IBeacon Protocol Analysis
For an iBeacon whose UUID is E2C56DB5-DFFB-48D2-B060-D0F5A71096E0, major is 0, and minjor is 0, the Tx signal at this time is -59 RSSI, and his BLE broadcast packet is as follows:
d6 be 89 8e 40 24 05 a2 17 6e 3d 71 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 52 ab 8d 38 a5
The disassembly of the above protocol package is as follows:
d6 be 89 8e # Access address for advertising data (this is always the same fixed value) 40 # Advertising Channel PDU Header byte 0. Contains: (type = 0), (tx add = 1), (rx add = 0) 24 # Advertising Channel PDU Header byte 1. Contains: (length = total bytes of the advertising payload + 6 bytes for the BLE mac address.) 05 a2 17 6e 3d 71 # Bluetooth Mac address (note this is a spoofed address) 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 # Bluetooth advertisement 52 ab 8d 38 a5 # checksum
The key part of the protocol package is the broadcast part of Bluetooth, which is broken down as follows:
02 01 1a 1a ff 4c 00 02 15 # Apple's fixed iBeacon advertising prefix e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 # iBeacon profile uuid 00 00 # major 00 00 # minor c5 # The 2's complement of the calibrated Tx Power
All BLE devices can send broadcast packets in the above format