• State Verified Answer
  • Replies 3 replies
  • Subscribers 66 subscribers
  • Views 6535 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 114034
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is nRF Sniffer doing decryption?

Elias

I recently tried to add security features (encryption, no MITM) to my application, and I am using nRF Sniffer to verify. nRF Master Control Panel gives me the request for the devices to pair and says that the devices are bonded. However, even though Sniffer/Wireshark says "Encrypted: Yes", it still gives me perfectly readable data. So, is nRF Sniffer just smart enough to decrypt messages as long as it's listening to that connection from the beginning?

Also, is it possible to view "junk" traffic? It would make me feel a bit better to be able to see decryption obviously not working, i.e. seeing unreadable packets.

Parents
  • 0

    The sniffer picks up the encryption key if it is listening during the key exchange, and when it has this key it is able to decrypt the BLE traffic. But the sniffer will not be able to decrypt the packets if the key exchange took place before it started 'sniffing'. You will then see "junk" traffic.

  • 0 in reply to Vidar Berg

    You answered my first question, but when the connection is encrypted, I cannot see any traffic whatsoever, even though I know some (presumably encrypted) traffic is happening. Should I actually be getting the junk packets, or is there a way to enable viewing them?

    Alternatively, sniffing a secure connection from the start and then deleting the keys to simulate this would also be acceptable. I still want to actually see the encrypted packets.

Reply
  • 0 in reply to Vidar Berg

    You answered my first question, but when the connection is encrypted, I cannot see any traffic whatsoever, even though I know some (presumably encrypted) traffic is happening. Should I actually be getting the junk packets, or is there a way to enable viewing them?

    Alternatively, sniffing a secure connection from the start and then deleting the keys to simulate this would also be acceptable. I still want to actually see the encrypted packets.

Children
No Data
Related