customer service charge a premium for their products.

If you require a beacon to be customised to suit specific needs, this also increases the cost. Customisations include unique casing designs, branding and specific firmware modifications.

One thing that doesn’t change with cost is compatibility. All beacons work equally well with Android, iOS and gateways.

Beacon Settings for Asset Tracking

Bluetooth beacons are increasingly being used for asset tracking. Their use in this context differs significantly from their conventional role of in-app triggering. In asset tracking, gateways rather than smartphones are used as detection devices, requiring different configurations for optimum efficiency.

iGS03E Bluetooth to Ethernet gateway

Changing Bluetooth beacon settings requires the manufacturer’s specific application custom-tailored for their devices. These apps adjust the beacon parameters according to specific needs.

A most important setting when using beacons for asset tracking involves is the advertising period. This is the time interval between the broadcasted signals. In the the app detection usecase, a frequent advertising period is required to ensure constant detection by nearby smartphones and particularly for iOS. However, in asset tracking, the scenario is different.

Since gateways, not smartphones, are used for detection, a lower advertising period, ranging from 1 to 10 seconds, is sufficient. Less frequent advertising has the advantage of conserving the beacon’s battery life. It also ensures the server isn’t flooded with duplicate data.

The beacon’s advertising type is another key consideration. iBeacon or Eddystone UIDs are usually used for detection by smartphones due to their compatibility and detection by mobile operating systems. However, when using gateways and servers, the Bluetooth MAC address of the beacon is usually used for identification. Consequently, any advertising type can be selected, eliminating the need for specific compatibility.

Where multiple advertising types are available, it’s essential to ensure that only one advertising type is selected. Even though gateways can utilise any advertising type, using multiple types simultaneously can lead to increased energy consumption by the beacon and more redundant data at the server.