Demo: Cross-Technology Communication between
BLE and Wi-Fi using Commodity Hardware
Alex Bereza∗, Ulf Wetzker‡, Carsten Herrmann†, Carlo Alberto Boanok, Marco Zimmerling∗
∗Networked Embedded Systems Group, TU Dresden, Germany
‡Fraunhofer Institute for Integrated Circuits, Division Engineering of Adaptive Systems, Dresden, Germany
†Deutsche Telekom Chair of Communication Networks, TU Dresden, Germany
kInstitute for Technical Informatics, Graz University of Technology, Austria
email@example.com firstname.lastname@example.org email@example.com
In this demonstration, we present a prototype of a cross-
technology communication (CTC) system that allows a
Bluetooth Low Energy (BLE) device to directly send data
to a Wi-Fi device using commodity hardware. Towards this
goal, we use energy burst patterns to encode information
on overlapping channel frequencies. With this demonstra-
tion, we prove the feasibility of our holistic CTC approach
for popular wireless technologies in the 2.4 GHz ISM band
based on off-the-shelf hardware and open-source software.
Wireless communication technologies have evolved sig-
niﬁcantly in the past decades. With ever-increasing through-
put, wireless supersedes cable-based solutions in many do-
mains. As the success and spreading of wireless technologies
continues to grow, however, the radio spectrum gets more
and more crowded. In particular, the license-free Indus-
trial, Scientiﬁc and Medical (ISM) bands are becoming an
increasingly scarce resource due to the proliferation of low-
power wireless devices forming the Internet of Things (IoT).
This increasing congestion is a serious challenge for wire-
less systems, as the radio interference caused by neighbor-
ing devices operating concurrently in the same frequency
band leads to an increased packet loss and higher number
of packet re-transmissions affecting the latency, throughput,
and energy efﬁciency of the involved networks.
Coordination among co-located wireless networks could
help alleviate the interference problem. Different wireless
technologies, however, employ different physical layers and
bandwidth allocation schemes, and are therefore unable to
communicate directly with each other; that is, they can-
Figure 1. Illustration of our holistic CTC approach with
the example of BLE to Wi-Fi communication
not interpret signals from another technology. For this rea-
son, a cross-technology communication (CTC) scheme that
enables low-data-rate communication without the need for
dual-radio gateways or additional infrastructure is highly
desirable (e.g., to enable cooperative coexistence manage-
State-of-the-art CTC schemes, including Esense  and
FreeBee , have several limitations. Esense is restricted to
unidirectional communication from Wi-Fi to ZigBee and as-
sumes that the number of different messages is smaller than
the alphabet count. FreeBee is a more general, bidirectional
approach that takes also BLE into account; however, it re-
quires special hardware, such as FPGA-enabled Wi-Fi de-
velopment boards. Furthermore, FreeBee’s BLE implemen-
tation is limited to the three BLE advertisement channels,
which prevents generic CTC communication with BLE de-
vices. In both works, robustness is solely achieved by trans-
mitting the same message multiple times and processing it
only if it was received more often than a certain threshold.
To address these problems, we introduce a holistic CTC
approach for the 2.4 GHz ISM band that is feasible based on
commodity hardware and open-source software only. To this
end, we use a common transmission scheme among hetero-
geneous technologies with fundamentally different physical
layers by exploiting the typically undesired cross-technology
interference. Overlapping channel frequencies of different
technologies enable them to sense each other’s transmissions
if their radio hardware supports channel duty cycle measure-
ments or received signal strength indicator (RSSI) sampling.
International Conference on Embedded Wireless
Systems and Networks (EWSN) 2017
20–22 February, Uppsala, Sweden
© 2017 Copyright is held by the authors.
Permission is granted for indexing in the ACM Digital Library
Figure 2. Demonstration setup. A BLE device transmits
a user-deﬁned string to a Wi-Fi device. The resulting en-
ergy patterns are observed with a passive TelosB sniffer.
These measurement techniques are needed, for example, to
implement CSMA/CA. Like prior work [2, 3], we use them
to sense energy bursts caused by transmissions of other tech-
nologies. By modulating the duration of energy bursts, we
encode information to create a common transmission layer.
Speciﬁcally, we design an encoding scheme based on
chip sequences with speciﬁc auto-correlation and cross-
correlation properties. Each CTC packet begins with a start-
of-frame sequence to distinguish it from other trafﬁc. For
this purpose, we utilize a Barker code of length 13. At zero
shift, Barker codes have a high autocorrelation value, while
the out-of-phase aperiodic autocorrelation absolute values
are less or equal to 1. For payload encoding, we use binary
maximum-length sequences to achieve a spreading factor of
8. The sequences are chosen to have low cross-correlation.
This way, we add redundancy to each payload bit and pro-
vide a basic level of robustness for individual transmissions;
re-transmissions can further improve reliability. Further-
more, we provide the ﬁrst implementation that supports arbi-
trary BLE channels for CTC transmissions. As a result, our
approach is more general than previous works.
Figure 1 depicts the main building blocks of our CTC
approach. Every CTC system includes three components:
(i) RSSI sampling (BLE) or channel duty cycle information
(Wi-Fi) for energy burst detection, (ii) a timing control and
packet length modulation block for energy burst transmis-
sion, and (iii) support for legacy standard-compliant com-
As a proof of concept, we present our implementation
of a CTC system that allows a common BLE transmitter to
directly communicate with an off-the-shelf Wi-Fi receiver.
To evaluate channel duty cycle information, we empower
an off-the-shelf Wi-Fi network interface card to detect the
length of distinct energy bursts by modifying its driver run-
ning in Linux kernel space. We successfully tested our im-
plementation with the Qualcomm Atheros chipsets AR9462
and AR9287. To send energy bursts, we use the CC2650 
BLE platform from TI and an open-source BLE stack .
This way, we are able to reliably transmit a bitstream from
BLE to Wi-Fi.
We demonstrate the functionality of our proof-of-concept
CTC implementation using the setup illustrated in Figure 2.
Figure 3. Visualization of CTC energy pattern recorded
by a TelosB. Due to averaging effects, the short energy
bursts seem to have a lower RSSI level than the long en-
ergy busts, and appear as spikes rather than plateaus.
On the BLE side (transmitter), we program the CC2650 to
periodically send a user-deﬁned string using BLE data pack-
ets to create energy bursts of certain length. Using a TelosB
sniffer, we record and visualize the resulting energy pattern
(see Figure 3) to illustrate our encoding scheme to the con-
ference attendees and allow for failure analysis.
On the Wi-Fi side (receiver), we load our modiﬁed Wi-Fi
driver and start our energy burst decoding program. The re-
ceived energy bursts are immediately decoded, allowing for
a live display of the arriving characters on the command line.
We also compute and display byte, bit, and chip error rates
over a certain time window. Decoding errors due to interfer-
ence can be analyzed via the recorded energy patterns.
Table 1. Preliminary CTC error rate measurements
occasional trafﬁc streaming, browsing
byte error rate 1.5% 48.3%
bit error rate 0.7% 44.6%
chip error rate 2.4% 47.5%
We measured the error rates in two scenarios: (i) on a
Wi-Fi channel with only beacons and occasional trafﬁc and
(ii) on a Wi-Fi channel used for video streaming and brows-
ing. Our results (see Table 1) show that our design is robust
enough to support uncritical applications based on CTC.
With this demonstration, we prove the feasibility of our
CTC approach, which we believe will pave the way for many
new applications and higher spectrum efﬁciency.
 Texas Instruments CC2650 SimpleLink multi-standard 2.4 GHz ultra-
low power wireless MCU. http://www.ti.com/product/cc2650
Accessed: Nov 8, 2016.
 K. Chebrolu and A. Dhekne. Esense: Communication through energy
sensing. In Proceedings of the 15th Annual International Conference
on Mobile Computing and Networking (MobiCom), 2009.
 S. M. Kim and T. He. FreeBee: Cross-technology communication via
free side-channel. In Proceedings of the 21st Annual International Con-
ference on Mobile Computing and Networking (MobiCom), 2015.
 M. Sp ¨
ork. IPv6 over Bluetooth Low Energy using Contiki. Master’s
thesis, Graz University of Technology, Graz, Austria, October 2016.