• State Verified Answer
  • Replies 21 replies
  • Subscribers 74 subscribers
  • Views 2394 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 319187
Options

After bonding, I receive write events from the central, but after reconnecting, the write events no longer come through.

keigo.imaizumi

Nice to meet you.

I'm looking to embark on BLE development using nrf52840.
The requirements include one-to-one communication with one central and one peripheral, and pairing using LE Secure Connection is necessary (just works).
I will be developing the peripheral side of this. The BLE requirements are based on the specifications of the central side.

Now, initially, I tried implementing it myself based on various online information and samples.
I have successfully paired, and I can receive write events from the central side.
However, when I turn off the power on the central side, then turn it back on and perform a reconnection, I no longer receive write events from the central side.

Specifically, I am manipulating the central device to perform a write operation on the peripheral.
However, I only receive BLE_GAP_EVT_CONN_PARAM_UPDATE, and no other events.

First, let me share the logs!
If there's anything suspicious, please let me know. I can also provide the code.
Thank you.

SEGGER J-Link V7.88j - Real time terminal output
SEGGER J-Link (unknown) V1.0, SN=1050228242
Process: JLinkGDBServerCLExe
<info> app_timer: RTC: initialized.
<info> app: ble_stack__init
<info> app: Service UUID:0000, UUID Type: 2
<info> app: Erase bonds.
<info> peer_manager_handler: All peers deleted.
<info> app: PM_EVT_PEERS_DELETE_SUCCEEDED
<info> app_timer: RTC: initialized.
<info> app: ble_stack__init
<info> app: Service UUID:0000, UUID Type: 2
<info> app: Erase bonds.
<info> peer_manager_handler: All peers deleted.
<info> app: PM_EVT_PEERS_DELETE_SUCCEEDED
<info> app: PM_EVT_CONN_CONFIG_REQ
<info> app: BLE_GAP_EVT_CONNECTED
<info> app: PM_EVT_CONN_SEC_START
<info> app: PM_EVT_CONN_SEC_PARAMS_REQ
<info> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
<info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
<info> nrf_ble_lesc: Calling sd_ble_gap_lesc_dhkey_reply on conn_handle: 0
<info> app: BLE_GAP_EVT_CONN_SEC_UPDATE
<info> app: Security mode: 1. Security level: 2
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
<warning> app: PM_EVT_CONN_SEC_SUCCEEDED
<info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x0, bond=0x1, kdist_own:0x3 kdist_peer:0x2
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash changed.
<info> app: New Bond, add the peer to the whitelist if possible
<info> app: whitelist_peer_cnt 1, MAX_PEERS_WLIST 8
<info> app: Bonded to a new peer, add it to the whitelist.
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash changed.
<info> app: PM_PEER_DATA_ID_PEER_RANK
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Local database, action: Update
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Flash changed.
<info> app: PM_PEER_DATA_ID_GATT_LOCAL
<warning> app: ble_evt_handler:53
<info> app: BLE_GATTS_EVT_WRITE
<info> app: Notification enabled
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Update
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash changed.
<info> app: PM_PEER_DATA_ID_CENTRAL_ADDR_RES
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Local database, action: Update
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash changed.
<info> app: PM_PEER_DATA_ID_GATT_LOCAL
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 00 02 00 1E 00 1A 00|........
<info> app:  01 61 C6 00 54 53 11 00|.a..TS..
<info> app:  A5 16 FF 00            |....    
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 01 FF FF 00 00 A7 0B|........
<info> app:  AF 16 00 01 00 00 00 52|.......R
<info> app:  7C 07                  ||.      
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 00 02 00 1E 00 1A 00|........
<info> app:  01 61 C6 00 54 53 11 00|.a..TS..
<info> app:  A5 16 FF 00            |....    
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 01 FF FF 00 00 A7 0B|........
<info> app:  AF 16 00 01 00 00 00 52|.......R
<info> app:  7C 07                  ||.      
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 00 02 00 1E 00 1A 00|........
<info> app:  01 61 C6 00 54 53 11 00|.a..TS..
<info> app:  A5 16 FF 00            |....    
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 01 FF FF 00 00 A7 0B|........
<info> app:  AF 16 00 01 00 00 00 52|.......R
<info> app:  7C 07                  ||.      
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 00 02 00 1E 00 1A 00|........
<info> app:  01 61 C6 00 54 53 11 00|.a..TS..
<info> app:  A5 16 FF 00            |....    
<info> app: BLE_GATTS_EVT_WRITE
<info> app: command_char_handles
<info> app:  01 01 FF FF 00 00 A7 0B|........
<info> app:  AF 16 00 01 00 00 00 52|.......R
<info> app:  7C 07                  ||.     

======
Here, intentionally turning the power of the central device OFF/ON to trigger a reconnection.
======

<info> app: Disconnected, reason 8.
<info> app: PM_EVT_CONN_CONFIG_REQ
<info> app: PM_EVT_CONN_SEC_PARAMS_REQ
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash not changed.
<info> app: PM_PEER_DATA_ID_PEER_RANK
<warning> app: PM_EVT_BONDED_PEER_CONNECTED
<info> app: PM_EVT_LOCAL_DB_CACHE_APPLIED
<info> app: BLE_GAP_EVT_CONNECTED
<info> app: PM_EVT_CONN_SEC_START
<info> app: BLE_GAP_EVT_SEC_INFO_REQUEST
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
<info> app: Writing or overwriting the data.
<info> app: Flash not changed.
<info> app: PM_PEER_DATA_ID_PEER_RANK
<warning> app: PM_EVT_CONN_SEC_SUCCEEDED
<info> app: BLE_GAP_EVT_CONN_SEC_UPDATE
<info> app: BLE_GAP_EVT_CONN_PARAM_UPDATE
<info> app: connection parameters updated. min_interval:160, max_interval:160, latency:0, timeout:810
<info> app: BLE_GAP_EVT_CONN_PARAM_UPDATE
<info> app: connection parameters updated. min_interval:80, max_interval:80, latency:0, timeout:810
<info> app: BLE_GAP_EVT_CONN_PARAM_UPDATE
<info> app: connection parameters updated. min_interval:160, max_interval:160, latency:0, timeout:810
<info> app: BLE_GAP_EVT_CONN_PARAM_UPDATE
<info> app: connection parameters updated. min_interval:80, max_interval:80, latency:0, timeout:810
<info> app: BLE_GAP_EVT_CONN_PARAM_UPDATE
<info> app: connection parameters updated. min_interval:160, max_interval:160, latency:0, timeout:810

Parents
  • 0

    Hi Keigo, 
    It seems like the central managed to reconnect so I am not sure why the write command was not sent. 
    My suggestion is to use a sniffer to capture the communication. This would give us more insight of what could be wrong. You may have issue decrypting the paired connection with the sniffer if you secure connection, but you may consider turn off pairing for the test. 

    Please double check the code of the central to see if it actually send the write command on the 2nd connection or not. 

  • 0 in reply to Hung Bui

    Dear Mr. Hung Bui,

    Thank you very much for responding to my inquiries!

    Is it possible to communicate with the Central without pairing by turning off pairing?

    Also, since the Central receives finished products from the trading company and is not involved in the internal software, I have no knowledge of it.
    Furthermore, it seems that there are other companies creating peripherals that collaborate with this Central using Nordic.

    However, before using Nordic chips, I successfully communicated with the Central using a peripheral with Linux's BlueZ.
    At that time, even after reconnecting, the write events were received properly.
    Therefore, it seems there may be an issue with the peripheral I am trying to implement with Nordic this time.

    Thank you for your assistance.

  • 0 in reply to Hung Bui

    I will send a packet sniffer.

    No. 2358 is the first connection and bonding. No. 2682 marks the beginning of a reconnection. If there are any suspicious points, your guidance would be greatly appreciated! I've been struggling with this issue for days and haven't been able to resolve it.

  • 0 in reply to keigo.imaizumi

    Hi Keigo, 
    I don't see anything suspicious from the sniffer trace. 
    It seems that the re-encryption worked properly and the 2 devices managed to re-connect and re-pair with no problem. 
    The question, I guess, is why the central doesn't want to send the write request on reconnection. If the link can be decrypted it would be much easier to inspect. 
    Please make sure you type the key and click the arrow button after you enter it. 

    If your central accept legacy pairing you can try disable LESC and only do legacy pairing, this way the sniffer can automatic decrypt Just Work encryption without you providing the key. 

  • 0 in reply to Hung Bui

    Hello Mr. Hung Bui,

    I'm sorry, but I'm not sure how to obtain the key.
    I'm a beginner when it comes to bonding.
    Could you please provide guidance on how to obtain the key?
    By the way, is the key you mentioned the public key that appears in the sniffer? (Is it either x or y?)

    Also, what type of key should be set in WireShark? (The part where you choose SC LTK or SC Private Key, etc.)
    I apologize for the basic nature of these questions, as this is my first time delving into protocol analysis. Your guidance would be greatly appreciated!

    Thank you.

  • 0 in reply to keigo.imaizumi

    Hi Keigo, 
    I will try to do the test here but if you take a look at the documentation you can find the instruction: 
    https://infocenter.nordicsemi.com/index.jsp?topic=%2Fug_sniffer_ble%2FUG%2Fsniffer_ble%2Faction_bonded.html

    I think what you did was correct but for some reason it didn't work. I will check 

  • 0 in reply to keigo.imaizumi

    Hi Keigo-san, 

    Please add this line into line 366 in security_dispatcher.c:

       NRF_LOG_HEXDUMP_INFO(p_enc_info->ltk,p_enc_info->ltk_len);

    So it looks like this: 

    You will find the LTK in the log like in the screenshot below , it's 16 bytes key. In your code it seems that it's only 8 bytes for some reason.


    Then the byte order is opposite, so you need to type it in reverse. Please see how it's typed in the sniffer. As you can see in the screenshot the sniffer managed to decrypt the connection. 

    So in my case I have to input to wireshark like this: 
    0x4F2CAA6E357D072F5AE9049A9CB5DA23

    When the log shows: 

    <info> peer_manager_smd: 23 DA B5 9C 9A 04 E9 5A|#......Z

    <info> peer_manager_smd: 2F 07 7D 35 6E AA 2C 4F|/.}5n.,O

    Note that you only have this printout when you re-connect. Not when you first bond. 

Reply
  • 0 in reply to keigo.imaizumi

    Hi Keigo-san, 

    Please add this line into line 366 in security_dispatcher.c:

       NRF_LOG_HEXDUMP_INFO(p_enc_info->ltk,p_enc_info->ltk_len);

    So it looks like this: 

    You will find the LTK in the log like in the screenshot below , it's 16 bytes key. In your code it seems that it's only 8 bytes for some reason.


    Then the byte order is opposite, so you need to type it in reverse. Please see how it's typed in the sniffer. As you can see in the screenshot the sniffer managed to decrypt the connection. 

    So in my case I have to input to wireshark like this: 
    0x4F2CAA6E357D072F5AE9049A9CB5DA23

    When the log shows: 

    <info> peer_manager_smd: 23 DA B5 9C 9A 04 E9 5A|#......Z

    <info> peer_manager_smd: 2F 07 7D 35 6E AA 2C 4F|/.}5n.,O

    Note that you only have this printout when you re-connect. Not when you first bond. 

Children
  • 0 in reply to Hung Bui

    Hello Mr. Hung Bui,

    Following your advice, I implemented dumping the LTK in the security_manager.c file. I tried entering the 16-byte key that appeared here into the sniffer, but I'm still encountering the "Encrypted packet decrypted incorrectly" issue. Does this mean that decryption was unsuccessful? Additionally, does this imply that encrypted communication between the Central and Peripheral is not working well after reconnection?

    Also, is it possible to receive the code you experimented with, Mr. Hung Bui?

  • 0 in reply to keigo.imaizumi

    Hi Keigo, 

    I was testing with ble_app_hrs in SDK v17.1 with the only modification that I showed you. 

    Could you try to test again with the example and try to connect and pair with a phone ? 

    Make sure you click the arrow button after you enter the key (it turns blue when the key is entered and then turns gray after you click it).

    And after that the sniffer needs to capture a new connection, it will not be able to decrypt something it already captured. 

    How long the connection last after you get "Encrypted packet decrypted incorrectly" ?

    Usually this error just shows that the sniffer couldn't decrypt the connection, there is nothing wrong between the peripheral and the central. 

  • 0 in reply to Hung Bui

    Hello, Mr. Hung Bui.

    After setting the key, I clicked the arrow button to confirm the changes in the display. Following that, I captured a new connection, but it is currently in a state where the output reads "Encrypted packet decrypted incorrectly (bad MIC)." It seems that the sniffer is unable to decrypt the connection for some reason. I will also try using ble_app_hrs.

    Additionally, I am considering implementing the central side and trying to debug by checking the peripheral side as well. (Debugging from the central perspective is challenging as it involves a product from a different company.)

  • 0 in reply to keigo.imaizumi

    I'm not so sure why it doesn't work in your case. Have you tried again with a phone and a SDK example ? 
    You can also try to turn off Secure Connection so that it will do Legacy pairing, then it's much easier to sniff the communication without the need for LTK. If the central accept legacy pairing I think it's what you should do to debug. 

  • 0 in reply to Hung Bui

    Good evening, Mr. Hung Bui,

    I tried using ble_app_hrs and checked with both the nrf52840 and a mobile phone. However, when I entered the Long Term Key (LTK) that appears during reconnection into the sniffer, I encountered the message "Encrypted packet decrypted incorrectly (bad MIC)."

    Furthermore, it seems that the central device I am trying to connect to does not support legacy pairing.

Related
Terms of service