Bluetooth Hacking?
OpenBeacon USB 2

From OpenBeacon

Jump to: navigation, search
PCB of OpenBeacon USB 2 Bluetooth version


Tutorial Video: Flashing your OpenBeacon USB II badge via USB


Tutorial Video: Flashing your OpenBeacon USB II PCB via USB
Freely customizable case with a 90x60mm paper badge
Acrylic case can be slided away for replacing the 90x60mm paper badge
2 buttons and a Micro USB port on the opposite side
LPC1343 ARM Cortex-M3 CPU

Contents


Introduction

For mobile OpenBeacon applications the OpenBeacon USB 2 can be used. The device contains a freely programmable and power saving 32 bit Cortex M3 ARM controller. It can be reprogrammed without special tools over USB with a free gcc toolchain. This new design allows stand alone operation due to the Micro USB chargeable battery. An integrated Bluetooth interface allows wireless connectivity to your computer or PDA. We added 4 megabyte of flash memory for data logging. A 3 axis accelerometer to allow 3D orientation detection and 3 buttons allow simple user interfaces. The new design is highly extensible via the 11 pin 2.54mm spaced feature connector.

Bluetooth Terminal

By attaching the device to your computer for charging and pressing the middle button (reset) to bring the device into high power operation mode, the Bluetooth console can be enabled. By unplugging the device again, the device automatically resets itself and goes back to low parer data gathering mode.

Linux

First scan for visible Bluetooth devices:

[meri@blackbox ~]$ hcitool scan
Scanning ...
	00:13:43:00:F5:41	OpenBeacon Tag F392

As you can see the tag id is encoded into the Bluetooth device name (in this case F392). YOu can now check which of the available devices is connected to your computer for charging:

[meri@blackbox ~]$ find /media -iname 'LOG-*.BIN'
/media/OPENBEACON/LOG-F392.BIN

Using rfcomm you can connect to the Bluetooth device to /dev/rfcomm0:

 rfcomm bind rfcomm0 00:13:43:00:F5:41

If a device is already at /dev/rfcomm0, you can release that device by typing:

rfcomm release rfcomm0

You need to make sure tah your current user is allowed to access the serial Bluetooth console by being part of the group dialout:

[meri@blackbox ~]$ ls -l /dev/rfcomm?
crw-rw----. 1 root dialout 216, 0 28. Sep 11:40 /dev/rfcomm0
[meri@blackbox ~]$ groups
meri wheel dialout

You can add your user to the group dialout if needed:

usermod -G dialout -a meri


Bluetooth Terminal Example

As you can see in the example below, after pairing the computer tries to detect a possible modem for that Bluetooth connection. At least for Fedora Core 13-15 this only happens the first time this device is created (once per boot). If Bluetooth gets stuck during the first communication attempt after pairing, just press the middle button (reset) and try again. To establish a connection with a computer you could use PuTTY on Windows, or any command line tool on Unix-like OSes (Linux, Max OSX), like 'cu':

>cu -lttyUSB0 -s 115200

The settings to establish a connection are:

  • baud rate: 115200bps
  • no parity check
  • no flow control

After the console is established you can press h or ? for getting the console help screen.

Unknown command '+RCOI=0011675590EF' - please press H+[Enter] for help
# Unknown command 'AT+tGCtAP' - please press H+[Enter] for help
# Unknown command 'AT+GCAP' - please press H+[Enter] for help
# h 
 *****************************************************
 * OpenBeacon Tag - Bluetooth Console
 *                  Version v0.5.2-4-g3b80
 * (C) 2011 Milosch Meriac <meriac@openbeacon.de>
 *****************************************************
 * H,?          - this help screen
 * S            - Show device status
 *
 * E            - Erase Storage
 * W            - Test Write Storage
 * R            - Test Read Storage
 * F            - Test WriteFill Storage
 *****************************************************

Firmware Update

You can upload a new firmware on the tag following the instructions below. Remember that if you develop your homebrew firmware (e.g. you have compiled yourself the sources in the git repository) and you want to test it on the device, you must add the CRC in the binary image created during compilation. To achieve this, run lpc-flash on the created binary image, like so:

lpc-flash openbeacon-usb2.bin openbeacon-usb2.crc.bin

This command will create the openbeacon-usb2.crc.bin file with the CRC value embedded, that is the firmware binary image that can be deployed on the tag. This is necessary any time you want to distribute a firmware to be uploaded by other users on their tags.

Microsoft Windows

  • Reset the tag into firmware update mode as described in our tutorial video on the right: "Flashing your OpenBeacon USB II tag via USB"
  • Download openbeacon-usb2-firmware.bin and rename to firmware.bin. Use it to overwrite the file firmware.bin file on the drive that appeared in the previous step.

Linux

Due to an implementation fault of the LPC134x in Linux the firmware needs to be copied using the following tool:

Flash Tool Installation

 mkdir -p ~/Install/
 cd ~/Install/
 curl -O http://www.openbeacon.org/people/milosch/lpc-flash.tar.bz2
 tar -xvjf lpc-flash.tar.bz2
 cd lpc-flash-v*
 ./configure
 make
 sudo make install

Firmware Installation

  • Reset the tag into firmware update mode as described in our tutorial video on the right: "Flashing your OpenBeacon USB II tag via USB"
  • Download openbeacon-usb2-firmware.bin and rename to firmware.bin. Use it to overwrite the firmware.bin file on the drive that appeared in the previous step by using the flash tool we installed in the previous section:
 cd ~/Install/
 curl -O http://www.openbeacon.org/people/milosch/usb2tag/openbeacon-usb2-firmware.bin
 lpc-flash openbeacon-usb2-firmware.bin "/media/CRP DISABLD/firmware.bin"

Design Features

Hardware Design

Pin-out of on-board peripherals