nRF52840 random disconnection

Hi Daniel, 

I got the update from Brian Kim about your email discussion. I agree with Brian that the sniffer trace would play a very important role here to solve the issue. I have some comments: 

- Regarding the sniffer trace, I could see the communication because the link was encrypted. What you need to do is to either do Legacy pairing and use the sniffer to follow the initial bonding. Or use LESC but in debug mode. 

- Another option you can try is to turn off bonding and encryption requirement to see if the issue is related to bonding or not. If the issue remain, please capture a sniffer trace. 

- The disconnection happened at second 26th into the connection so it may not related to the 30seconds GAP/GATT timeout.

- Please try to do a chip erase on the defected board and test again.

- Please try to test using one of our example in the SDK, ble_app_proximity for example. 

Hi again,

I have programmed one equipment turning bonding off, and then it is imposssible to connect (please, look at the attached screenshot with nRF Connect).

In order to set it off, I set my variable 'BONDING_WITH_NO_CODE' to 1, and I have implement this in 'peer_manager_init' function:

static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
		if(BONDING_WITH_NO_CODE)
		{
			sec_param.bond         = 0;    
			sec_param.oob          = 0;
			sec_param.mitm         = 0; 
			sec_param.io_caps      = BLE_GAP_IO_CAPS_NONE;
			sec_param.kdist_own.enc  = 0;
			sec_param.kdist_own.id   = 0;
			sec_param.kdist_peer.enc = 0;
			sec_param.kdist_peer.id  = 0;
		}
		else
		{
			sec_param.bond           = SEC_PARAM_BOND;
			sec_param.oob            = SEC_PARAM_OOB;
			sec_param.mitm           = SEC_PARAM_MITM; //Static Key
			sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;    
			sec_param.kdist_own.enc  = 1;
			sec_param.kdist_own.id   = 1;
			sec_param.kdist_peer.enc = 1;
			sec_param.kdist_peer.id  = 1;
		}
		
        
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;    
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}

Furthermore, in this case, in all services, I proceed in the following way:

if(BONDING_WITH_NO_CODE)
{
	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);			
}		
else
{
	BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
	BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
}

Hope to go ahead with the solution.

Best regards,

Dani.

Hi Hung,

I dind't know how to get this log with my equipment: no way, I have debugged it and I succeded to read the LTK code. Then I have introduced it into the Wireshark tool and I register connection and auto-disconnection after around 30".

Please, find attached a screenshot of Wireshark tool and the trace.

Dani.Android_pairing_with_disconnection_bonded_LTK_23_05_22.pcapng

Hi Dani,

 I don't think it's managed to decrypt the connection. You can see here that the sniffer didn't managed to decrypt the connection: 

You would need to input the LTK when select SC LTK, not Passkey/OOB key as showed in your screenshot. 
Please refer to this screenshot: 

Hi Hung,

Sorry for not knowing this but, how can I select the SCLTK key in Wireshark tool? I do not know how to do it. Please, find attached a screenshot of main screen I can see when initializing this tool...

Dani.

Hi Dani, 
I think you are using an older version of the nRF Sniffer. Could you check if you have version 4.1 of the sniffer  ? It must have a drop down menu next to Keys , instead of what in your screenshot. 

Hi Hung,

Indeed, this was the problem. I have already updated it, and now interface is as expected.

Now I have done the following procedure, as you have described:

- Smartphone has been paired with my device

- I have disconnected the device from smartphone

- I have connected the device again. And being connected, in Wireshark, I have introduced the SC-LTK value: from that moment, only 'Empty PDU' messages appear, up to the moment the device disconnects (after around 30")

Please, find trace here attached

Dani.3755.Android_pairing_with_disconnection_bonded_LTK_23_05_22.pcapng

Hi Hung,

Indeed, this was the problem. I have already updated it, and now interface is as expected.

Now I have done the following procedure, as you have described:

- Smartphone has been paired with my device

- I have disconnected the device from smartphone

- I have connected the device again. And being connected, in Wireshark, I have introduced the SC-LTK value: from that moment, only 'Empty PDU' messages appear, up to the moment the device disconnects (after around 30")

Please, find trace here attached

Dani.3755.Android_pairing_with_disconnection_bonded_LTK_23_05_22.pcapng

Hi Dani, 

No it still couldn't decrypt the connection correctly. 
Please see here: 

When the sniffer says "encrypted packet decrypted incorrectly" that mean the key was missing or the key was wrong. 
Please make sure you reverse the order of the bytes as I showed in my screenshot. And make sure you click the arrow button . And all of this must be done before the re-connection taking place. 

Please look for the way to print the log out, you can either use UART or RTT logging if you don't have UART(doesn't require extra pin, just the debugger).

Hi Hung,

I think now I got it: but I have seen that when I click the arrow button, I do not see incoming information in the log window: please, look at the screenshot here attached, where a time gap without info is noticed. And the information is received after this gap is related to advertising, as device has disconnected.

Please, find also attached this trace

DaniAndroid_Disconnection_24_05_22.pcapng

Hi again Daniel, 

It still can't decode the connection. Note that the empty packet is not encrypted. 

Please click the arrow button before starting the connection, basically the sniffer need to have the keys before the LL_START_ENC_REQ (0x05) packet. And the key need to be correct key (reversed byte order). 

Hi Hung,

I've tried many times, and no good results.

Look at the attached screenshot: it shows debug values (LTK is seen) and Wireshark tool (LTK is introduced).

I have proceeded in the way you have told me:

- Device already bonded to my smartphone

- I disconnect device from smartphone

- I set Wireshark to save trace, introduce LTK and push the right arrow

- I connect device to smartphone

But not expected results are seen: "bad MIC" is also shown. I have also tried with LTK upside down, but same result...

Maybe we can talk and meet using remote connection with my computer? Any other idea?

Dani

Hi Daniel, 

I tested again here and facing the same problem as you. I couldn't decrypt the connection even with the LTK. It's really strange that just a few days ago it worked for me. 

I'm checking with the team if I'm missing something. 
In the mean time I would suggest to try testing with the nRF Connect app on the phone, make sure it's only re-bonding happens and no other activity just to check if the disconnection still happen. 

Also please try to print out in the log any BLE event when you connect.

Do you store any information in flash ? If you do I would suggest to skip them, just in case they cause issue with the bond information. 

One approach to debug is to step by step removing the functionalities of the application. Until it's get very similar to one of our example in the SDK.  I assume that when you test with the example in the SDK with LESC you didn't have the issue ? Have you tried with the ble_app_gls example ?