This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Enable MITM - where is the entered password

Hello

We have a projects with correct bounding (see thread) and we want to set MITM=1 to get entered by user password. We implement some code to see message "Please, enter password", user enters it, but we can't find out, where the entered password is.

After this procedure we receive DM_EVT_SECURITY_SETUP_COMPLETE event. How should we handle it (or, maybe, the other event) to get entered password?

Best regards, Vitaliy

Top Replies

Parents

0 Petter Myhre over 9 years ago

Please have a look at this question. Let me know if you get into trouble.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Petter Myhre over 9 years ago in reply to Petter Myhre

Sorry, your comment slipped through the cracks. Great! It is true. Vol. 3, Part H, Section 2.3.5.3 in the Bluetooth Core 4.2:

"The Passkey Entry STK generation method provides very limited protection against eavesdroppers during the pairing process because of the limited range of possible TK values which STK is dependent upon. If the attacker is not present during the pairing process then confidentiality and authentication can be established by using encryption on a future connection."
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Petter Myhre over 9 years ago in reply to Petter Myhre

Sorry, your comment slipped through the cracks. Great! It is true. Vol. 3, Part H, Section 2.3.5.3 in the Bluetooth Core 4.2:

"The Passkey Entry STK generation method provides very limited protection against eavesdroppers during the pairing process because of the limited range of possible TK values which STK is dependent upon. If the attacker is not present during the pairing process then confidentiality and authentication can be established by using encryption on a future connection."
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data