• State Verified Answer
  • Replies 5 replies
  • Subscribers 63 subscribers
  • Views 1658 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 129685
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF8001 D shows whitelisting behaviour paired with public address peer

hodrussi

I’m trying to create a nRF8001 device without the need for any keys, because the device will be inaccessible in mounted condition. Additionally the connection must be secured and unauthenticated (just Works).

In case a new peer device is requesting bonding procedure with my already paired nRF8001-Device, the pairing information is going to be deleted. On the second connection attempt pairing information is deleted and a secured connection can be established.

This works fine with modern Android devices with random resolvable private addresses. However this does not work with my old HTC One (Android 5.0.2) with a public address chip. In case the nRF8001-Device has been bonded with a public address peer, SCAN_REQ and CONNECT_REQ packages are ignored.

Here is a commented sniffer record: public_address_anomaly.pcapng

I read about nRF8001 whitelist setting on link text but the setting is disabled.

Did I miss anything? Is there a second parameter in setup data that must be altered? Is there a documentation of the volatile dynamic data structure? Can the dynamic data be changed to prevent this behaviour?

Parents
  • 0

    Can the dynamic data be changed to prevent this behaviour?

    Answer is yes. Thanks to the dynamic data format provided by David I was able to create a workaround.

    Even though the withelist setting was disabled in setup data (dm_dev_settings_t -> dm_ds_v3_data_t -> 0x01) nRF8001 generated dynamic data with whitelisting enabled. This occurs in case of bond with public address peer.

    See dynamic data analysis: Dyn_Data_Analysis.txt

    The workaround is to alter dynamic data (Tag => ACI_DD_TAG_MRG_LIN => dm_mrg_lin_data_t -> dm_peer_state_t -> byte[1] -> bit[6] -> 0b1 (0b1 => whitelist disabled) ) and write it back to nRF8001. This can be done in general or in case peer adress type from Connect_Event is public.

    Furthermore, i discovered that bytes addr_self_type & init_bdaddr_type in the dynamic data set are wrong. Public Address type should be 0x01 instead of 0x00 Random Static Address type should be 0x02 instead of 0x01 Random Private Address (Resolvable) should be 0x03 instead of 0x01 This could be the origin of the problem.

    In case there is an easier solution, please let me know. Thanks

  • 0 in reply to hodrussi

    I have not changed these values. I just discovered unexpected values in my dynamic data readings. ("Dyn_data_Analysis.txt") The readings are differnt from the nrf8001 product specification and the values from Connect_Event.

    My readings show:

    init_bdaddr_type for Sony Xperia X Compact(random private resolvable): 0x01(Type1) it should be 0x03(Type3)

    init_bdaddr_type for HTC One (public): 0x00(Type0) it should be 0x01(Type1)

    addr_self_type for nRF8001 (random private static): 0x01 it should be 0x02 (Type2)

    Type0 does not exist according to product specification and nRF8001 and Sony Xperia X Compact must not generate indentical values.

Reply
  • 0 in reply to hodrussi

    I have not changed these values. I just discovered unexpected values in my dynamic data readings. ("Dyn_data_Analysis.txt") The readings are differnt from the nrf8001 product specification and the values from Connect_Event.

    My readings show:

    init_bdaddr_type for Sony Xperia X Compact(random private resolvable): 0x01(Type1) it should be 0x03(Type3)

    init_bdaddr_type for HTC One (public): 0x00(Type0) it should be 0x01(Type1)

    addr_self_type for nRF8001 (random private static): 0x01 it should be 0x02 (Type2)

    Type0 does not exist according to product specification and nRF8001 and Sony Xperia X Compact must not generate indentical values.

Children
No Data
Related