BLE module Default settings and features
 HM-10 TI CC2540 chip (256Kb Flash)
RF Power: 0 dbm (-23 to 6)
Name: HMSoft
Baud: 9600, N, 8, 1
Role: peripheral, transmit mode
PIN: 000000 

Bluetooth Low Energy (BLE)

  • radio: 2.4 GHz ISM (Industrial, Scientific, and Medical)
  • band: divided into 40 channels from 2.4000 GHz to 2.4835 GHz
  • channels purpose: 37 channels for connection data, the last 3 channels (37, 38, 39) are used as advertising channels for setting up connections and sending broadcast data
  • modulation: GFSK - Gaussian Frequency Shift Keying (the same used by classic Bluetooth)
  • preventing radio interference: frequency hopping spread spectrum (This technique minimizes the effect of any radio interference potentially present in the 2.4 GHz band e.g.: WiFi, classic Bluetooth)
  • bluetooth device address: 6-byte (48-bit) number uniquely identifies a device among peers. Bluetooth device address can be public (factory-programmed) or random (preprogrammed on the device or dynamically generated at runtime)
  • standard data packet: 31-byte payload contain up to 20 bytes of user data. All packets received are checked against a 24-bit CRC and retransmissions are requested when the error checking detects a transmission failure. The Link Layer will resend the packet until it's finally acknowledged by the receiver.
  • broadcasting (data transmission in one direction) - the only way to transmit data to more than one peer at time. Standard advertising packet contains a 31-byte, but broadcaster can send )a second advertising frame (so called Scan Respons) with another 31-byte payload (up to 62 bytes total)
  • connection (data transmission in both directions) Once the connection is established, the peripheral stops advertising and the two devices starting exchanging data in both directions. Data are organized around units called services and characteristics
BLE data Exchange (Advertising, Scanning, Connection)
BLE use only one 31-byte packet format. The advertising packets are broadcast blindly over the air by the advertiser at a fixed rate: 20 ms to 10.24 s (advertising interval) and it will be received successfully by the scanner only when they randomly overlap because advertiser and the scanner are not synchronized. Advertising packets are used to discover slaves and broadcast simple data that do not need connection establishment. We can distinguish between two types of master scans:
  • passive scan (scanner only listens for advertising packets)
  • active scan (scanner sending Scan Request packet after receiving an advertising packet and the advertiser (slave) reply with so-called Scan Response packet containing the additional data)

To be able to exchange more data and settings we need to establish a connection between the master and slave. When a suitable (connectable) slave is detected, the master sends a connection request packet to the slave and after the response it establishes a connection. The connection request packet includes the frequency hop increment, which determines the hopping sequence that both the master and the slave will follow during the connection.

UUID - Universally Unique Identifier
A UUID is simply a 128-bit (16 bytes) unique number that is used in many protocols, not only in bluetooth. The BLE specification adds two additional UUID formats: 16-bit and 32-bit UUIDs. These shortened formats can be used only with UUIDs that are defined in the Bluetooth specification (services, and profiles).

Bluetooth Device Address
Bluetooth device address is 48-bit (6-byte) number uniquely identifies a bluetooth device among peers (it's similar to MAC identification address)
There are two types of device addresses, and one or both can be set on a bluetooth device:
  • public device address (must be registered with the IEEE Registration Authority and will never change)
  • random device address (preprogrammed on the device or dynamically generated at runtime)
    • static address (random number that can either be generated every time the device boots up or can stay the same for the lifetime of the device)
    • non-resolvable private address (temporary address used for a certain amount of time-not commonly used)
    • resolvable private address (generated from an identity resolving key (IRK) and a random number, it can be changed during the connection to avoid the device being identified and tracked by an unknown scanning device)

Operating systems supporting BLE:

  • Android 4.3 and later
  • iOS 5 and later
  • Windows Phone 8.1
  • BlackBerry 10
  • Linux 3.4 and later through BlueZ 5.0
  • Windows 8 and later
Devices supporting BLE (Bluetooth Smart) - link

Major Abbreviations:

  • ATT - Attribute Protocol
  • SMP - Security Manager Protocol
  • L2CAP - Logical Link Control and Adaptation Protocol
  • GATT - Generic Attribute Profile (it defines how data is organized and exchanged between applications, data are encapsulated in services, which consist of one or more characteristics. GATT is an upperlayer that acts as the main interface to a Bluetooth Low Energy protocol stack)
  • GAP - Generic Access Profile (it regulate and standardize the lowlevel operation of devices e.g.: device discovery, connection, security establishment)

GAP specifies four device roles in BLE network:

  • Broadcaster
  • Observer
  • Central (S120)
  • Peripheral (S110)

Service and Characteristic Discovery:

  • discover all primary services
  • discover primary service by service UUID
  • discover all characteristics of a service
  • discover characteristics by UUID
  • discover all characteristic descriptors


  • S110 - Bluetooth LE Peripheral/Broadcaster protocol stack
  • S120 - Bluetooth LE Central protocol stack (supporting up to eight simultaneous
    Central role connections)
  • S130 - Bluetooth Smart concurrent multi-link protocol stack (supporting simultaneous Central/
    Peripheral/Broadcaster/Observer role connections)
  • S210 - ANT protocol stack
  • S310 - ANT and Bluetooth LE Peripheral controller and host multiprotocol stack
Beacon is bluetooth low energy (BLE) devices that periodically advertise a signal usually in iBeacon packet (up to 31 bytes).
iBeacon packet (30 bytes)

iBeacon Prefix

Proximity UUID


Signal Power - 
RSSI calibrated
at 1m
9 bytes 16 bytes 2 bytes 2 bytes 1 byte