According to the iBeacon spec, iBeacons have to broadcast 0x004C as the company ID in the advertisement's manufacturer data. 0x004c is Apple's company ID as assigned by the Bluetooth SIG.
I'm confused by this because other than the company ID, there doesn't seem to be any other data that definitively identifies a BLE device as an iBeacon. The next two bytes fixed to 0x02 and 0x15 and the rest is configuration dependent.
At one point I figured that if the first four bytes of the mfg data are 0x4c 0x00 0x02 0x15, then it is an iBeacon. Then, I found iBeacons that used other company ID's. I have Nordic Semiconductor iBeacon samples, for example, that use 0x59 0x00, which is Nordic's company ID.
Even if I look to make sure the 0x02 and 0x15 are where they are, and that the device is unconnectable, and the mfg data is the exact length, this doesn't seem to be definitive.
How to definitively identify an iBeacon?
You can see the byte sequence of an iBeacon transmission in my answer here.
The bottom line is that the exact header (including the company code) must be as specified for iOS to interpret an advertisement as an iBeacon transmission and to return the results using iOS CoreLocation APIs. If a different company code is used, it will simply not be detected by these APIs. Even though different companies manufacture beacons meeting the iBeacon specification, the all use the Apple company code.
The fact that some chip manufacturers give example code using different company identifiers (e.g. Nordic Semiconductor 0x59 0x00) may just be a way of getting around intellectual property restrictions. Apple insists that those who market their products as iBeacon compatible sign an agreement saying they will not disclose the specification. Nordic may be attempting to comply with this agreement by changing the company identifier in its sample code. Regardless of the reason, the fact remains that iOS devices will not interpret such a transmission as an iBeacon packet with an unexpected company code.
Since there is no standard defining a "beacon", different manufacturers have their own advertisement formats. Therefore you will have to make up a list of advertisement patterns you want to snap up. Each company defines what their data means so just looking at the first 2 bytes in the manufacturer data does not work since some company might use the prefix 0x02, 0x15 for something else.
You can download the iBeacon specification here (requires accepting licence agreement).
The specification states that the Company ID:
Must not be used for any purposes not specified by Apple.
Using these 2 bytes for their intended purpose of identifying the manufacturer is acceptable. Using these 2 bytes to broadcast additional information would probably fall outside of the licence agreement.
The information contained in the spec should be enough to help you. If you see a length of 0x1A, and 0x02, 0x15 in their respective places, it is most likely an iBeacon packet.
Related
I'm trying to detect whether a contactless enabled smartcard or a mobile device equipped with ApplePay, Google Pay, or Samsung Pay was used for a contactless EMV transaction.
I have been researching via the EMV books, and there seems to be a tag 9F6E provides this sort of data:
EMV Book 3 - VISA
EMV Book 4 - MasterCard
Questions:
VISA provides a 4 byte value in the field 9F6E, but I can't find a list of possible values and their meanings anywhere. The EMV book says "out of scope". Is there anyway to reliably convert this to a known form factor?
MasterCard provides data 2 bytes for the form factor, but I'm seeing values that I don't undestand (32 31 ascii = 21). Is there a list of values and meanings somewhere for these?
Is there an easy way to understand if CDCVM has been used for a given contactless transaction, so that I could separate contactless transactions from contactless with CDCVM transactions?
Google Pay is using cloud-based payments while Apple is using an embedded secure element. You can find this tag on 9F6E form factor on Visa. However, it might be different for Master Card or Amex.
To fix this correctly, you might want to check the EMV tag 9F19 which returns to the token requestor ID. Check EMV payment tokenization for this spec. Token requestor ID looks like this:
MasterCard
50110030273 – APPLE_PAY
50120834693 – ANDROID_PAY
50139059239 – SAMSUNG_PAY
Visa
40010030273 – APPLE_PAY
40010075001 – ANDROID_PAY
40010043095 – SAMSUNG_PAY
40010075196 – MICROSOFT_PAY
40010075338 – VISA_CHECKOUT
40010075449 – FACEBOOK
40010075839 – NETFLIX
40010077056 – FITBIT_PAY
40010069887 – GARMIN_PAY
Refer the below documents. You will require Visa Online and MasterCard connect access to get these.
VCPS_2.2 Spec
M/ChipRequirements For Contact and Contactless Spec
check in CVM and CVR inside 9F10
I believe it is also possible to detect if the transaction was performed by a mobile device by using tag 0x82 (Application Interchange Profile). I believe this is a better approach because it will be the same regardless of card brand (as long as the card brand in question followed EMVCo's spec correctly.
Here is a link to EMV Co Contactless Book.
https://www.emvco.com/wp-content/uploads/2017/05/C-4_Kernel_4_v2.6_20160512101635327.pdf
Screenshot Of Desired Table
Check Bit 7 (second most significant bit) of Byte 2 (Rightmost Byte). If it is 1 it came from a mobile device. The Application Interchange profile will always be 2 Bytes.
So I'm trying to write a small applet which reads a serial number from a smart card using the javax.smartcardio library. Smartcard is connected with bit4id reader, and right now I successfully connect to the smartcard and read basic infos such as ATR and protocol (T=1).
I did some research about it (for example: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_5_basic_organizations.aspx#table9)
But I'm not getting which specific list of command APDUs should I send to the card to get that serial.
Is there an "easy way" to do that, without reading tons of papers and manuals?
I guess I would need some datasheets to know how data is stored inside the card, right? or can i send some kind of command APDUs to retrieve this info from the card too?
Right now I only receive SW=6986 responses (not valid command)
Any advises, even only on the workflow, would be strongly appreciated!
There is no one way to read a smart cards serial number. "smartcard" is an ISO/IEC standard defined in the 7816 specification. Many industries use this standard like Mobile SIM, Bank Cards and Digital Signature Cards.
The implementation of the standard is different across industry with some industries advancing this basic standard with there own additional APDUs etc. like 3GPP/GSMA standard in the Mobile SIM case or the EMV standard in banking.
Anyhow, assuming that this card is smart-card ISO/IEC 7816 compliant you could possibly assume that it uses file base storage for card data. You could use the "SELECT" command (defined in 7816-4) to try to access all available files and print there information. i.e. files are identified by two bytes like 3F00 you could select from 0000,0001,0002....FFFF then if you get a successful select (status word 90) then read the contents and print it. Doing this you may be able to identify which file has the "serial" then you would only need to read this file going forward.
The above is not "easy" but may be a nice challenge and learning experience.
I was wondering is there a particular organisation you have to contact with regards to reserving a manufacturer ID for a bluetooth beacon? For instance, if we wanted to start mass producing them, ensuring no one else uses a particular ID?
Any advice would be appreciated.
Why yes there is. You must be member of the Bluetooth SIG. See here for more information and a list of current Manufacturer IDs.
As an addition to the previous answer regarding Bluetooth SIG and Company ID,
I will add a few things:
Company IDs are assigned by the Bluetooth SIG. In order to get one, your company must first become a member of the Bluetooth SIG. The entry level membership (adopter level) is free.
Once you are an adopter member, you can submit a request to get a Company ID (also free).
The company ID is necessary if you want to use the Manufacturer specific data field in order for example to have custom data in the BLE advertisement frames.
If you plan an building a 'simple' beacon product following, you might not need a Company ID. For Apple's iBeacon format for example, the frame format should use the Apple's company ID as well as their beacon format (see for example this page explaining the ibeacon format : http://www.warski.org/blog/2014/01/how-ibeacons-work/). I belive the Google Eddystone beacon format also do not require beacon manufacturer to have their own company ID.
How does the BLE sniffers get to know the various fields like the channel number, rssi etc that are not a part of the advertised packet?
EDIT: I have one more follow up question. How do we set the le advertising parameters in bluez? However the structure for this is given in lib/hci.h but that is not used anywhere in the code and also i haven't found the default values for the parameters to know the advertisement frequency.
How can we configure those parameters?
Is it possible to search for all iBeacons which are nearby? I know it's possible to search iBeacons by UUID. But i want to find all iBeacons nearby.
An iBeacon is a region, and has as defining property the UUID. Therefore, you can only search for the ones matching a UUID.
After you find one or more with a specific UUID, you can figure out which is closest using the delegate callbacks, where the beacons are stored in an array ordered by distance.
There is great sample code on this and also a pretty detailed WWDC video session: "What's new in Core Location"
iBeacons are higher-level constructs than regular BLE peripherals. From what can be determined from the Apple docs, beacons are tied to their service UUID. i.e., a family of beacons is a "region" and a you go into and out of a region based on the range and visibility of a beacon to YOU, not the other way around. Unfortunately Apple has used the term region, which most of us probably associate with MapKit, so this is adding to the general confusion
Here's the bad news: You can only scan for ProximityUUIDs that you know, there is no "wildcard" proximityUUID. Additionally, CLBeacons don't expose the much in the way of lower level CoreBluetooth guts so if you want to find all beacons that happen to be near you, you'll have to use CoreBluetooth, scan for peripherals, then look though the returned peripheries and query each one them to find beacons. Of course Apple has neither registered (with the Bluetooth SIG) or (yet) published the iBeacon characteristics so, you'll need a BT sniffer to reverse engineer what constitutes an iBeacon from any other BLE device.
each APP would use it's own specific UUID, using the "major" and "minor" integer values to differentiate between beacons.
for example, the UUID would be associated with a chain of shops, major would identify the shop, and minor the aisle, or even a group of products.
scanning for unknown UUID's would not be very useful, as your app would not know what to do with the information.
the UUID is generated once and for all, using the "uuidgen" command in the terminal.
sadly there is no protocol to actually communicate with beacons, hence there is no standard to get the location of a beacon, or any other useful info.
it would have been so much better if we could open a connection to a beacon, usually the closest one, and obtain additional data from it, without having to be on the same WIFI network.
you either have to use bonjour to communicate with the device over WIFI, or use the major and minor id to obtain data from a webservice of some kind.
Unfortunately you cannot at this time search for an arbitrary iBeacon without first knowing the proximityUUID value. I've tried writing directly to COREBluetooth and, although you can discover and connect to transmitting beacons in your area, what you get back is jibberish with no relation to the BLE UUID. So you can't even confirm that the peripheral you have connected to is in fact an iBeacon.
This does not appear to be a limitation of the BLE spec, rather it is a limitation that has been imposed by Apple. It also appears that this limitation does not exist for the Android platform.
Until this gap is closed, Android will have a significant advantage over iOS in this area.
I disagree with previous comments that scanning for UUIDs would be useless. On the contrary, if you knew the beacon UUID, you could create a map of beacon/location/subject in the cloud and use it to navigate (assuming the beacon was fixed) using a web service. You could crowd-source the data so that eventually a very rich database of beacon UUID/location pairs would be available to all who wanted to write location apps. Perhaps this is why Apple is hiding the info; they may be holding this back for their own purposes.
According to Radius Networks (authors of the AltBeacon spec and the android-beacon-library it's not possible to identify a beacon using CoreBluetooth