This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Enable MITM - where is the entered password

Hello

We have a projects with correct bounding (see thread) and we want to set MITM=1 to get entered by user password. We implement some code to see message "Please, enter password", user enters it, but we can't find out, where the entered password is.

After this procedure we receive DM_EVT_SECURITY_SETUP_COMPLETE event. How should we handle it (or, maybe, the other event) to get entered password?

Best regards, Vitaliy

Parents Reply
  • Sorry, your comment slipped through the cracks. Great! It is true. Vol. 3, Part H, Section 2.3.5.3 in the Bluetooth Core 4.2:

    "The Passkey Entry STK generation method provides very limited protection against eavesdroppers during the pairing process because of the limited range of possible TK values which STK is dependent upon. If the attacker is not present during the pairing process then confidentiality and authentication can be established by using encryption on a future connection."

Children
No Data
Related