This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Pairing without entering the PIN

H,

I have a problem, that I can connect to my BT device without entering the PIN upon first paring.
The device is based on nRF52832 and I followed peripheral_sc_only sample, which I found sets the correct security level for required pairing.
I am using: Zephyr OS build v2.4.0-ncs1

Here is also my prj.conf (there are also other settings, but I believe those are important for mandatory pairing):

# Enable settings                                                               
CONFIG_BT_SETTINGS=y                                                            
CONFIG_FLASH=y                                                                  
CONFIG_FLASH_PAGE_LAYOUT=y                                                      
CONFIG_FLASH_MAP=y                                                              
CONFIG_NVS=y                                                                    
CONFIG_SETTINGS=y                                                               
# Enable explicit pairing                                                       
CONFIG_BT_SMP=y                                                                 
CONFIG_BT_SMP_SC_ONLY=y                                                         
CONFIG_BT_TINYCRYPT_ECC=y                                                       
CONFIG_BT_FIXED_PASSKEY=y                                                       
#CONFIG_BT_SMP_ENFORCE_MITM=y                                                   
CONFIG_BT_BONDING_REQUIRED=y  

When I use nRF Connect on my phone, I can see the device on the Scan tab and if I click connect, the dialog for pairing appears, but also the services discovered.
If I click Cancel and quickly on one of the services discovered, I can then click on all of them and can send data to my device.

Is there any other option I need to turn on, so I can make paring "really" mandatory?

Thanks,
Matej

Parents
  • Hi Matej,

    I changed the file you attached ble_cap_2 -> ble_cap_2.pcap and i do not see any other activity in the sniffer trace other than just broadcast. This does not look like the activity you mentioned regarding pairing is not captured by this sniffer trace. You need to add filter so that the wireshark only captures the devide you are following.

  • Hi Susheel,

    I did a capture again, with the following command:

    ./nrf_sniffer_ble.sh --capture --fifo capture/ble_cap_2.pcap --extcap-interface /dev/ttyACM1 --baudrate 460800

    so no filter was included, If you want me to use different command, please let me know.
    I just managed to reproduce this again, so:
    1. Clean the entire FLASH
    2. Program the device
    3. Turn it on
    4. Use the phone to connect to it
    5. When the paring dialog appears, click cancel and quickly click in NUS TX Chractericistic (UUID 0x2902)
    6. Now I can NUS RX Characteristic to send the data to my device

    I my application I use NUS and BT update options.

    The file is uploaded here.

    If you need me to do anything else, or to change the capture option, please let me know.

    Thanks,
    Matej

Reply
  • Hi Susheel,

    I did a capture again, with the following command:

    ./nrf_sniffer_ble.sh --capture --fifo capture/ble_cap_2.pcap --extcap-interface /dev/ttyACM1 --baudrate 460800

    so no filter was included, If you want me to use different command, please let me know.
    I just managed to reproduce this again, so:
    1. Clean the entire FLASH
    2. Program the device
    3. Turn it on
    4. Use the phone to connect to it
    5. When the paring dialog appears, click cancel and quickly click in NUS TX Chractericistic (UUID 0x2902)
    6. Now I can NUS RX Characteristic to send the data to my device

    I my application I use NUS and BT update options.

    The file is uploaded here.

    If you need me to do anything else, or to change the capture option, please let me know.

    Thanks,
    Matej

Children
  • I am not so familiar with the command line capture way for the wireshark. Have you tried to open the attachment you did here to see if you can see any transactions that you are referring to? I can only see broadcast capture from couple of devices and no connect or pairing transactions at all. Can you use the wireshark directly to filter the traffic just to your device.

  • I checked both pcap files I uploaded and you are right, I do not see any other packets then ADV_IND, SCAN_REQ, SCAN_RESP and 1 (one!) CONNECT_REQ. No data packets.

    If I set up everything like described in the nRFSniffer document on Linux, using it from wireshark doesn't capture ANY packet, nothing. Only from command line.

    I installed everything (Wireshark, Python, nRFSniffer, ...) on my Windows 10 machine and tried to do a capture there. Now it works O.K. from wireshark, however, I only see those packets mentioned above. Not sure why I don't get any other packets.

    One thing I noticed is while testing BT on Linux and did a BT LE scan. I saw that it actually detected two devices with the same MAC and different name:

    E3:41:0F:BF:6C:61 Pair Test
    E3:41:0F:BF:6C:61 (unknown)
    E3:41:0F:BF:6C:61 Pair Test
    E3:41:0F:BF:6C:61 (unknown)

    Could this be a problem?

    I did a screen record of the problem I am trying to explain and I uploaded it here.

    What we can also do is that I build the application for your board, please tell me which one, and I can send you the HEX file and you can try it out yourself. What do you think about this idea?

    Thanks and BR,
    Matej

  • Matej Kupljen said:
    I saw that it actually detected two devices with the same MAC and different name:
    Matej Kupljen said:
    Could this be a problem?

    Yes, this seems to be the issue, that the wireshark is somehow locking to the other device with the same MAC address-

      

    Matej Kupljen said:
    What we can also do is that I build the application for your board, please tell me which one, and I can send you the HEX file and you can try it out yourself. What do you think about this idea?

     That would be great, If you an build it for PCA10056 or PCA10040 and give me the HEX and ELF files so that i can debug, it would be easier for me to test

  • I have build our application for nrf52833dk (using Segger Embedded Studio and selected nrf52833dk_nrf528333 under board name) and I uploaded the elf and hex file here.

    Please let us know if this is O.K. with you and you can reproduce the test.

    Thanks;
    Matej

  • sorry about the late reply, we were very thinly staffed here during Easter and now recovering from it. I will test you elf and hex today

Related