• State Verified Answer
  • Replies 22 replies
  • Subscribers 74 subscribers
  • Views 5352 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 264461
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Pairing passkey , cancel pairing on android side still give access to characteristic

Olfox

Hi ,

I'm working on nrf52833, s113. 

I have trouble to secure my system. It has no kayboard or screen, and with 6digit fixd pathkey( no other choice).

That's mean it advertise once wake up with accelerometre. 

I want to protect access to my 4 characteristics. So i enable bounding and  MITM. to have the passkey popup on android. Without MITM, i don't have passkey pop up. But then the strange stuff appar:

My program is based on hrs example + dfu merging.

I was thinking that, by using pairing protection with 6 digit fixed pathkey( no other choice cause no IO), i would not be able to read/write my characteriqtics. But with nrfConnect, if you are fast enough, when bounding window pops up , and you click cancel and really fast after, you are able to click on the row to read a characteristics, the connexion is maintained and you have access to all , without been securly paired !!! Note that here, my charac are in OPEN. I juste relly on the fact that the passkey will avoid to go next step...

I know i can protect each caracteristic by using : BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM , what i did. 

But a side effect appears: after first pairing on the phone by writing the 6 digit passkey, the same windows pops up FOR EACH characteristic you read ( only the first time) ... so it s a bit anoying because you have the feeling to have paired at connexion step , but in fact it has absolutely no impact on security.

If you click cancel you are still connected and if fast enough you can even have access to all. If you paired successfully, you will have to enter this same path key for each characteristic you have protected, what give a strange effect to the final user, he has the feeling that first pairing didn't worked.

What i need is :First, ask pairng after connect. If yes 6digit ok , no more asked user to enter pathkey. If no or cancel, close connexion or retry but doesn't give access. Only paired device should have access.

Hope to have been clear :)

  • 0 in reply to Olfox

    Hi Florian, 

    Do you add pm_handler_secure_on_connection to ble_evt_handler function to handle the connection? The function is for securing a connection when it is established. You can refer to ble_app_gls on how to use it. 

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Ha no , i just compare both code and i don't have the same  in main. I have this : 

    static void pm_evt_handler(pm_evt_t const * p_evt)
{
    pm_handler_on_pm_evt(p_evt);
    pm_handler_flash_clean(p_evt);
}

    So by going deeper i see there is some check in peer_manager_handler.c , but it doesn't disconnect if it wasn't a mitm connexion like in gls code.

    Here is the management in my handler:

    void pm_handler_on_pm_evt(pm_evt_t const * p_pm_evt)
{
    pm_handler_pm_evt_log(p_pm_evt);

    if (p_pm_evt->evt_id == PM_EVT_BONDED_PEER_CONNECTED)
    {
        conn_secure(p_pm_evt->conn_handle, false);
    }
    else if (p_pm_evt->evt_id == PM_EVT_ERROR_UNEXPECTED)
    {
        NRF_LOG_ERROR("Asserting.");
        APP_ERROR_CHECK(p_pm_evt->params.error_unexpected.error);
    }
}

    At first connect, user has not yet pairing with the code, so will the connexion be closed ?

    Thanks a lot , i hope it is the weak point in my system

  • +1 in reply to Olfox

    You need pm_handler_disconnect_on_sec_failure() function as the  ble_app_gls example to disconnect when the connection could not be secured.

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    That was the point !!!

    Thanks, now if i click Cancel when pop up arrive, it disconnects the link and i also add all the print for pm_event. When i click cancel i can see PM_EVT_CONN_SEC_FAILED happen and then cnnexion is forced close by nrf52833 so that's good !

    I have still few thing that is not perfect:

    1. When chip is erased, blank, no bounded device in memory. Android not bounded anymore too. All systeme freshly new. I can connect and see the list of char. Because i protected it, i can't read without pairing by 6 digit code. But is there a way to pop up 6 digit windows after connexion and not only when i try to read a characteristic ?

    2.I f i unbound from Android side, for sur, it stay bounded in my nrf52 memory. How many bounded device can we add in memory before to be full ?

    3. Sould I prepare a way to clean bounded device to avoid being out of memory ? I have a settings char, can i use it for calling a cleaning bounded device function for example or is there a better native way to do it please ?

    4. If i do the contrarie, keep bounded in android nrf App, but clear my uC. I try to connect, and this error happen:

    <info> app: 	 PM_EVT_CONN_SEC_START                 	
<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Encryption, error: 4102
<warning> peer_manager_handler: Disconnecting conn_handle 0.
<info> app: 	 PM_EVT_CONN_SEC_FAILED                	
<info> app: 	  BLE_GAP_EVT_SEC_INFO_REQUEST	
<debug> nrf_sdh_ble: BLE event: 0x11.
<info> app: DISCONNECTED

    pop up windows doesn't appear, so i have to unbound in Android and start a fresh new pairing process.

    thanks a lot for your help, at least i progress Slight smile

  • 0 in reply to Olfox

    Hi Florian,

    Olfox said:
    But is there a way to pop up 6 digit windows after connexion and not only when i try to read a characteristic ?

    You need to add pm_handler_secure_on_connection to ble_evt_handler function to handle the connection? The function is for securing a connection when it is established. You can refer to ble_app_gls on how to use it.  

    Olfox said:
    How many bounded device can we add in memory before to be full ?

     See this answer.  

    Olfox said:
    3. Sould I prepare a way to clean bounded device to avoid being out of memory ?

    You can use pm_peers_delete() which is a function deleting all data stored for all peers. As for the disconnections, you do this however you like, for example by calling a sd_ble_gap_disconnect event. You can refer to ble_app_gls on how to use it.  

     

    Olfox said:
    4. If i do the contrarie, keep bounded in android nrf App, but clear my uC. I try to connect, and this error happen:

     The error is as expected because the device lost the bond information. You have to delete bond info on the phone. 

    -Amanda H.

Related
Terms of service