• State Verified Answer
  • Replies 3 replies
  • Subscribers 67 subscribers
  • Views 4496 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 103289
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

A question about CCCD

gootoomoon

when I add my own service and add characteristic, a odd phenomenon confuse me.

When I set cccd_md.write_perm:

BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);

My ble device can't be bond with iphone4s But when I set it like this:

BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm);

bond ok.

What't the different between this two mode?

========= On the next I found this: When I use "BLE_GAP_CONN_SEC_MODE_SET_OPEN" notifcation is ok in both Android and iOS but when I change to "BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM" Android notification is not work, it will return error 8 (invalid states)

So please help me! Thanks.

Parents
  • 0

    So everything works fine with iOS, connection in Android works but it cannot write to the CCCD? I guess there is something wrong with your Android bonding procedure.

    I think that SET_OPEN means no protection at all and all data is visible on air for everyone to see. ENC_NO_MITM means that the data exchange is encryptet based on a generated Short Term Key (STK) but no passkey (keyboard, OOB like NFC) is used, so transactions are still vulnerable to Man In The Middle attacks. In other words, if someone is sniffing the packet transactions during connection, they can easily read out the key exchange and decrypt your data.

    Setting this open for everyone to edit, in case I say something terribly wrong

Reply
  • 0

    So everything works fine with iOS, connection in Android works but it cannot write to the CCCD? I guess there is something wrong with your Android bonding procedure.

    I think that SET_OPEN means no protection at all and all data is visible on air for everyone to see. ENC_NO_MITM means that the data exchange is encryptet based on a generated Short Term Key (STK) but no passkey (keyboard, OOB like NFC) is used, so transactions are still vulnerable to Man In The Middle attacks. In other words, if someone is sniffing the packet transactions during connection, they can easily read out the key exchange and decrypt your data.

    Setting this open for everyone to edit, in case I say something terribly wrong

Children
Related