nRF52840 random disconnection

Hi Daniel, 

I got the update from Brian Kim about your email discussion. I agree with Brian that the sniffer trace would play a very important role here to solve the issue. I have some comments: 

- Regarding the sniffer trace, I could see the communication because the link was encrypted. What you need to do is to either do Legacy pairing and use the sniffer to follow the initial bonding. Or use LESC but in debug mode. 

- Another option you can try is to turn off bonding and encryption requirement to see if the issue is related to bonding or not. If the issue remain, please capture a sniffer trace. 

- The disconnection happened at second 26th into the connection so it may not related to the 30seconds GAP/GATT timeout.

- Please try to do a chip erase on the defected board and test again.

- Please try to test using one of our example in the SDK, ble_app_proximity for example. 

Hi again,

I have programmed one equipment turning bonding off, and then it is imposssible to connect (please, look at the attached screenshot with nRF Connect).

In order to set it off, I set my variable 'BONDING_WITH_NO_CODE' to 1, and I have implement this in 'peer_manager_init' function:

static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
		if(BONDING_WITH_NO_CODE)
		{
			sec_param.bond         = 0;    
			sec_param.oob          = 0;
			sec_param.mitm         = 0; 
			sec_param.io_caps      = BLE_GAP_IO_CAPS_NONE;
			sec_param.kdist_own.enc  = 0;
			sec_param.kdist_own.id   = 0;
			sec_param.kdist_peer.enc = 0;
			sec_param.kdist_peer.id  = 0;
		}
		else
		{
			sec_param.bond           = SEC_PARAM_BOND;
			sec_param.oob            = SEC_PARAM_OOB;
			sec_param.mitm           = SEC_PARAM_MITM; //Static Key
			sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;    
			sec_param.kdist_own.enc  = 1;
			sec_param.kdist_own.id   = 1;
			sec_param.kdist_peer.enc = 1;
			sec_param.kdist_peer.id  = 1;
		}
		
        
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;    
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}

Furthermore, in this case, in all services, I proceed in the following way:

if(BONDING_WITH_NO_CODE)
{
	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);			
}		
else
{
	BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
	BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
}

Hope to go ahead with the solution.

Best regards,

Dani.

Hi Daniel, 

I'm sorry for the late reply. It was Norway's national day yesterday.
The BLE_GATTC_EVT_TIMEOUT, BLE_GATTS_EVT_TIMEOUT happen when a read/write from the client or an indication from the server doesn't have a reply from the peer device. So it must be something wrong with the peer device and the default behavior is to disconnect. It's most likely the peer device is not able to handle the command and can't reply for some reason. 

If you remove the disconnect request as in the code, the connection can remain but we don't know what's wrong with the peer device and the peer may have unexpected behavior. 

In your application do you do any write request, read request or indication ? 

My suggestion is to try again with no bond and capture a sniffer trace. We really need to know what happen of the the air. Please try to capture the sniffer when you couldn't connect. 

I suspect that if there is no bond involved the issue will not occurs. In that case you may need to consider using Legacy bonding instead of LESC, this way the sniffer can follow the legacy bonding and can get the bond information to decrypt the connection when they are connected after bonding.. 

Thank you so much.

I will try to catch that trace with sniffer.

In what regards legacy bonding: which is the parameter I have to set instead of LESC? (Some messages above, I specified how bonding is setup)

Kind regards,

Dani

Hi Dani, 

If you want to disable LESC you can set SEC_PARAM_LESC = 0 in peer_manager_init().

And to make it easier for the sniffer set : 

sec_param.io_caps      = BLE_GAP_IO_CAPS_NONE;

Please keep other settings as-is.

Furthermore, in what regards my application: We are doing write and read requests and also indications.

Most of the services that are implemented have two characteristics: one for transmission and one for reception. All of them are similarly implemented.

I have just send the implementation of one of this services to Brian: he will sent it to you.

Let me know your assessment.

Regards,

Dani.

Hi Dani, 

I don't see anything suspicious from your service file. It's almost identical to our NUS (UART) service. 
Please try to capture the sniffer trace (with MITM setting remove, you can use BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM instead). 

Hi Dani, 

I don't see anything suspicious from your service file. It's almost identical to our NUS (UART) service. 
Please try to capture the sniffer trace (with MITM setting remove, you can use BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM instead). 

Hi Dani, 

Please try to debug. Have you made sure you change the configuration of the characteristic to use BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM  ?

I can see that CCCD has been written but after that there were no activity from the device. 
Please check why the device doesn't send the indication. 

Hi,

I have been doing some tests without bonding and with BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM, and with SEC_PARAM_LESC=0. In CCCD in all services I have implemented this:

BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&cccd_md.write_perm);

Now, equipment is not disconnecting.

Please find attached a sniffer trace doing the following procedure:

- Equipment advertising

- Equipment connected and receiving data

- Equipment disconnects and starts advertising again

So, from that point, how to find the solution to the problem I have? I need to use bonding, and I'm using a 6 digit-pin.

DaniAndroid_Pairing_without_bonding_No_MITM_19_05_22.pcapng

Hi Dani, 
It's possible for the sniffer to track Legacy pairing with Passkey. You just need to enter the passkey in the Sniffer menu and click the "Arrow" button (before input that into your phone):

But I found this method is not very reliable as the central and peripheral may change the LTK in further re-connections. 

It's also possible to track LESC pairing if you can find the LTK key. And I found this is a more reliable solution. 

To print the LTK out you can edit security_dispatcher.c in sec_info_request_process () as follows: 

    NRF_LOG_INFO("LTK: length =%d 0x",p_enc_info->ltk_len);
    for(int i=0;i<p_enc_info->ltk_len;i++) NRF_LOG_INFO("%x ",p_enc_info->ltk[i]);

You need to input the LTK into wireshark, and need to pay attention to the endianess. Basically if the log print out this (after you disconnect and reconnect to bonded device): 


You need to input this to the sniffer and click the arrow button: 

Hi Hung,

Should I see the LTK info through the log of the nRF Connect tool?

I'm not seeing it.

Dani

Hi Dani, 

No nRF Connect wouldn't display the LTK (it's not available to the app on the phone). You can only get it by using the log as I suggested in the last reply.