• State Verified Answer
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 1930 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 241045
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Sniffing BLE Diffie-Hellman Key Exchange

TobiasM
Hello,
I'm currently trying to sniff the DH Key Exchange as specified in Spec 5.1 p.2446. I'm using the nRF51 Dongle as sniffer, the nRF52 DK as slave and the nRF52840 DK as master for connection and pairing establishment. I've started by using the Interactive App of the SDK16.0.0 and couldn't see the public keys being exchanged between the devices. I don't use the micro-ecc backend, instead I'm working with the default backend, according to
infocenter.nordicsemi.com/index.jsp -> CC310 for the nRF52840 DK and Oberon for nRF52 DK.
After I played around some time I encountered a somehwat strange behaviour if it comes to sniffing the public keys of the key exchange. I will list the different setups I used for sniffing the pairing of 2 devices.

Some additional info about my setup: I always used the nRF52 DK as slave and the nRF52840 as master except for the RN4871 chip (from Microchip) which was used as slave in those cases and the nRF52840 DK as master. Also when I used the nRF Connect Mobile App, the nRF52 DK was used as slave and a Samsung tablet as master. For checking the sniffed data I was using Wireshark with the 2.0.0 sniffer plugin. If I was using the nRF Connect Programm on PC I will refer to it as Connect and the mobile version as Mobile.

First Device is using  -->  Second Device is using  :  Successfully sniffing public keys?
Interactive App --> Interactive App  :  No
Interactive App --> Mobile  :  Rcvd Pairing Public Key only
Interactive App --> Connect  :  No
Connect --> Interactive App  :  No
Connect --> Mobile  :  Yes
Connect --> Connect  :  Yes
Mobile --> Interactive App  :  Yes
Mobile --> Connect  :  Yes
Interactive App --> RN4871  :  No
Mobile --> RN4871  :  Yes
It depends on my setup if I'm able to see the public keys getting exchanged. I have attached 2 pcap files, one of them is showing a complete exchange of the DH keys in the other file there are only L2CAP fragments which don't seem to hold key data. Could there be any reason why the sniffer doesn't capture public keys in certain setups? I noticed that in some cases the capturing is a little bit unstable, sometimes I was only able to see one public key. But I have already tried several times to check whether or not I can sniff the key using only the Interactive App on both devices.
I would really appreciate some feedback about this issue and hope my sniffer does work as intended.
Best regards,
Tobias
Parents Reply Children
No Data
Related
Terms of service