Bluetooth Hacking?
OpenBeacon Base Station 1

From OpenPCD

Jump to: navigation, search
OpenBeacon Ethernet Base Station I with PoE IEEE802.3af powering

This design was replaced by the Ethernet EasyReader PoE II design. This page is only kept for informational purposes.


This base station is a Power-over-Ethernet (according to IEEE802.3af) enabled design using a closed source Ubicom Ethernet-enabled Microcontroller.

Here you can find PoE-Enabled power supplies in Germany:




The schematics of this first base station design will not be published.

We don't think that it would be worth publication, since the Ubicom development environment (toolchain, TCP/IP stack, ...) is 100% proprietary and very expensive.

However, the RF part of the base station is not any different from the RF part of the OpenBeacon Tag, just a SPI-attached nRF24L01 transceiver. Therefore, the OpenBeacon Tag can be equipped with a firmware that turns it into e.g. a RS232-enabled base station!

We already designed a new base station design OpenBeacon USB which is be based on a Microcontroller that is openly documented and has a 100% free and open development environment (Atmel AT91SAM7S128, which we successfully used in the OpenPCD project.

Reader Network Configuration

The 2.4GHz reader can be configured by using an simple UDP text console protocol. The defaul IP address is You can return to the default IP address and default settings anytime by unplugging the power supply, pressing the button on the PCB while plugging the power supply back again. This leads to a firmware confuguration reset - it's acknowledged by 10 blinks of both red an green LED.

The preferred tool to access the configuration is netcat. Netcat is available for all major operating systems.

Please use netcat in UDP mode to acces the configuration console:

netcat -u 2343

Just press "h" and the "Enter"-Key to show the help page:

> h
{ base station command line help
       (C) 2006 Milosch Meriac <>

       'b' - dump network configuration
       'c' - store network configuration
       'd' - dump chip registers
       'f' - flush FIFO f[FLUSH_TX=1,FLUSH_RX=2]
       'h' - show help
       'i' - reinitialize HF frontend
       'l' - red LED enable l[enable=0,=disable=1]
       'm' - change ethernet mac (m00:11:22:33:44:55)
       'n' - show ethernet mac
       'q' - disable this shell till next power cycle
       'r' - restart server
       's' - verbose status
       't' - change target server address ('t0A:01:00:08' for
       'u' - show target server address
       'w' - transmit data on RF interface


by pressing "b" you can display the current network configuration:

> b

the format of the network configuration is as follows:

1 Byte: DHCP on/aoff (00/01)
4 Byte: network address in hex format
4 Byte: netmask address in hex format
4 byte: gateway address in hex format

same format, but "c"-command to set a new network configuration:

> c00:0A:FE:00:64...
> {}0

return format codes:

0: OK
2: invalid parameter count