• State Not Answered
  • Replies 3 replies
  • Subscribers 66 subscribers
  • Views 121 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 330782
Options

"Encrypted packet decrypted incorrectly (bad MIC)" - how to get LTK

ilker Aktuna

Hi,

I am trying to sniff between my phone and a BLE device.

When I put the device in pairing mode, I can see it in the "advertising" list. Then I select it (but I don't know if I should select anything from the "legacy passkey", "legacy ltk", "follow le address") 

I can see packets from/to that device.

Then I make the pairing on my phone (no PIN is required)

But then I can't get any data , all is encrypted and all I see is "empty PDU" or "Encrypted packet decrypted incorrectly (bad MIC)"

What is the correct method ?

As far as aI remember from my past experiences, if I sniff within the pairing session , I should not need a LTK.

But if LTK will help, can you guide me how to get the LTK ?

Btw, if I do the pairing, I no longer see the device in "advertising" list. If I get the LTK and try to sniff after pairing, how do I filter that device ?

Parents
  • 0

    Hi,

    If your device has no lesc, then you can sniff LTK in pairing process.

    Otherwise, you need a LTK to decrypt packet.

    LTK will store in flash if you use bonding.

    But you need to provide which sdk you use.

  • 0 in reply to billtsai

    thanks for your response. But I am not a professional and the terms you use  , I am not familiar with them.

    "if your devişce has no lesc" -> what is lesc , and how do I know if my device has lesc ?

    "then you can sniff LTK in pairing process" -> how can I do that ?

    "which sdk you use." -> I don't know. I have a laptop with Wireshark installed and 2 years ago I had installed extensions to sniff using nRF52840. I had followed official guides that time. But I'm not sure where the guide is now.

Reply
  • 0 in reply to billtsai

    thanks for your response. But I am not a professional and the terms you use  , I am not familiar with them.

    "if your devişce has no lesc" -> what is lesc , and how do I know if my device has lesc ?

    "then you can sniff LTK in pairing process" -> how can I do that ?

    "which sdk you use." -> I don't know. I have a laptop with Wireshark installed and 2 years ago I had installed extensions to sniff using nRF52840. I had followed official guides that time. But I'm not sure where the guide is now.

Children
Related