Hi,

If your device has no lesc, then you can sniff LTK in pairing process.

Otherwise, you need a LTK to decrypt packet.

LTK will store in flash if you use bonding.

But you need to provide which sdk you use.

thanks for your response. But I am not a professional and the terms you use  , I am not familiar with them.

"if your devişce has no lesc" -> what is lesc , and how do I know if my device has lesc ?

"then you can sniff LTK in pairing process" -> how can I do that ?

"which sdk you use." -> I don't know. I have a laptop with Wireshark installed and 2 years ago I had installed extensions to sniff using nRF52840. I had followed official guides that time. But I'm not sure where the guide is now.

Hi,

The device actually uses lesc.

If you can't read the device's flash, It's impossible to get the LTK throug sniffer.

thank you. Would that be possible to sniff from the phone (on the phone , using hci snoop ?)

Hi,

all I see is "empty PDU" or "Encrypted packet decrypted incorrectly (bad MIC)"

It is most commonly caused by the sniffer not having the private keys for the connection, so it can not decrypt the packages it intercepts.

Please check  Exercise 3 Follow and decrypt a paired connection on how to get the LTK if you are using NCS. It cannot decrypt without a LTK. 

-Amanda H.

I'm not sure the tool will provide enough information or not.

I have read through that tutorial/course, but as you can see in my scenario, LTK is not transferred in pairing phase (or am I missing it ?) 

I have already provided you pcap output, so you can see from there.

So what is the point of following that tutorial in my case ?

If the LTK is not provided while pairing , I won't be able to decrypt packets. 

I asked you if it would be possible to get the LTK , or decrypt using hci sniff on the android phone.

I could not get an answer to this.

So what is the purpose of suggesting me to read the tutorial (which I already did) ?

I have read through that tutorial/course, but as you can see in my scenario, LTK is not transferred in pairing phase (or am I missing it ?) 

I have already provided you pcap output, so you can see from there.

So what is the point of following that tutorial in my case ?

If the LTK is not provided while pairing , I won't be able to decrypt packets. 

I asked you if it would be possible to get the LTK , or decrypt using hci sniff on the android phone.

I could not get an answer to this.

So what is the purpose of suggesting me to read the tutorial (which I already did) ?

ilker Aktuna said:

if it would be possible to get the LTK , or decrypt using hci sniff on the android phone.

I think it cannot get LTK from your sniffer log, but you can refer to that course to get LTK if you are using NCS. 

I am sorry, I don't understand. What is NCS ? 

NCS is our nRF Connect SDK. 

sorry but you support people don't understand my scenario, I believe.

I am not using your devices to simulate or develop something.

I am using your device ONLY to sniff traffic between 2 other devices. In this scenario, using nRF Connect SDK will not help me. So why are you frequently mentioning it ? It is useless for me.

I am just looking for help (if there's any possibility) to sniff traffic between and Android app and a custom BLE device.

If that's not possible in my scenario, just let me know and close this question.