"Encrypted packet decrypted incorrectly (bad MIC)" - how to get LTK

Hi,

I am trying to sniff between my phone and a BLE device.

When I put the device in pairing mode, I can see it in the "advertising" list. Then I select it (but I don't know if I should select anything from the "legacy passkey", "legacy ltk", "follow le address")

I can see packets from/to that device.

Then I make the pairing on my phone (no PIN is required)

But then I can't get any data , all is encrypted and all I see is "empty PDU" or "Encrypted packet decrypted incorrectly (bad MIC)"

What is the correct method ?

As far as aI remember from my past experiences, if I sniff within the pairing session , I should not need a LTK.

But if LTK will help, can you guide me how to get the LTK ?

Btw, if I do the pairing, I no longer see the device in "advertising" list. If I get the LTK and try to sniff after pairing, how do I filter that device ?

Parents

0 billtsai 26 days ago

Hi,

If your device has no lesc, then you can sniff LTK in pairing process.

Otherwise, you need a LTK to decrypt packet.

LTK will store in flash if you use bonding.

But you need to provide which sdk you use.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ilker Aktuna 26 days ago in reply to billtsai

thanks for your response. But I am not a professional and the terms you use , I am not familiar with them.

"if your devişce has no lesc" -> what is lesc , and how do I know if my device has lesc ?

"then you can sniff LTK in pairing process" -> how can I do that ?

"which sdk you use." -> I don't know. I have a laptop with Wireshark installed and 2 years ago I had installed extensions to sniff using nRF52840. I had followed official guides that time. But I'm not sure where the guide is now.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ilker Aktuna 11 days ago in reply to billtsai

which tool ? and in what situation ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Amanda Hsieh 11 days ago in reply to ilker Aktuna

ilker Aktuna said:
if it would be possible to get the LTK , or decrypt using hci sniff on the android phone.

I think it cannot get LTK from your sniffer log, but you can refer to that course to get LTK if you are using NCS.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ilker Aktuna 10 days ago in reply to Amanda Hsieh

I am sorry, I don't understand. What is NCS ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Amanda Hsieh 9 days ago in reply to ilker Aktuna

NCS is our nRF Connect SDK.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ilker Aktuna 7 days ago in reply to Amanda Hsieh

sorry but you support people don't understand my scenario, I believe.

I am not using your devices to simulate or develop something.

I am using your device ONLY to sniff traffic between 2 other devices. In this scenario, using nRF Connect SDK will not help me. So why are you frequently mentioning it ? It is useless for me.

I am just looking for help (if there's any possibility) to sniff traffic between and Android app and a custom BLE device.

If that's not possible in my scenario, just let me know and close this question.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 ilker Aktuna 7 days ago in reply to Amanda Hsieh

sorry but you support people don't understand my scenario, I believe.

I am not using your devices to simulate or develop something.

I am using your device ONLY to sniff traffic between 2 other devices. In this scenario, using nRF Connect SDK will not help me. So why are you frequently mentioning it ? It is useless for me.

I am just looking for help (if there's any possibility) to sniff traffic between and Android app and a custom BLE device.

If that's not possible in my scenario, just let me know and close this question.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data