Could nRF sniffer detect and follow Zephyr(NCS) APPs?

Question

Hi there, 
 
 I am wondering could the nRF sniffer follow a connection of two nRF Connect SDK built applications? 
 What I got is like the following: 
 
 After some searching in the DevZone, I followed their advice but still got into this "bad MIC" case. 
 I already sniffed the whole process from the beginning (including CONNECT_IND). 
 
 Hence, indeed, could the nRF sniffer detect and follow nRF Connect SDK applications? 
 Really appreciate it if this could be answered ASAP. 
 
 Best regards :-) 
 Ethan

Einar Thorsrud · Accepted Answer

Hi Ethan, 
 The nRF Sniffer sniffs Bluetooth communication with is standardized, so it does not matter which SDK the firmware is built with, and it can also be used to sniff traffic between non-Nordic devices. 
 As you get bad MIC that indicates that the packets are encrypted. The nRF Sniffer (like most other Bluetooth sniffers) can decrypt encrypted traffic if the pairing was done using legacy pairing, and the sniffer received the pairing packets, as then it will also have the key. However, if the sniffer did not receive the packets, or if pairing is done using LE Secure Connections (using a Diffie–Hellman key exchange), the sniffer is not able to decrypt the packets as it has no way of knowing the key. 
 Einar

Could nRF sniffer detect and follow Zephyr(NCS) APPs?

Top Replies