This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF Sniffer decryption is not working after entering passkey

I am a newbie with nRF Sniffer, which I have installed on one PCA10040 board. I am sniffing communications between a Samsung phone running nRF Connect and a second PCA10040 running the glucose sample app.


I believe I am following the instructions in the User Guide section 5.5: when the glucose app prints the 6-digit passkey I enter this into Wireshark and type enter, then I enter it into the phone. The phone and peripheral then bond and work, but Wireshark starts printing "Encrypted packet decrypted incorrectly (Bad MIC)" . When I click on Log I see this:

INFO: Setting Passkey: 691295

INFO: Sent key value to sniffer: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, 140, 95]

A screenshot is here:

/resized-image/__size/640x480/__key/support-attachments/beef5d1b77644c448dabff31668f3a47-e588f28969f94ee0a39b08c9e8afde0d/Screenshot-2018_2D00_11_2D00_19-10.57.32.png

Q1: Are my results expected? What should I do differently?

Q2: Assuming I am able to get beyond this problem, is it possible to sniff subsequent connections? The Central and Peripheral will be bonded and the peripheral will not print a passkey. Can nRF Sniffer decrypt the second session based on keys it has saved?

Parents
  • Can you mention the wireshark version used, nRF sniffer version used and board version.

    Q2: Yes, nRF Sniffer should be able to sniff the subsequent re-connections.

    Q1: Seems to be as expected on actions. On the timing of actions, ensure that the wireshark has the PIN before you tap to accept on the device screen (which you seem to have done as well).

    Ensure you are using the nRF Sniffer v2 Beta 3 .

    I will investigate after you have posted the versions of the software and hardware as requested above.

  • I installed software last Friday, so should be "latest".

    Wireshark says 2.6.4

    I have two nRF52 boards with labels that say PCA10040 1.2.4 2018.39 (nRF sniffer) and 2018.49 (Peripheral).

    nRF Sniffer was extracted from a zip file nrf_sniffer_2.0.0-beta3_12oct2018_1c2a221.zip

    I confirm that I entered the passkey in Wireshark before entering it in the Central.

    The peripheral, slave and central are within say 75cm of each other. AFAIK I disable BLE on other nearby devices.

    I have just tried sniffing a different peripheral which uses Just Works bonding (no passkey). I continued to use nRF Connect on the Samsung phone. They bond correctly but nRF Sniffer behaves the same, with "Encrypted packet decrypted incorrectly" immediately after the LL_START_ENC_REQ packet.

Reply
  • I installed software last Friday, so should be "latest".

    Wireshark says 2.6.4

    I have two nRF52 boards with labels that say PCA10040 1.2.4 2018.39 (nRF sniffer) and 2018.49 (Peripheral).

    nRF Sniffer was extracted from a zip file nrf_sniffer_2.0.0-beta3_12oct2018_1c2a221.zip

    I confirm that I entered the passkey in Wireshark before entering it in the Central.

    The peripheral, slave and central are within say 75cm of each other. AFAIK I disable BLE on other nearby devices.

    I have just tried sniffing a different peripheral which uses Just Works bonding (no passkey). I continued to use nRF Connect on the Samsung phone. They bond correctly but nRF Sniffer behaves the same, with "Encrypted packet decrypted incorrectly" immediately after the LL_START_ENC_REQ packet.

Children
Related