• State Verified Answer
  • Replies 31 replies
  • Subscribers 73 subscribers
  • Views 11010 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 117593
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Buttonless DFU Example broken

parco

Hi there,

I know you guys are very busy and I appreciate your quick response on Devzone.

I'd like to make a request for a more polished example of Buttonless DFU using SDK 12.1 with nRF52.

We are nearing production and if there's anything I'd like to get in concrete, it's a reliable way to upgrade firmware in the field.

The current example is not working out of the box, and the documentation doesn't offer a complete start to finish of how to upgrade. For example, what should we do after we send a 0x01 to the characteristic?

Thanks, Paul

  • 0 in reply to pmeilleur

    Hi Sam,

    We do plan to have bonding supported in the next release of the SDK. But still, attacker may have access to the phone (or to the .zip DFU package) and find the unencrypted firmware )

    I'm not an expert in security, but what exactly the risk of having replay attack ? The attacker can't modify the firmware, if he send the same firmware, you can tell the bootloader to reject the firmware if the firmware version is the same (default behaviour is to accept it)

  • 0 in reply to pmeilleur

    Hi Hung,

    Thanks for the reply. It is good to know that sharing of bonding information will be supported in the upcoming SDK release. Any idea when the SDK will be available?

    I understand that anyone who gets the .zip DFU package might be able to reverse engineer the FW even though bonding information is shared between the App and the Bootloader. Yes, my concern about the replay attack is exactly what you mentioned above. Someone can just replay the OTA DFU packets (since they currently go unencrypted on air and hence are easy to sniff on air for any malicious user) and force the costly operation of firmware update on the device. As you mentioned, I can change the default bootloader behavior to reject DFU if the FW version is the same to avoid such situation.

    Thanks, Sam

  • 0 in reply to pmeilleur

    @kevin I downloaded Vidar's version and don't see what makes that buttonless. What exactly does this mean: "Enable notifications on the control point, and write 0x01 to enter DFU mode" What is the nature of the trigger for entering DFU, is it something the application does or something it's always listening for when running? Thx.

  • 0 in reply to pmeilleur

    @Paul: Please create a new case when you have question. This is a pretty old case and we have buttonless supported natively in SDK v14. Please find it here. Make sure you have a look at the Buttonless Secure DFU Service to know how it works.

  • 0 in reply to Hung Bui

    I tried this in SDK v14 and when the device enter DFU in the bootloader (no bounding) nothing happen while waiting for event.

    NRF Connect is stuck at start 0%

    0> <info> app: Device is preparing to enter bootloader mode.
     0> <info> app: Device will enter bootloader mode.
     0> <info> app: Power management wants to reset to DFU mode
     0>
     0> <info> app: reset_prepare disconnect from peer
     0> <info> app: reset_prepare app_timer_stop_all
     0> <info> app: reset_prepare ble_conn_params_stop
     0> <info> app: startDFU enter
     0>
     0> <info> app: Inside main
     0> <debug> app: In nrf_bootloader_init
     0> <debug> app: In real nrf_dfu_init
     0> <debug> nrf_dfu_settings: Running
    nrf_dfu_settings_init(sd_irq_initialized=false).
     0> <debug> nrf_dfu_flash: Calling
    nrf_dfu_flash_init(sd_irq_initialized=false)...
     0> <debug> nrf_dfu_flash: Initializing nrf_fstorage_nvmc backend.
     0> <debug> app: Initializing the clock.
     0> <debug> app: Enter nrf_dfu_continue
     0> <debug> app: Valid App
     0> <debug> app: In nrf_dfu_enter_check user
     0> <debug> app: enter FDU
     0> <debug> app: Application sent bootloader request
     0> <debug> app: In nrf_dfu_transports_init
     0> <debug> app: num transports: 1
     0> <debug> app: Initializing BLE DFU transport
     0> <debug> app: vector table: 0x00073000
     0> <debug> app: vector table: 0x00073000
     0> <debug> app: Error code - sd_softdevice_vector_table_base_set: 0x00000000
     0> <debug> app: Enabling SoftDevice.
     0> <warning> nrf_sdh_ble: RAM starts at 0x20002830, can be adjusted
    to 0x20002180.
     0> <warning> nrf_sdh_ble: RAM size can be adjusted to 0xDE80.
     0> <debug> app: SoftDevice enabled.
     0> <debug> app: nrf_dfu_settings_adv_name_is_valid FALSE
     0> <debug> app: Regular adv name
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: Finished initializing BLE DFU transport
     0> <debug> app: After nrf_dfu_transports_init
     0> <debug> nrf_dfu_flash: Calling
    nrf_dfu_flash_init(sd_irq_initialized=true)...
     0> <debug> nrf_dfu_flash: Initializing nrf_fstorage_sd backend.
     0> <debug> app: Waiting for events
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: #### Advertising NO BONDING ####
     0> <debug> app: #### Advertising NO BONDING ####

    then switch back to APP

Related
Terms of service