Develop Reference

Change Card Manager AID on JavaCard 3.x

I'm trying to change the card manager AID on a JavaCard 3.x smartcard by using a STORE DATA command. The current card manager AID is the factory default of A0 00 00 01 51 00 00 00. After authenticating with the card manager, the command I'm sending is:
=> 80 E2 80 00 0A 4F 08 A0 00 00 00 03 00 00 00
<= 6A 88
This command executes successfully on a JavaCard 2.2.x card - has this feature been deprecated on JC 3.x?

Looks like the JavaCard 3 needs the command data in DGI format for this to work:
=> 80 E2 80 00 0D 00 70 0A 4F 08 A0 00 00 00 03 00 00 00
<= 90 00

iBeacon emulation ubuntu error

I want to use my computer as an iBeacon, and I don't succeed (On a Ubuntu 14.04 running in a virtualBox environement on Windows 8.1)
Here is the code I use
#!/bin/bash
sudo hciconfig hci0 up
sudo hciconfig hci0 noleadv
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 \
d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hciconfig hci0 leadv
My hciconfig result
hci0: Type: BR/EDR Bus: USB
BD Address: 00:C2:C6:18:C5:E9 ACL MTU: 310:10 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:5333127 acl:66 sco:0 events:887454 errors:0
TX bytes:40617442 acl:64 sco:0 commands:887224 errors:0
I have the bluez version 5.36 installed (checked with bluetoothd -v)
I have seen many Stack overflow post about this but cannot figure it out!
Check Here, Here or Here.
I have bought a real iBeacon to look about what works to help me, here is what I have:
Using hcidump -R I read this
< 01 0B 20 07 01 10 00 10 00 00 00
> 04 0E 04 01 0B 20 00
< 01 0C 20 02 01 01
> 04 0E 04 01 0C 20 00
> 04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
> 04 3E 2A 02 01 04 01 4F 00 00 02 4D CD 1E 02 0A F4 08 16 F0
FF 64 00 00 00 00 11 09 4D 69 6E 69 42 65 61 63 6F 6E 5F 30
30 30 37 39 BB
> 04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
> 04 3E 2A 02 01 04 01 4F 00 00 02 4D CD 1E 02 0A F4 08 16 F0
FF 64 00 00 00 00 11 09 4D 69 6E 69 42 65 61 63 6F 6E 5F 30
30 30 37 39 BB
< 01 0C 20 02 00 01
> 04 0E 04 01 0C 20 00
Problem is I don't understand why there so much different paquet size and type (maybe other bluetooth nonBeacon device).
I'm pretty sure that this is the beacon paquet, but theses data make no sense to me
04 3E 2A 02 01 00 01 4F 00 00 02 4D CD 1E 02 01 06 1A FF 4C
00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00
00 00 00 C5 BB
I have trying to use this to understand it but failed (using some stack overflow responses like the following)
First, in order to get BlueZ to advertise, the byte sequence you supply must include a valid BLE advertisement header, which is a minimum of 8 bytes. So to advertise "helloworld" you actually need to send:
sudo hcitool -i hci0 cmd 0x08 0x0008 10 02 01 1a 0c ff 18 01 48 45 4c 4c 4f 57 4f 52 4c 44
The first 8 bytes are the header and the next 10 bytes are the string "helloworld" encoded as 8-bit ASCII.
The first 8 bytes can be broken down like this:
10 # Total length of the advertising packet
02 # Number of bytes that follow in first AD structure
01 # Flags AD type
1A # Flags value 0x1A = 000011010
bit 0 (OFF) LE Limited Discoverable Mode
bit 1 (ON) LE General Discoverable Mode
bit 2 (OFF) BR/EDR Not Supported
bit 3 (ON) Simultaneous LE and BR/EDR to Same Device Capable (controller)
bit 4 (ON) Simultaneous LE and BR/EDR to Same Device Capable (Host)
0C # Number of bytes that follow in second (and last) AD structure
FF # Manufacturer specific data AD type
18 01 # Company identifier code (0x0118 == Radius Networks)
---------------------
If you got anything that can help me to understand how iBeacon paquet are constructed, thank you

Oh Gosh! I have found someone with exactly the same problem as me.
Look Here.
Response that helped from #Richard Wifall
I saw the same issue as memoryhole where I had to remove the extra zeros. I also had to enable advertising before I configured the advertising data for it to work properly with my dongle.
Here is the exact sequence/commands that worked for me:
sudo hciconfig hci0 up
sudo hciconfig hci0 leadv 3
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00
This is what my version of the Radius script ended up looking like:
#!/bin/sh
../ibeacon.conf
echo "Launching virtual iBeacon..."
sudo hciconfig $BLUETOOTH_DEVICE up
sudo hciconfig $BLUETOOTH_DEVICE leadv 3
sudo hcitool -i $BLUETOOTH_DEVICE cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 $UUID $MAJOR $MINOR $POWER 00
echo "Complete"
This was on a Rasberry Pi with a ORICO BTA-402-BK branded BLE dongle (CSR8510 A10)
(I would have left this as a comment, but didn't have enough rep)

iBeacon Broadcast Interval with Raspberry Pi

I have an iBeacon broadcasting every ~1280 ms from my Raspberry Pi, but I need it to broadcast every ~100ms how do I configure this?
How I'm set up:
I followed this guide:
http://www.wadewegner.com/2014/05/create-an-ibeacon-transmitter-with-the-raspberry-pi/
I have a Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode)
My config string:
hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8 00
On my phone I see my iBeacon, the UUID is correct, the Major and Minor versions are correct. The problem I'm having is the broadcast rate.
Can I change this from ~1.2 seconds to ~100 ms?
Update 1:
I'm still getting errors.
pi#raspberrypi ~ $ sudo hciconfig hci0 up
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
< HCI Command: ogf 0x08, ocf 0x0008, plen 44
1E 02 01 1A 1A FF 4C 00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60
D0 F5 A7 10 96 E0 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
00 00 00 00
> HCI Event: 0x0e plen 4
01 08 20 12
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
< HCI Command: ogf 0x08, ocf 0x0006, plen 15
A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
> HCI Event: 0x0e plen 4
01 06 20 0C
pi#raspberrypi ~ $ sudo hcitool -i hci0 cmd 0x08 0x000a 01
< HCI Command: ogf 0x08, ocf 0x000a, plen 1
01
> HCI Event: 0x0e plen 4
01 0A 20 0C
Update 2:
I found a way to make it work:
hciconfig hci0 down
hciconfig hci0 up
hcitool -i hci0 cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 63 6F 3F 8F 64 91 4B EE 95 F7 D8 CC 64 A8 63 B5 00 00 00 00 C8 00
hcitool -i hci0 cmd 0x08 0x0006 20 00 A0 00 00 00 00 00 00 00 00 00 00 07 00
hcitool -i hci0 cmd 0x08 0x000A 01
hciconfig hci0 noscan
I think the key was the noscan part. I think if scan was on I couldn't change the advertisement frequency.
An additional resource I found useful:
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737
Specifically Volume 2, Part E, Section 7.8 This gave me the actual description of the commands I was sending, instead of copy and paste programming.

You can increase the advertising rate to 10 Hz like this:
sudo hciconfig hci0 up
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
sudo hcitool -i hci0 cmd 0x08 0x000a 01
See here for more info:
Is there a way to increase BLE advertisement frequency in BlueZ?

How to change iBeacon broadcast frequency and power level on Asus USB-BT400

I'm trying to change iBeacon broadcasting frequency on Asus USB-BT400. Currently it is 1Hz (tested on wireshark) and I want to change it to >10Hz. Even though it uses the same chipset as IOGear GBU521 (Broadcom BCM20702A0) there must be some differences between the two because the code (working on IOGear) doesn't work on Asus:
sudo hciconfig hci0 up
sudo hcitool -i hci0 cmd 0x08 0x0008 1e 02 01 1a 1a ff 4c 00 02 15 e2 c5 6d b5 df fb 48 d2 b0 60 d0 f5 a7 10 96 e0 00 00 00 00 c5 00 00 00 00 00 00 00 00 00 00 00 00 00
sudo hcitool -i hci0 cmd 0x08 0x0006 A0 00 A0 00 03 00 00 00 00 00 00 00 00 07 00
sudo hcitool -i hci0 cmd 0x08 0x000a 01
Also, in similar manner, the power level cannot be changed this way. Maybe the command structure for Asus is different?

When using hexdump to check /dev/mem, why are some addresses missing?

Here is the command I used:
sudo hexdump -C /dev/mem | less
And part of the result it dumped:
00000070 53 ff 00 f0 a4 f0 00 f0 c7 ef 00 f0 e0 ba 00 c0 |S...............|
00000080 ef 27 00 f0 ef 27 00 f0 ef 27 00 f0 ef 27 00 f0 |.'...'...'...'..|
*
00000100 99 1b 32 e7 01 e4 00 f0 65 f0 00 f0 e0 be 00 c0 |..2.....e.......|
00000110 ef 27 00 f0 ef 27 00 f0 ef 27 00 f0 ef 27 00 f0 |.'...'...'...'..|
*
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
The interesting thing is that addresses in [0x00000120, 0x0000017f] are ignored as "*" instead of the value I suppose to see.
As far as I can imagine, those parts are protected from being read, but why? Or am I missing something?

hexdump is suppressing duplicate lines to make the output easier to read.
From the 'man hexdump' page:
-v Cause hexdump to display all input data. Without the -v option,
any number of groups of output lines, which would be identical to
the immediately preceding group of output lines (except for the
input offsets), are replaced with a line comprised of a single
asterisk.