• State Verified Answer
  • Replies 7 replies
  • Subscribers 73 subscribers
  • Views 9577 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 108238
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to disable the bond and pair?

eaglezcy

Hi: Recently, I use the SDK --- "nRF51_SDK_8.1.0", the project is \Nordic\nRF51_SDK_8.1.0_b6ed55f\examples\ble_central, I modified the project to notify the data periodically,and it work well. but when I use sniffer to observe the communication process. I see the data of the notification is "Decrypted", So I want to disable the bond and pair, but don't know how to do it?? I set the define SEC_PARAM_BOND to "0", but it still decrypted, please tell me how to do it, thanks a lot. By the way, in this project, I do not know how this project to do the bond and pair, and I do not find the passkey, and do not know the process of bond and pair. Is the central or the peripheral erupt the bond and pair??

thanks a lot

Parents
  • 0

    Pairing is the process of creating one or more shared secret keys.

    Bonding is the act of storing the keys created during pairing for use in subsequent connection in order to form a trusted pair.

    If you disable bonding, pairing is still done, i.e. the link gets encrypted.

    The peripheral has a GATT server with a characteristic value and a CCCD that requires the link to be encrypted for them to be written to. In services_init(), please change:

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm); to
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm); and
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm); to
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);

    The central has a GATT client that will receive BLE_GATT_STATUS_ATTERR_INSUF_AUTHENTICATION or BLE_GATT_STATUS_ATTERR_INSUF_ENCRYPTION if it tries to write to an attribute (the characteristic value and the CCCD are attributes) that requires encryption for it to be written to. Please see the BLE_GATTC_EVT_WRITE_RSP case in client_handling_ble_evt_handler(). If one of these are received, it will call dm_security_setup_req() which will call initiate_security_request(), which will call sd_ble_gap_authenticate(). sd_ble_gap_authenticate() will initate the pairing process.

    For you it should be suffient to only make the changes in the peripheral to "disable pairing", but I added the central part as well.

Reply
  • 0

    Pairing is the process of creating one or more shared secret keys.

    Bonding is the act of storing the keys created during pairing for use in subsequent connection in order to form a trusted pair.

    If you disable bonding, pairing is still done, i.e. the link gets encrypted.

    The peripheral has a GATT server with a characteristic value and a CCCD that requires the link to be encrypted for them to be written to. In services_init(), please change:

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm); to
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm); and
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm); to
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);

    The central has a GATT client that will receive BLE_GATT_STATUS_ATTERR_INSUF_AUTHENTICATION or BLE_GATT_STATUS_ATTERR_INSUF_ENCRYPTION if it tries to write to an attribute (the characteristic value and the CCCD are attributes) that requires encryption for it to be written to. Please see the BLE_GATTC_EVT_WRITE_RSP case in client_handling_ble_evt_handler(). If one of these are received, it will call dm_security_setup_req() which will call initiate_security_request(), which will call sd_ble_gap_authenticate(). sd_ble_gap_authenticate() will initate the pairing process.

    For you it should be suffient to only make the changes in the peripheral to "disable pairing", but I added the central part as well.

Children
  • 0 in reply to Petter Myhre

    hi peter: thanks a lot! I have try your suggestion, and it works. but I still have one question. where is the passkey? where can I find the passkey? and how can I change the passkey from central?? Is there any example that have realize the function?? I can not find it in the sdk.

    best regards!

  • 0 in reply to Petter Myhre

    Why do you need a passkey if you don't need encrpytion? Passkey is used in the pairing process. Do you plan to have devices that have a display or keyboard so you can display or input a passkey? If not you could use static passkey, please see this question.

  • 0 in reply to eaglezcy

    This code is used in the BLE event handler from the BLE dispatch to get the passkey:

    static void ble_evt_dispatch(ble_evt_t * p_ble_evt)

    {    on_ble_evt(p_ble_evt);

    ... then in the above event handler:

    static void on_ble_evt(ble_evt_t * p_ble_evt)

        switch (p_ble_evt->header.evt_id)
        {

            case BLE_GAP_EVT_PASSKEY_DISPLAY:
            {
                NRF_LOG_INFO("event recd: BLE_GAP_EVT_PASSKEY_DISPLAY\r\n");
                char passkey[PASSKEY_LENGTH+1];
                memcpy(passkey,p_ble_evt->evt.gap_evt.params.passkey_display.passkey,PASSKEY_LENGTH);
                passkey[PASSKEY_LENGTH] = 0;
                // Don't send delayed Security Request if security procedure is already in progress.
                err_code = app_timer_stop(m_sec_req_timer_id);
                APP_ERROR_CHECK(err_code);

                //APP_LOG("Passkey: %s\r\n",passkey);
               //orig: NRF_LOG_INFO(0,"Passkey: '%s'",passkey);
                NRF_LOG_INFO("Passkey: %s\r\n", nrf_log_push(passkey));

            }break;//BLE_GAP_EVT_PASSKEY_DISPLAY

    Hope this helps !

    Donzo

  • 0 in reply to Petter Myhre

    If you do not want encryption, then use SSP, found here:

    http://www.fte.com/docs/ssp.pdf

    It says this:

    Simple Pairing Debug Mode
    Simple Pairing Debug Mode uses a different Link Key for encryption
    than is used during
    normal operation. As a component of the
    Host Controller for any 2.1 compliant
    Bluetooth
    device, Simple Pairing Debug Mode can be
    turned on so engineers can analyze
    Bluetooth
    data. Once the analysis is complete, Debug Mode can be switched off so that further
    communication between the devices cannot be
    compromised. The main point here to
    remember is that a different Link Key is
    used when in Simple Pairing Debug Mode,
    thereby maintaining the enhan
    ced 2.1 security process.
    As an additional security feature, the Li
    nk Key generated during debug mode is clearly
    identified as having been created during
    the debug process. This allows the
    Bluetooth
    Host
    to recognize that the current Link Key is not
    secure. The Host can
    choose to initiate the
    pairing process again, which results
    in the generation of a new Link Key.
Related
Terms of service