https://devzone.nordicsemi.com/f/nordic-q-a/38243/tracking-down-private-resolvable-addressesHi, there~~ Just noticed that there are codes for the Android nRF connect. github.com/.../Android-nRF-Connect Using that code, I wish to create my personal sniffer that can track nearby arbitrary BLE devices without pairing/bonding using the Githuben-USTelligent Community 13Thu, 06 Sep 2018 15:18:12 GMThttps://devzone.nordicsemi.com/thread/147651?ContentTypeID=1Thu, 06 Sep 2018 15:18:12 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ede22d07-dbac-4e1f-bfe8-2898ed360e9ctesc<p>Hi,</p> <p>That is correct. The whole purpose of the resolvable address is that only bonded devices will know what device it is. It is a privacy feature, so that the device cannot be tracked.</p> <p>Regards,<br />Terje</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/147637?ContentTypeID=1Thu, 06 Sep 2018 14:36:48 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f22908fa-8137-46a1-b14f-060b8caf3d2eMatthew K<p>Thanks for your reply!</p> <p>Just to recap, without bonding with a peripheral,</p> <p>there is no way to tell it is the same peripheral or not after the private resolvable address has changed, right?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/147636?ContentTypeID=1Thu, 06 Sep 2018 14:36:11 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6c008753-835d-4f34-aac2-8ea231c37004Matthew K<p>Thanks for your reply!</p> <p>Just to recap, without bonding with a peripheral,</p> <p>there is no way to tell it is the same peripheral or not after the private resolvable address has changed, right?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/147600?ContentTypeID=1Thu, 06 Sep 2018 13:23:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9098e746-1494-4e28-aaa0-b440a97a3f3fAleksander Nowakowski<p>Hello,</p> <p>On Android it is the system that manages bonding. No bonding information, none of the keys, are available. There is no API to get this kind of data from the phone. The only methods related to bonding are <a href="https://developer.android.com/reference/android/bluetooth/BluetoothDevice.html#createBond()" rel="noopener noreferrer" target="_blank">createBond()</a>, added in API 19 (KitKat) and removeBond() (which has to be invoked with reflections).</p> <p>Also, scanning returns only 48 bits of Bluetooth address, so you are loosing the public-private address type information. Without it you don&#39;t know the address type, as it may be public address and those types you wrote don&#39;t apply.</p> <p>On bonded devices the <a href="https://developer.android.com/reference/android/bluetooth/BluetoothDevice.html#getAddress()">getAddress()</a> method returns resolved address if it could have been resolved, at least I think so.</p> <p>Besides, the code of nRF Connect is not available (for Android and iOS), as stated on the GitHub page you pointed to. If you want, you may write a plugin to nRF Connect for PC. COde for this app is available on GitHub: <a href="https://github.com/NordicSemiconductor/pc-nrfconnect-ble">https://github.com/NordicSemiconductor/pc-nrfconnect-ble</a></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/147595?ContentTypeID=1Thu, 06 Sep 2018 13:03:57 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5ca0a770-fde5-4a62-9543-8477d3cf332ftesc<p>Hi,</p> <p>I do not have an answer to 3), but:</p> <p>1) The resolvable random address can only be resolved using the IRK. You will get the IRK as part of bonding.</p> <p>2) Figuring out if the address is a known resolvable random address can only be done by checking against the list of known IRKs. Our SoftDevices does this automatically, providing in the advertising report event a flag peer_addr.addr_id_peer signalling if it is a resolved address. The two-bit fields that you refer to are actually part of the address itself. For the fourth type of address, &quot;Public Device Address&quot;, those two bits are the two most significant bits of the company_id part of the address.</p> <p>Regards,<br />Terje</p><div style="clear:both;"></div>