• State Verified Answer
  • Replies 5 replies
  • Subscribers 75 subscribers
  • Views 1191 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 271403
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF ble sniffer for authenticated connections

astella

To the kind attention of Nordic support team,

I have been using nRF ble sniffer successfully, it is a great tool. But I have some troubles when it comes to use it for ble authenticated connections (I'm using a device that introduce a passkey,

having got a key matrix).  

After:

1.Sent Pairing DHKey Check

2.Rcvd Pairing DHKey Check

3.LL_ENC_REQ

4.LL_ENC_RSP

5.LL_START_ENC_REQ

I always get "Encrypted packet decrypted incorrectly (bad MIC)". I'm using Wireshark version 3.4.6 and nrf_sniffer_for_bluetooth_le_3.1.0_7cc811f packet for extcap and nRF52840 dk as the

hw. Do you think is there something I could do so to solve this issue? What is the recommended configuration? Should I be able to sniff the authenticated connection?

Thank you very much for your help,

Best regards 

Parents
  • 0

    Hi,

    Unfortunately it is not possible to sniff a connection that has MITM protection using nRF sniffer. Unless you are sniffing the encryption part itself I would recommend that you lower the security level for the debugging session only. The alternative if you have to debug while having MITM you need to buy an ellisys sniffer or similar, where you can provide the encryption keys to the tool.

  • 0 in reply to run_ar

    Thank you very much run_ar for clarifying. Lowering the security level for the debugging session seems to be like a good option. Our test does aim to verify the reliability of the connection (that it doesn't drop randomly, for example). I imagine it is very likely that the security level doesn't affect it. But is it theoretically correct to say that, based on your experience and core specifications? Thank you for sharing your opinion about this.

Reply
  • 0 in reply to run_ar

    Thank you very much run_ar for clarifying. Lowering the security level for the debugging session seems to be like a good option. Our test does aim to verify the reliability of the connection (that it doesn't drop randomly, for example). I imagine it is very likely that the security level doesn't affect it. But is it theoretically correct to say that, based on your experience and core specifications? Thank you for sharing your opinion about this.

Children
  • +1 in reply to astella

    Hi,

    As long as you have just works encryption that should be enough if you want to check the reliability of the connection. The difference in encryption levels dictates how hard it is to pick up the keys. For reconnect after bonding tests, you would like to have the same pairing metod, i.e. LESC or Legacy. but for reliability of the connection you either run with encryption or you don't (ccm is not used if you do not run with encryption).

Related
Terms of service