Sniffing BLE Diffie-Hellman Key Exchange

RE: Sniffing BLE Diffie-Hellman Key Exchange

Simonr — Fri, 13 Dec 2019 13:39:34 GMT

Hi Tobias

Yes, the nRF51 series does not support Data Length extension (more than 27 bytes) which is why you won't be able to see all the packets with the nRF51 Dongle as a sniffer.

Best regards,

Simon

RE: Sniffing BLE Diffie-Hellman Key Exchange

TobiasM — Fri, 13 Dec 2019 10:06:46 GMT

Hello Simon,

apparently my tablet does support Bluetooth 5.0 but I've tried the nRF52 DK as a sniffer now and was successfully sniffing the public key exchange for the setups:

Interactive App --> Interactive App :  Yes
Interactive App --> Mobile :  Yes
Interactive App --> Connect :  Yes
Connect --> Interactive App :  Yes

Notes:

Interactive App --> Interactive App : Cannot be checked with my current setup

Interactive App --> RN4871 : Cannot be checked right now but I'll hopefully can confirm success as well in a few days

As I'm still quite new to the BLE subject, does the nRF51 Dongle have issues sniffing packets with length extension (251 byte) and therefore wasn't able to get the keys?

So if the LL_LENGTH_RSP max octets (RX /TX) are set to 251 instead of 27 it will not work. Is this correct?

Thanks for your help.

Best regards,

Tobias

RE: Sniffing BLE Diffie-Hellman Key Exchange

Simonr — Thu, 12 Dec 2019 12:59:41 GMT

Hi Tobias

Can you try this out using an nRF52DK (Bluetooth 5 supported device) as you sniffer? The first thing that comes to mind is that the nRF51 is not able to detect the packets in a secure Bluetooth 5 connection, as the connections between Bluetooth 5 devices seem to be the ones you can't obtain the public key on, while you seem to be able to sniff the public keys of (I assume the tablet is not BLE 5 compatible) devices communicating using BLE 4.2. Please try sniffing the connections using a 52 DK and get back to me with the results.

Best regards,

Simon