Security failed level 1 err 9 connecting error with bonded device

Hi all!

I'm developing a BLE device implementing automation IO profile, peripheral role.

I can connect normally and discover all services and characteristics from nRF Connect android app, but after bonding, I never can connect again, I receive 

Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
Disconnected (reason 61)

Am I missing something? Do I need to manually save bond information?

My code is the following:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#include <zephyr/zephyr.h>
#include <zephyr/logging/log.h>
#include <zephyr/bluetooth/bluetooth.h>
#include <zephyr/bluetooth/uuid.h>
#include <zephyr/bluetooth/gatt.h>
#include <zephyr/settings/settings.h>
#include <device.h>
#include <drivers/flash.h>
#include <storage/flash_map.h>
#include <fs/nvs.h>
#include <stdio.h>
#include <string.h>
#include "../cfg/config.h"
#include "ble.h"
#include <zephyr/kernel.h>
#include <zephyr/sys/reboot.h>
#include <zephyr/sys/printk.h>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Thanks!

Pedro.

Parents
  • Hi Pedro,

    Are you able to upload your project so I can try to reproduce the error on my end? The pairing fails because the link is encrypted/decrypted incorrectly, which is unusual error. The bonding information should be stored to flash automatically be the Zephyr host. 

    Best regards,

    Vidar

  • Hi Vidar,

    Attached to this post you can find the project. 

    Thanks for your help!

    ble-io-bridge-periph.zip

    Edit: I'm using ncs 2.0.2

  • Hi Vidar,

    I tested your precompiled example in nRF52 DK and Huawei P20 pro and it works perfectly. After bonding I can connect and disconnect manually, and also when I reset nRF52 DK, it connects automatically to phone.

    Kind regards,

    Pedro

    Edit: I tried with HIDS Keyboard sample in NCS 2.0.2 and does not work after bonding. Same security problem occurs. It keeps trying to connect in a loop, throwing this error:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    Advertising continued
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    Advertising continued
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    Advertising continued
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  • Hi Pedro,

    Interesting find. Can you please also try the ble_app_hrs example from nRF5 SDK 17.1.0 (hex file is attached). This example supports LE secure connections pairing, same as the HID example in NCS. 

    7178.ble_app_hrs_pca10040_s132.hex

    Kind regards,

    Vidar

  • Hi Vidar!

    7178.ble_app_hrs_pca10040_s132.hex

    This example works fine with P20 pro.

    Kind regards,

    Pedro.

  • Hi Pedro,

    Please try the hex attached below as well, if you don't mind testing a bit more. This is the HID keyboard sample from SDK v2.4.2.

    1134.zephyr.hex

    Please also remember to erase the chip between the tests to ensure there is no existing bonding data stored on the device which may affect the result.

    Kind regards,

    Vidar

  • Hi Vidar,

    I flashed your hex with nrfjprog --program zephyr.hex --chiperase --verify -r but unfortunately I can not see any device that seems to be your example, when scanning ble with nrf connect app. I tried with 2 phones.

    What is the advertising name?

    This is the log info I can see in the serial port of nRF52 DK:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    *** Booting Zephyr OS build v3.3.99-ncs1-1 ***
    Starting Bluetooth Peripheral HIDS keyboard example
    I: 6 Sectors of 4096 bytes
    I: alloc wra: 0, fd0
    I: data wra: 0, 1c
    I: SoftDevice Controller build revision:
    I: e0 7e 2e c1 5e 05 85 23 |.~..^..#
    I: 46 15 dc fa 8e 29 7d 70 |F....)}p
    I: 10 93 a5 fc |....
    I: HW Platform: Nordic Semiconductor (0x0002)
    I: HW Variant: nRF52x (0x0002)
    I: Firmware: Standard Bluetooth controller (0x00) Version 224.11902 Build 2231721665
    I: No ID address. App must call settings_load()
    Bluetooth initialized
    I: Identity: D7:06:A1:24:26:8D (random)
    I: HCI: version 5.4 (0x0d) revision 0x1077, manufacturer 0x0059
    I: LMP: version 5.4 (0x0d) subver 0x1077
    NFC configuration start
    NFC configuration done
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    if you don't mind testing a bit more.

    I'm here to help!

    Kind regards,

    Pedro.

Reply
  • Hi Vidar,

    I flashed your hex with nrfjprog --program zephyr.hex --chiperase --verify -r but unfortunately I can not see any device that seems to be your example, when scanning ble with nrf connect app. I tried with 2 phones.

    What is the advertising name?

    This is the log info I can see in the serial port of nRF52 DK:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    *** Booting Zephyr OS build v3.3.99-ncs1-1 ***
    Starting Bluetooth Peripheral HIDS keyboard example
    I: 6 Sectors of 4096 bytes
    I: alloc wra: 0, fd0
    I: data wra: 0, 1c
    I: SoftDevice Controller build revision:
    I: e0 7e 2e c1 5e 05 85 23 |.~..^..#
    I: 46 15 dc fa 8e 29 7d 70 |F....)}p
    I: 10 93 a5 fc |....
    I: HW Platform: Nordic Semiconductor (0x0002)
    I: HW Variant: nRF52x (0x0002)
    I: Firmware: Standard Bluetooth controller (0x00) Version 224.11902 Build 2231721665
    I: No ID address. App must call settings_load()
    Bluetooth initialized
    I: Identity: D7:06:A1:24:26:8D (random)
    I: HCI: version 5.4 (0x0d) revision 0x1077, manufacturer 0x0059
    I: LMP: version 5.4 (0x0d) subver 0x1077
    NFC configuration start
    NFC configuration done
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    if you don't mind testing a bit more.

    I'm here to help!

    Kind regards,

    Pedro.

Children
  • Hi Pedro,

    I'm not sure why it didn't work. It's supposed to advertise as "Nordic_HIDS_keyboard". Please try this hex file instead.

    4645.zephyr.hex

    Thanks,

    Vidar

  • Hi Vidar,

    I tried with 4645.zephyr.hex, I see when scanning Nordic_HIDS_keyboard, then I connect and try to bond. I confirm from phone side, but when trying to confirm from nRF52 DK side, it does nothing when pressing button 1. Maybe our nrF52 DK is damaged. 

    You can send me same example but with no display or keyboard callbacks, so it can bond without having to confirm.

    Kind regards,

    Pedro.

  • Hi Pedro,

    I've re-built the sample without the IO capabilities, so it defaults to LESC just works pairing and I also disabled NFC OOB pairing support. Hope it works.

    8737.zephyr.hex

    Best regards,

    Vidar

  • Hi Vidar,

    It connects and bonds correctly to P20 pro, but then, when try to connect, it never connects again:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    W: Not connected!
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    Advertising continued
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    W: Not connected!
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    Advertising continued
    Connected 3C:CD:5D:3F:DC:50 (public)
    Advertising successfully started
    W: Not connected!
    Security failed: 3C:CD:5D:3F:DC:50 (public) level 1 err 9
    Disconnected from 3C:CD:5D:3F:DC:50 (public) (reason 61)
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    I tried also with a Xiaomi Mi 9T Pro and all work ok, even after bonding. But I tried with an old Samsung Galaxy J5 with Android 5.1.1 and it bonds, but for some reason, it can not discover services and characteristics.

    I hope this helps.

    Kind regards,

    Pedro.

  • Hi Pedro,

    Do you have an extra DK or nRF52840 Dongle laying around that you can use to capture a sniffer trace with the nRF Sniffer

    I've created a new hex file which will print the encryption key (LTK). You can use JLink RTT Viewer if you have problems viewing UART logs. 

    2742.zephyr.hex

    Kind regards,

    Vidar