• State Verified Answer
  • Replies 20 replies
  • Subscribers 65 subscribers
  • Views 4120 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 264591
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Pairing without entering the PIN

Matej Kupljen

H,

I have a problem, that I can connect to my BT device without entering the PIN upon first paring.
The device is based on nRF52832 and I followed peripheral_sc_only sample, which I found sets the correct security level for required pairing.
I am using: Zephyr OS build v2.4.0-ncs1

Here is also my prj.conf (there are also other settings, but I believe those are important for mandatory pairing):

# Enable settings                                                               
CONFIG_BT_SETTINGS=y                                                            
CONFIG_FLASH=y                                                                  
CONFIG_FLASH_PAGE_LAYOUT=y                                                      
CONFIG_FLASH_MAP=y                                                              
CONFIG_NVS=y                                                                    
CONFIG_SETTINGS=y                                                               
# Enable explicit pairing                                                       
CONFIG_BT_SMP=y                                                                 
CONFIG_BT_SMP_SC_ONLY=y                                                         
CONFIG_BT_TINYCRYPT_ECC=y                                                       
CONFIG_BT_FIXED_PASSKEY=y                                                       
#CONFIG_BT_SMP_ENFORCE_MITM=y                                                   
CONFIG_BT_BONDING_REQUIRED=y

When I use nRF Connect on my phone, I can see the device on the Scan tab and if I click connect, the dialog for pairing appears, but also the services discovered.
If I click Cancel and quickly on one of the services discovered, I can then click on all of them and can send data to my device.

Is there any other option I need to turn on, so I can make paring "really" mandatory?

Thanks,
Matej

Parents
  • 0

    Hi,

    Thank you for attaching that. I will try to modify the project so that the pairing happens before discovery.

  • +1 in reply to Susheel Nuguru

    Matej,

    I have missed to see this basic point about service declaration

    A service declaration is an Attribute with the Attribute Type set to the UUID for
«Primary Service» or «Secondary Service». The Attribute Value shall be the
16-bit Bluetooth UUID or 128-bit UUID for the service, known as the service
UUID. A client shall support the use of both 16-bit and 128-bit UUIDs. A client
may ignore any service definition with an unknown service UUID. An unknown
service UUID is a UUID for an unsupported service. The Attribute Permissions
shall be read-only and shall not require authentication or authorization.
    The service will always have read permission only and the IOS can discover them even before encryption. It is the central/phone that initiates the service discovery and your product being a slave cannot control this. It need to respond to the service discovery by showing the services but not the contents of it.

    I have changed the declaration of the attributes so that the values can be read only after encryption.

    /* UART Service Declaration */
BT_GATT_SERVICE_DEFINE(nus_svc,
BT_GATT_PRIMARY_SERVICE(BT_UUID_NUS_SERVICE),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_TX,
			       BT_GATT_CHRC_NOTIFY,
			       BT_GATT_PERM_READ_ENCRYPT,
			       NULL, NULL, NULL),
	BT_GATT_CCC(NULL, BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_RX,
			       BT_GATT_CHRC_WRITE |
			       BT_GATT_CHRC_WRITE_WITHOUT_RESP,
			       BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT,
			       NULL, on_receive, NULL),
);

    Also if the connection fails, disconnect as below in ae_bt_conn.c

    static void pairing_failed(struct bt_conn *conn, enum bt_security_err reason)
{
  char addr[BT_ADDR_LE_STR_LEN];

  bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

  LOG_INF("Pairing failed and hence disconnecting conn: %s, reason %d", log_strdup(addr),
      reason);
  
  bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
}

Reply
  • +1 in reply to Susheel Nuguru

    Matej,

    I have missed to see this basic point about service declaration

    A service declaration is an Attribute with the Attribute Type set to the UUID for
«Primary Service» or «Secondary Service». The Attribute Value shall be the
16-bit Bluetooth UUID or 128-bit UUID for the service, known as the service
UUID. A client shall support the use of both 16-bit and 128-bit UUIDs. A client
may ignore any service definition with an unknown service UUID. An unknown
service UUID is a UUID for an unsupported service. The Attribute Permissions
shall be read-only and shall not require authentication or authorization.
    The service will always have read permission only and the IOS can discover them even before encryption. It is the central/phone that initiates the service discovery and your product being a slave cannot control this. It need to respond to the service discovery by showing the services but not the contents of it.

    I have changed the declaration of the attributes so that the values can be read only after encryption.

    /* UART Service Declaration */
BT_GATT_SERVICE_DEFINE(nus_svc,
BT_GATT_PRIMARY_SERVICE(BT_UUID_NUS_SERVICE),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_TX,
			       BT_GATT_CHRC_NOTIFY,
			       BT_GATT_PERM_READ_ENCRYPT,
			       NULL, NULL, NULL),
	BT_GATT_CCC(NULL, BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_RX,
			       BT_GATT_CHRC_WRITE |
			       BT_GATT_CHRC_WRITE_WITHOUT_RESP,
			       BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT,
			       NULL, on_receive, NULL),
);

    Also if the connection fails, disconnect as below in ae_bt_conn.c

    static void pairing_failed(struct bt_conn *conn, enum bt_security_err reason)
{
  char addr[BT_ADDR_LE_STR_LEN];

  bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

  LOG_INF("Pairing failed and hence disconnecting conn: %s, reason %d", log_strdup(addr),
      reason);
  
  bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
}

Children
Related

core_v2_widget.Hide()