• State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 87 subscribers
  • Views 2148 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 278098
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BLE Man-in-the-middle protection, multiple passkeys

pedrovfr_LNNano

Hello all,

I am developing a BLE application with the Softdevices, the peer management module, and with MITM protection.

 I've set a bonding static passkey as shown here:

    static uint8_t static_passkey[] = STATIC_PASSKEY;
    static ble_opt_t    m_static_pin_option;
    ...

    m_static_pin_option.gap_opt.passkey.p_passkey = static_passkey;
    err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &m_static_pin_option);
    APP_ERROR_CHECK(err_code);

I want to set a general static passkey to be used for maintenance people, such as an admin bonding passkey, and other passkey for the final user ( could be randomly generated or static) .

Is there a way to implement this? Can I change the static_passkey for an array of passkeys?

thanks in advance.

  • 0 in reply to Einar Thorsrud

    Hello,

    My peer is an Android 10 motorola smartphone using the nRF Connect mobile app. I got the log there:

    D 09:39:52.754 gatt.setCharacteristicNotification(00002aa7-0000-1000-8000-00805f9b34fb, true)
D 09:39:52.756 gatt.setCharacteristicNotification(00002a52-0000-1000-8000-00805f9b34fb, true)
D 09:39:52.757 gatt.setCharacteristicNotification(00002aac-0000-1000-8000-00805f9b34fb, true)
D 09:39:52.759 gatt.setCharacteristicNotification(00002a19-0000-1000-8000-00805f9b34fb, true)
I 09:39:52.816 Connection parameters updated (interval: 48.75ms, latency: 0, timeout: 5000ms)
D 09:39:54.983 [Broadcast] Action received: android.bluetooth.device.action.BOND_STATE_CHANGED, bond state changed to: BOND_BONDING (11)
D 09:39:55.010 [Broadcast] Action received: android.bluetooth.device.action.PAIRING_REQUEST, pairing variant: PAIRING_VARIANT_CONSENT (3)
D 09:39:57.268 [Broadcast] Action received: android.bluetooth.device.action.PAIRING_REQUEST, pairing variant: PAIRING_VARIANT_PIN (0)
D 09:40:06.620 [Broadcast] Action received: android.bluetooth.device.action.BOND_STATE_CHANGED, bond state changed to: BOND_NONE (10)
I 09:40:06.620 Bonding failed
I 09:40:06.903 Connection parameters updated (interval: 498.75ms, latency: 0, timeout: 4000ms)
D 09:40:10.056 [Callback] Connection state changed with status: 22 and new state: DISCONNECTED (0)
E 09:40:10.056 Error 22 (0x16): GATT CONN TERMINATE LOCAL HOST
I 09:40:10.056 Disconnected
D 09:40:10.204 [Broadcast] Action received: android.bluetooth.device.action.ACL_DISCONNECTED

    Does it means the peer is disconnecting?

    Einar Thorsrud said:
    From the log we only see that you get BLE event 0x11, which is BLE_GAP_EVT_DISCONNECTED, but not why. Can you print the disconnect reason?

    I am not sure how to print the reason on the application, could track only the event from the Soft Devices using a breakpoint:

    Also, is there a better way to see the reasons from the SD events?

  • +1 in reply to pedrovfr_LNNano

    Hi,

    pedrovfr_LNNano said:
    Does it means the peer is disconnecting?

    Yes, you see here that the local host terminated the connection (which refers to the Android device in the Android log). On the nRF side I expect you see that the remote user terminated the connection. I do not believe you can do anything about this on Android (or iOS) devices.

    pedrovfr_LNNano said:
    Also, is there a better way to see the reasons from the SD events?

    Yes. When  you get the BLE_GAP_EVT_DISCONNECTED you can check the reason and print it for instance like this:

                NRF_LOG_INFO("Disconnected, reason %d.",
                          p_ble_evt->evt.gap_evt.params.disconnected.reason);

    The number get here represents a standard Bluetooth status code.

  • 0 in reply to Einar Thorsrud

    Ok, I see now where the issue is. Also great tip, thanks for the assistance!

    Einar Thorsrud said:

    nstance like this:

    Fullscreen

Related
Terms of service