• State Verified Answer
  • Replies 5 replies
  • Subscribers 68 subscribers
  • Views 3897 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 213468
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Tracking down private resolvable addresses

Matthew K

Hi, there~~ Just noticed that there are codes for the Android nRF connect.

github.com/.../Android-nRF-Connect

Using that code, I wish to create my personal sniffer that can track nearby arbitrary BLE devices without pairing/bonding

using the Github code and my Nexus 5 phone (Android 6.0).

So I have some questions!

1) Considering this past question 

devzone.nordicsemi.com/.../resolving-private-resolvable-addresses

is it not possible to resolve the private resolvable address unless I have the bonding information or the IRK?

In other words, I do have to at least pair/bond to a device if I want to resolve the device's private resolvable address?

2) 

  • 11:  Static
  • 01:  Non-resolvable
  • 00:  Resolvable

I searched the address types. Are these 2-bit fields shown from the advertising packet?

Or which bit-fields contain this address type?

I was curious whether I can determine whether the advertising device uses a public/resolvable/random address by sniffing the advertising packet.

3) I couldn't find one but have anyone found an Android SDK that can get the bonding information or the IRK?

Thanks a million!

Parents
  • +1

    Hello,

    On Android it is the system that manages bonding. No bonding information, none of the keys, are available. There is no API to get this kind of data from the phone. The only methods related to bonding are createBond(), added in API 19 (KitKat) and removeBond() (which has to be invoked with reflections).

    Also, scanning returns only 48 bits of Bluetooth address, so you are loosing the public-private address type information. Without it you don't know the address type, as it may be public address and those types you wrote don't apply.

    On bonded devices the getAddress() method returns resolved address if it could have been resolved, at least I think so.

    Besides, the code of nRF Connect is not available (for Android and iOS), as stated on the GitHub page you pointed to. If you want, you may write a plugin to nRF Connect for PC. COde for this app is available on GitHub: https://github.com/NordicSemiconductor/pc-nrfconnect-ble

Reply
  • +1

    Hello,

    On Android it is the system that manages bonding. No bonding information, none of the keys, are available. There is no API to get this kind of data from the phone. The only methods related to bonding are createBond(), added in API 19 (KitKat) and removeBond() (which has to be invoked with reflections).

    Also, scanning returns only 48 bits of Bluetooth address, so you are loosing the public-private address type information. Without it you don't know the address type, as it may be public address and those types you wrote don't apply.

    On bonded devices the getAddress() method returns resolved address if it could have been resolved, at least I think so.

    Besides, the code of nRF Connect is not available (for Android and iOS), as stated on the GitHub page you pointed to. If you want, you may write a plugin to nRF Connect for PC. COde for this app is available on GitHub: https://github.com/NordicSemiconductor/pc-nrfconnect-ble

Children
Related