• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 38 replies
  • Answers 1 answer
  • Subscribers 75 subscribers
  • Views 10572 views
  • Users 0 members are here
Attachments (12) Download All
Nordic Case Info
  • Case ID: 208596
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Buttonless DFU with bond not working

ssn

Hi,

I'm struggling to get Buttonless DFU with bond enabled working.

Setup details:

1) SDK 14.2

2) DK board - nrf52832

3) nrfconnect app on Android phone (8.0) :

DFU settings = Pkts receipt notification procedure : ON

Number of packets : 10

MBR : 4096

Keep bond information: ON

External MCU DFU : OFF

4) Custom app with bond enabled, BLE_GAP_ADDR_TYPE_RANDOM_STATIC(C1:C1:C1:C1:C1:C1), MITM enabled,

Followed the steps to generate bootloader keys and everything seems to be fine. Flashed SD, BL, APP onto DK board and I can see the app running.

Connected nrfconnect to my custom app, paired succesfully. I can see secure DFU service with Secure buttonless DFU.

After enabling the indication, I write value "0x01" and send to switch to DFU mode. I see device moved to DFU mode but with BD addr = EA:F8:73:D2:B8:CC.

Connected nrfconnect to DfuTarg and if I try to DFU, I think device switches to my custom app and I don't see DFU happening any more.

I'm wondering what would be wrong and I believe encryption fails due to different BD address used in DFU and app mode. What am I missing?

Tried looking into Nordic blogs, dev support but could not move forward. Also, I tried to see the DFU NRF log but I don't see any log messages

All I see on power ON is

<info> µ˜°: Setting vector table to bootloader: 0x00066000
<info> µ˜°: Setting vector table to main app: 0x00023000
<info> µ˜°: Record ID:    0x0001
<info> µ˜°: File ID:    0xF020
<info> µ˜°: Record key:    0x7010

I did used \nRF5_SDK_14.2.0_17b948a\examples\dfu\bootloader_secure_ble\pca10040_debug\armgcc\Makefile with logger enabled and optimization is -O0 in makefile. I'm not sure DFU logger does not show up in RTT viewer.

Attached are the config,make files for reference.

Your help is highly appreciated.

dfu.rarapp.rar

  • 0 in reply to ssn

    I didn't change anything but the NRF_DFU_BLE_REQUIRES_BONDS to 1 in sdk_config.h, and in the rest of the Bootloader project, I only changed the address to match the C0:... address.

    sdk_config.h

     

    Can you also try to program the kit with the attached .hex file (it is included the softdevice and bootloader, your application and bootloader settings file). Then try to perform the DFU with the attached DFU packet, custom_app2.zip.

    fullfile.hex

    custom_app2.zip

    Remember to run your prog_uicr.bat script before programming the fullfile.hex.

     

    Fullfile.hex is the file based on your application, the bootloader generated with bonding required, and the changed address (C0:C0:C0:C0:C0:C0)

    I just want to check whether there might be something wrong with the android app, or in some project settings in one of the projects.

     

    Please also delete bonding information from the phone before connecting in nRF Connect. The  passkey is still the same as it was in your application.

     

    Let me know if it works.

     

    Best regards,

    Edvin

  • 0 in reply to Edvin

    I tried your application and dfu package in two different version of Android phones as below

    Case 1(Moto X4 with Android 8.0, nrfconnect version = 4.19.2):
    I get the same issue of GATT WRITE NOT PERMIT error. Further debugging I can see the application custom services listed in dfu mode which should not be the case
    as custom services are never known in dfu mode. I suspect the phone does not discover the services afresh in dfu mode instead uses the cached stuff got from application. Using the application handle in dfu mode makes
    the device cry and sending GATT WRITE NOT PERMIT error. I did tried with different BD address and I can see the same symptoms.
    I have enabled NRF_SDH_BLE_SERVICE_CHANGED in bootloader config file but still does not help. I believe you should do some workaround in nrfconnect for Android 8.0 or I also suspect nrfconnect 4.19.2 version as I remember this not happening in moto X4 before I updated to this version.

    Case 2(Nexus 5 with Android 6.0.1 with your files, nrfconnect version = 4.19.0):
    I don't see GATT WRITE NOT PERMIT error and dfu works without any issues and completes and device boots up correctly - Hurray!!!. And I don't see the application custom services
    listed in dfu mode either which means the phone discovers the service afresh..

    Case 3(Nexus 5 with Android 6.0.1 with my setup, nrfconnect version = 4.19.0):
    Tried the same stuff with my setup but here I see different issue

    V    01:19:26.612    [DFU] Writing to characteristic 8ec90001-f315-4f60-9fb8-838830daea50
    D    01:19:26.612    [DFU] gatt.writeCharacteristic(8ec90001-f315-4f60-9fb8-838830daea50)
    I    01:19:26.697    [DFU] Data written to 8ec90001-f315-4f60-9fb8-838830daea50, value (0x): 04
    I    01:19:26.807    [DFU] Notification received from 8ec90001-f315-4f60-9fb8-838830daea50, value (0x): 60-04-05
    E    01:19:26.807    [DFU] Remote DFU error: INVALID OBJECT
    V    01:19:26.807    [DFU] Disconnecting...

    Command I use to generate dfu pkg is

    "nrfutil pkg generate --hw-version 52 --sd-req 0x9d --application-version 3 --application C:\Data\Project\Device\repository\device\nordic\gcc\power_strip\_build\nrf52832_xxaa.hex  --key-file C:\Data\Project\Device\repository\device\nordic\gcc\power_strip\_build\private.key C:\Data\Project\Device\repository\device\nordic\gcc\power_strip\_build\app_dfu_package.zip"

    I'm using s132_nrf52_5.0.0_softdevice.hex so 0x9d is correct, What am I missing? This command works fine without bonding.

    Can you use the makefile command to generate the dfu pkg and let me know if it that works please.

    Also, I observed with your files the device does not send disconnect packet to phone on entering bootloader but phone waits for time out. This is not the case on SDK 14.2 as it sends disconnect packet to phone before resetting the device. Is your bootloader something different from what I use?


    Regards
    Suresh

  • 0 in reply to ssn

    Hi,

    Appreciate your response to my previous digest.

    Thank you

    Regards

  • 0 in reply to ssn

    After digging into some I see the bootloader returns INVALID_OBJECT at below code in dfu_req_handling.c

    dfu_handle_prevalidate()
    {
        :
        :
        // calculate the signature
        NRF_LOG_INFO("Verify signature");
        err_code = nrf_crypto_ecdsa_verify_hash(sig_info_p256, &crypto_key_pk, &init_packet_hash, &crypto_sig);
        if (err_code != NRF_SUCCESS)
        {
            NRF_LOG_ERROR("Signature failed");
            nrf_gpio_pin_clear(BSP_LED_3);
            return NRF_DFU_RES_CODE_INVALID_OBJECT;
        }
    }

    Why and what am I doing wrong?

    attached(my_bin.rar) is my generated binaries, could you try with this in your setup and let me know please.

    Also, sdk_config.h file of yours is different from SDK 14.2 and I can't build bootloader with your config file. What bootloader are you using?


    Could you help me with this please as I'm stuck for months in this issue and this is real thing that needs to be re-solved as it can help many other who haven't tried this configuration of DFU.

    my_bin.rar

  • 0 in reply to ssn

    The GATT_WRITE issue was because Android_8.0 app doesn't refresh the service discovery when switching to DFU mode and this can be resolved by clicking on refresh item.

Related
Terms of service