This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Decrypt captured packets on sniffer

I have a Teledyne protocol analyzer for capturing over the air data between an nRF52840-DK and an iPhone 8 device. How do I obtain the encryption key from the nRF52840 SoC to decode these messages? I have successfully parsed the HCI log file from an Android phone and decrypted the messages between it and the nRF52840-DK but Apple does not provide this capability and has responded to my incident stating the peripheral should be capable of providing the LTK that I need.

0 Edvin over 7 years ago

Hello,

I see.

If you want to sniff the link, I believe you have two options. One of them is to delete the bonding information on both your phone and the nRF, so that the link will be encrypted with a new LTK the next time they connect. If the sniffer is sniffing while these keys are exchanged, then it will pick up the keys, and it will decrypt the messages.

I don't know whether you are using an Out Of Band key (OOB - 6 digit passkey) or not, but if you do, you need to enter this in wireshark before you enter it on the phone.

If you for some reason can't delete the bonding information, you can probably find the LTK by doing some debugging. I am not sure what your application looks like, but it should be possible to find it with debugging (probably after the whitelist is loaded, before you enter the connection). This is a bit more work (because I am not sure exactly where to find it), but let me know if that is the only viable option, and you can't find it. If you could send your project, or at least tell me what SDK version you are using, and it would be really helpful to know what example you started off with.

BR,

Edvin
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel