nrf sniffer with BLE communication indicates bad MIC

RE: nrf sniffer with BLE communication indicates bad MIC

Kenneth — Wed, 18 Sep 2019 13:48:43 GMT

Unfortunately it seems Wireshark can't support this, however for instance Ellisys and Frontline sniffer may (though they are much more expensive).

Edit: It may be possible to set LTK in Wireshark also, can you try to follow the procedure to set OOB as described in the nRF sniffer user guide, this may work:

https://infocenter.nordicsemi.com/topic/struct_nrftools/struct/nrftools_nrfsniffer.html

RE: nrf sniffer with BLE communication indicates bad MIC

Akram — Tue, 17 Sep 2019 14:00:35 GMT

Hi Kenneth,

Thank you for your reply. Could you advice how to configure Wireshark with LTK key?

RE: nrf sniffer with BLE communication indicates bad MIC

Kenneth — Tue, 17 Sep 2019 12:21:03 GMT

Hello,

If you are using LE secure connection (Diffie-Hellman) then it is not possible to decrypt the link. The only way would be if you can extract the LTK key from one of the peer devices.

So you would need to modify the application firmware running on the nRF52. From my understanding the easiest may be to call pm_peer_data_bonding_load() to fetch LTK, this can for instance be done after PM_EVT_PEER_DATA_UPDATE_SUCCEEDED event, and then output this on UART and then insert this into the sniffer trace manually.

Best regards,
Kenneth