Bluetooth Hacking?

From OpenBeacon

Jump to: navigation, search



nRF14L01+ 2.4GHz frontend from Nordic Semiconductors on the OpenBeacon Tag

The nRF24L01 is a low-power and low-cost 2.4GHz transceiver ASIC produced by Nordic Semiconductors which is used in our open hardware design for our active RFID tag - http./ We currently use it for realtime tracking of people at congresses.

See our USB based Reader Node OpenBeacon USB, the ethernet based Reader OpenBeacon Ethernet and the tag design the OpenBeacon Tag.

Also used by Blinkenlights WMCU and Blinkenlights WDIM.

Some of its features are:

  • 80 channels
  • 1Mbit or 2Mbit per second operation
  • GFSK (Gaussian Frequency Shift Keying) modulation
  • 40bit addressing
  • 6 data pipes (similar to USB endpoints)
  • 32byte TX FIFO
  • 32byte RX FIFO
  • SPI interface to the CPU

Default initialization for OpenBeacon Tag




// LNA, RF output -18dBm, 2Mbps
#define NRF_RFOPTIONS 0x09
#define NRF_MAC_SIZE 5


// first byte payload size+1, second byte register, 3..n-th byte payload
const unsigned char g_MacroInitialization[] = {
  0x01, OP_NOP,
  0x02, CONFIG     | WRITE_REG, 0x00,	// stop nRF
  0x02, EN_AA      | WRITE_REG, 0x00,	// disable ShockBurst(tm)
  0x02, EN_RXADDR  | WRITE_REG, 0x01,	// enable RX pipe address 0
  0x02, SETUP_AW   | WRITE_REG, NRF_MAC_SIZE - 2,	// setup MAC address width to NRF_MAC_SIZE
  0x02, RF_CH      | WRITE_REG, CONFIG_DEFAULT_CHANNEL,	// set channel to 2480MHz
  0x02, RF_SETUP   | WRITE_REG, NRF_RFOPTIONS,	// update RF options
  0x02, STATUS     | WRITE_REG, 0x78,	// reset status register
  0x06, RX_ADDR_P0 | WRITE_REG, 'O', 'C', 'A', 'E', 'B',	// set RX_ADDR_P0 to "BEACO"
  0x06, TX_ADDR    | WRITE_REG, 0x01, 0x02, 0x03, 0x02, 0x01,	// set TX_ADDR
  0x02, RX_PW_P0   | WRITE_REG, 16,	// set payload width of pipe 0 to sizeof(TRfBroadcast)
  0x00					// termination

Further reading