Understanding iBeacon data : the power field and other bytes

Question

I am new to the Bluetooth system and I am trying to understand the data used for the new Apple's technology : iBeacon.

There is already some nice answers which explain how it works and I have been reading everything I could find (especially the Bluetooth Specification). Still, I am missing some points and I will go for an example first : (I am using the Set Advertising Data Command, it misses here the hcitool cmd before the OGF)

0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 E2 C5 6D B5 DF FB 48 D2 B0 60 D0 F5 A7 10 96 E0 00 00 00 00 C5 00

I will list here what I didn't understand or find information about.

1. Is there any information anywhere about the OGF (here it is 0x08)? I know it stands for OpCode Group Field, but contratry to the OCF which follows the OGF, I didn't find anything.
2. What does the 02 01 1A 1A bytes line stand for? I know that the first byte, 1E, tells the length of the rest of the data and after that line, starting with FF, you get the manufacturer specific data. But I couldn't find anything about those 4 bytes.
3. How does the power byte work? Here it is C5. I know that what I get is the dBm value when ranging my iBeacon (on my iPhone for instance). And I know that the higher the value (on that power byte), the higher the power which means more accuracy but also more energy consumption. But how do you use that byte? What are the min and max values you can set? Or is there any kind of formula there? Do you get a set dBm value (at one meter from your iBeacon) for a set value on the byte?

Thank you.

Answer 1

Answers to the first two questions can be found in the gigantic Bluetooth 4.0 Core spec.

1. The OGF of 0x08 groups OCF commands for LE Controllers:

   For the LE Controller Commands, the OGF code is defined as 0x08. (Bluetooth Specification Version 4.0 [Vol 2], page 1114)

   Because the 0x0008 OCF command is a controller command, you have to use the 0x08 OGF code with it. Confused? Forget it. Just know you use 0x08 0x0008 to set the advertising data using hcitool.

2. The byte sequence starting the advertisement is as follows:

   1E Number of bytes that follow in the advertisement
   02 Number of bytes that follow in first AD structure
   01 Flags AD type
   1A Flags value 0x1A = 000011010  
      bit 0 (OFF) LE Limited Discoverable Mode
      bit 1 (ON) LE General Discoverable Mode
      bit 2 (OFF) BR/EDR Not Supported
      bit 3 (ON) Simultaneous LE and BR/EDR to Same Device Capable (controller)
      bit 4 (ON) Simultaneous LE and BR/EDR to Same Device Capable (Host)
   1A Number of bytes that follow in second (and last) AD structure
   FF Manufacturer specific data AD type
   4C Company identifier code LSB
   00 Company identifier code MSB (0x004C == Apple)
   02 Byte 0 of iBeacon advertisement indicator
   15 Byte 1 of iBeacon advertisement indicator
   

   -- Bluetooth Specification Version 4.0 [Vol 3], "ADVERTISING AND SCAN RESPONSE DATA FORMAT" p. 375

   -- Bluetooth Specification Version 4.0 [Vol 3], Appendix C (NORMATIVE): EIR AND AD FORMATS", p. 401

3. The power field is simply a one byte two's complement number representing the "measured power" in RSSI at one meeter away. In simpler terms

   Here is how that works:

   1. Hold an iBeacon scanner (like Locate for iBeacon for iOS) one meter away from your iBeacon transmitter.
   2. Read its signal strength in RSSI. It will be a number between -1 and -127. (-1 is very strong, -127 is very weak)
   3. Convert this number into a hex using two's complement. (Add 256 then convert to hex)

Note: The power field can be 80-FF. If it is 00, iOS will not do a distance calculation at all. You can read more on how this is used here.