• State Not Answered
  • Replies 18 replies
  • Subscribers 75 subscribers
  • Views 5765 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 275273
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF Sniffer Firmware > v3.0.0 doesn't work on nRF51822 based board

Thinner

Hi Nordic,

i'm using a nRF51822 based board (Adafruit Bluefruit LE Sniffer, PRODUCT ID: 2269, https://www.adafruit.com/product/2269) and could sucessfully update to nRF Sniffer firmware v3.0.0.

But the recorded pcap files can't be decrypted by 3rd party tools like crackle (github.com/.../crackle) or bsniffhub (https://github.com/homewsn/bsniffhub) even with known LTK (but this is another topic *1).

I was very happy to see lately released v4.0.0 supports setting LTK, so i flashed this version to the board, but there is no interface in Wireshark v3.4.7 (running with admin rights and correct extcapt) and there is no output when connecting serial port terminal. I've also tried firmware v3.1.0 with same result. I'm using Python v3.7.5.

Adafruit says "If by chance you have an nRF51822 board you want to load the firmware on, here's a hex  that does not require the 32khz crystal (but does require the 16 mhz crystal)" (https://learn.adafruit.com/introducing-the-adafruit-bluefruit-le-sniffer/using-with-sniffer-v2). This hex is v2.0.0beta1.

I've soldered a 32.768kHz crystal to the backside of the board today (without caps). Surprisingly firmware 3.1.0 is now working too.

Question: Is a 32kHz crystal really needed to run firmware > 3.0.0?

But v4.0.0 still doesn't work. There is no interface in Wireshark and there is no output when connecting serial port terminal.

Question: Any ideas how to get it working?

Additional Question:
Is there any distributor shipping nRF52840 Dongle from Europe?

wbr

Thinner

*1
It looks like that packets that can't be decrypted by nRF Sniffer firmware are getting corrupted (see https://github.com/homewsn/bsniffhub/blob/master/src/ble_decoder.c line 1227, "but, unfortunately, nRF Sniffer corrupts the original payload if it cannot decrypt, so no chance to decrypt here") . I've recorded the same session on two Adafruit devices, one running nRF Sniffer v3.0.0 and one running btlejack (github.com/.../btlejack). But only btlejack pcap-file can be decrypted by crackle with known LTK. I've added some debug output to crackle to log raw packet data. See screenshot, left one is nRF Sniffer, right one is btlejack. It can be seen bytes are completely different but number of bytes do correlate. See line 11, 7 bytes data + 4 bytes mic on the left (=11 bytes), 11 bytes data and 4 bytes mic on the right (=15 bytes). There is always a difference of 4 btyes. Maybe you want to have a look at this.

Parents
  • 0

    Hi Thinner, 


    I would suggest to get hold of a nRF52 DK or nRF52 Dongle to use as the sniffer backend. They cost around €10 and would save you from lots of headache and time. The new sniffer firmware is not tested against the Adafruit board so we can't really tell what could be wrong here. 

    You can find the distributor list here: https://www.nordicsemi.com/About-us/FindDistributor

    You can order online from stores as well, such as digikey or mouser. 

  • 0 in reply to Hung Bui

    Hi Hung Bui,

    thanks for the answer. Buying another board is my 3rd and last option. :-)

    What about the other question? Is an external 32khz crystal needed for firmware > v3.0.0? If not, i don't need to pay attention to the missing 12pF caps. If yes, buying and soldering these would be my next step.

    I know you can't test the firmware against all boards available on the market, but the Adafruit board is using a Raytac MDBT40-256RV3 module and this is on the list of "Pre-approved modules" ( www.nordicsemi.com/.../3rd-party-modules ).

    "By using these modules you can leverage all the strengths of Nordic's SoC Hardware and Software architecture and make a 'single module product' without the need for an additional microcontroller to run your application."

    The other components on the board are a standard CP2104 USB chip, some resistors, leds, caps and switches ( learn.adafruit.com/.../40687 ), so nothing that should interfere with the firmware. Even the 16MHz crystal is already inside the Raytac module.

    Something was changed in the firmware > v3.0.0 that breaks compatibility. Looking at the size of the .hex files there is a big step between v3.0.0 and v3.1.0.

    v2.0.0   sniffer_pca10028_c87e17d.hex -> 38518 bytes
    v3.0.0   sniffer_pca10028_129d2b3.hex -> 38661 bytes
    v3.1.0   sniffer_nrf51dk_nrf51422_7cc811f.hex -> 70773 bytes
    v4.0.0   sniffer_nrf51dk_nrf51422_4.0.0.hex -> 85742 bytes

    But the code size should be small enough to look for the cause of the problem, isn't it?

    wbr
    Thinner

  • 0 in reply to Thinner

    Yes, you do need a 32kHz crystal on the board. The only firmware that doesn't need the 32kHz crystal is the v2.0.0beta1 that provided to you by Adafruit. 

    The module list you pointed to is a list of module that we approved for hardware in general. It doesn't guarantee that a firmware made for nRF51 DK would work on all of the modules (for example GPIO configuration for UART, 32kHz crystal etc). 

  • 0 in reply to Hung Bui

    Hi,

    thanks for the answer again. But as i've wrote in my first post firmware v3.0.0 does work on the board without the crystal (beside the packet corruption problem). So saying the only version that does work without the crystal is v2.0.0beta1 isn't true. See also https://forums.adafruit.com/viewtopic.php?f=53&t=166600&p=837478&hilit=sniffer#p816574

    Even if the poster asks for v3.1, the flashed file was sniffer_pca10028_129d2b3.hex and this is v3.0.0.

    As i've wrote before i've soldered a crystal to the board, requirement met.

    The hardware hasn't changed, not on the Adafruit board and not on the nRF51DK board. I can't imagine a change in firmware that will break compatibility with one of the boards only, except the one i don't want to assume.

    Sorry, but i'm a little bit disappointed by your answers.

    wbr
    Thinner

  • 0 in reply to Thinner

    Looks like v4.0.0 does not work with nRF51822 at the moment. I have reported it internally. For now you would need to use the nRF52-DK or an older release of nRF sniffer (v3.1.0 or older).

    Edit: Some backround to the issue:

    The reason for the switch of LFCLK source is that we updated from nRF5 SDK based to nRF Connect SDK based, hence the change in firmware size. Since the build target is nRF51 DK which has the external LFCLK that is the one selected. In order to build for the Adafruit Dongle we need a board definition for it in NCS first.

    Sorry for the inconvenience,
    Kenneth

Reply
  • 0 in reply to Thinner

    Looks like v4.0.0 does not work with nRF51822 at the moment. I have reported it internally. For now you would need to use the nRF52-DK or an older release of nRF sniffer (v3.1.0 or older).

    Edit: Some backround to the issue:

    The reason for the switch of LFCLK source is that we updated from nRF5 SDK based to nRF Connect SDK based, hence the change in firmware size. Since the build target is nRF51 DK which has the external LFCLK that is the one selected. In order to build for the Adafruit Dongle we need a board definition for it in NCS first.

    Sorry for the inconvenience,
    Kenneth

Children
No Data
Related
Terms of service