• State Verified Answer
  • Replies 20 replies
  • Subscribers 65 subscribers
  • Views 4118 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 264591
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Pairing without entering the PIN

Matej Kupljen

H,

I have a problem, that I can connect to my BT device without entering the PIN upon first paring.
The device is based on nRF52832 and I followed peripheral_sc_only sample, which I found sets the correct security level for required pairing.
I am using: Zephyr OS build v2.4.0-ncs1

Here is also my prj.conf (there are also other settings, but I believe those are important for mandatory pairing):

# Enable settings                                                               
CONFIG_BT_SETTINGS=y                                                            
CONFIG_FLASH=y                                                                  
CONFIG_FLASH_PAGE_LAYOUT=y                                                      
CONFIG_FLASH_MAP=y                                                              
CONFIG_NVS=y                                                                    
CONFIG_SETTINGS=y                                                               
# Enable explicit pairing                                                       
CONFIG_BT_SMP=y                                                                 
CONFIG_BT_SMP_SC_ONLY=y                                                         
CONFIG_BT_TINYCRYPT_ECC=y                                                       
CONFIG_BT_FIXED_PASSKEY=y                                                       
#CONFIG_BT_SMP_ENFORCE_MITM=y                                                   
CONFIG_BT_BONDING_REQUIRED=y

When I use nRF Connect on my phone, I can see the device on the Scan tab and if I click connect, the dialog for pairing appears, but also the services discovered.
If I click Cancel and quickly on one of the services discovered, I can then click on all of them and can send data to my device.

Is there any other option I need to turn on, so I can make paring "really" mandatory?

Thanks,
Matej

Parents Reply Children
  • +1 in reply to Susheel Nuguru

    Matej,

    I have missed to see this basic point about service declaration

    A service declaration is an Attribute with the Attribute Type set to the UUID for
«Primary Service» or «Secondary Service». The Attribute Value shall be the
16-bit Bluetooth UUID or 128-bit UUID for the service, known as the service
UUID. A client shall support the use of both 16-bit and 128-bit UUIDs. A client
may ignore any service definition with an unknown service UUID. An unknown
service UUID is a UUID for an unsupported service. The Attribute Permissions
shall be read-only and shall not require authentication or authorization.
    The service will always have read permission only and the IOS can discover them even before encryption. It is the central/phone that initiates the service discovery and your product being a slave cannot control this. It need to respond to the service discovery by showing the services but not the contents of it.

    I have changed the declaration of the attributes so that the values can be read only after encryption.

    /* UART Service Declaration */
BT_GATT_SERVICE_DEFINE(nus_svc,
BT_GATT_PRIMARY_SERVICE(BT_UUID_NUS_SERVICE),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_TX,
			       BT_GATT_CHRC_NOTIFY,
			       BT_GATT_PERM_READ_ENCRYPT,
			       NULL, NULL, NULL),
	BT_GATT_CCC(NULL, BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_RX,
			       BT_GATT_CHRC_WRITE |
			       BT_GATT_CHRC_WRITE_WITHOUT_RESP,
			       BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT,
			       NULL, on_receive, NULL),
);

    Also if the connection fails, disconnect as below in ae_bt_conn.c

    static void pairing_failed(struct bt_conn *conn, enum bt_security_err reason)
{
  char addr[BT_ADDR_LE_STR_LEN];

  bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

  LOG_INF("Pairing failed and hence disconnecting conn: %s, reason %d", log_strdup(addr),
      reason);
  
  bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
}

  • 0 in reply to Susheel Nuguru

    Hi Susheel,

    thank you for this.
    I tried what you suggested (modified the code for NUS in ncs/nrf/subsys/bluetooth/services/nus.c) and added disconnect call if failing fails.

    Now, even if I manage to click on NUS service in the APP, I cannot send any data to it.

    It is working as expected now.

    Thanks again and BR,
    Matej

  • 0 in reply to Susheel Nuguru

    Hi Susheel,

    I'm having a similar problem using an nRF52840-DK (with Zephyr).  I'd like to operate the board as a peripheral which requires a passkey for pairing.  Using two different scanner apps on Android, I'm able to see all the characteristics in the services offered before entering the pin.  I've tried following the modifications in this thread, but I still can't get hidden characteristics.    Would you be able to help me?

    Best,

    PJ

Related

core_v2_widget.Hide()