• State Not Answered
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 667 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 295135
Options

NFC Pairing with Type 2 versus Type 4 Tag

WesC

Using NCS V2.0.0

NRF52840 DK

Testing Using NRF Connect Mobile on Android

Programed the Peripheral_nfc_pairing Example

when set as a type 2 tag it works and bonds multiple times without issue.

when set as type 4 tag it works intermittently.  below is the sequence and testing done with Type 4 example

NFC did its try-and-fail on Tag 4 nfc-pairing sample.  

Rebooted phone and reflashed the FW and the Tag 4 bonded.

Connected and then  deleted bond-info while connected, and phone disconnected.

NFC worked a second time and bonded.

Did a normal disconnect.

Tried connect (still bonded) but failed connection. Repeated attempts failed.

Deleted bond info (no connection). NFC attempt bonded and connected.

Repeated connection attempts failed. Tried scanning but the unit was apparently not advertising.

Touched NFC but refused pairing attempt, and unit was now advertising.

Now connected fine UN-bonded. Could read characteristics and stayed connected. 

Disconnected and reconnected without bonding…worked fine.  Disconnected again.

Retried NFC…bonded and connected. Disconnected

Tried bonded connect…failed. Unit likely not advertising.

Used NFC and bonded again. Worked fine.

This is using Android 13, but older versions are not as reliable and typically need to reboot phone to get pairing/bonding

When pairing, it will report:

Security changed: E4:FA:ED:AA:95:1D (public) level 4
Pairing completed: E4:FA:ED:AA:95:1D (public), bonded: 1

when failing it will report

Security Failed: E4:FA:ED:AA:95:1D level 1 err9

Pairing Failed Conn:  reason 9

 

It apparently does directed advertising to a MAC address which (it appears) has been seen by the NFC-touch.

Once that occurs, resetting the device or power-cycling does not change that directed address.

So when a second MAC address attempts to pair, it fails. Re-flashing the firmware fixes that and the second phone will pair.

It also does not start advertising until an NFC touch occurs, so even a previously bonded unit cannot connect without NFC

As for  Type 4 vs Type 2 tags, I assumed type 4 would be more secure. 

However memory requirements for Type 2: 48 to 144 bytes, Type 4: 4 Kb to 32 Kb.

Do have any recommendations?

We just use tags for security level 4 OOB LE SC pairing.

  • 0

    Hi Wes, 

    It's a little bit hard to summarize from the sequence on how to reproduce the issue. 
    Could you list a step by step instruction on how to reproduce the issue ? Starting from a blank chip. 

    I would suggest to capture a sniffer trace of the process. We would need to see what exactly causing the issue. Please note that NFC would not involve after the device bonded. When re-encrypting the link the LTK will be used and that is stored on both side. 

    Error number 9 unfortunately doesn't give us much information. It means BT_SECURITY_ERR_UNSPECIFIED. A sniffer trace would help here.

    As for  Type 4 vs Type 2 tags, I assumed type 4 would be more secure. 

    I'm not so sure about the above statement, could you let me know you meant it's more secure regarding NFC communication or the OOB BLE pairing is more secure with Tag type 4 ? 

    It also does not start advertising until an NFC touch occurs, so even a previously bonded unit cannot connect without NFC

    Regarding the above line, I guess it's just how it's designed with the example. You can either add code to start advertising (call advertising_start()) when booting up or call that when a button is pressed. 

  • 0 in reply to Hung Bui

    Hung

    sorry for the delay.  I will ask the customer for the sniffer.  but he recently sent me an email 

     As for Tag 2/4, There was a period when even the peripheral_nfc_paring sample was not working for my Android phone. 

    It was not till after a reboot of my phone that it began to work, which leaves a big question as to why. But we have doubts whether that can be answered or not.

    The sample itself will pair with a single phone. But once it has (and has then disconnected), the sample won't pair with a second phone apparently due to direct advertising to the first phone.

    And only after a re-flash of the sample FW will it pair with the second phone.

    Any thoughts?

  • 0 in reply to WesC

    Hi Wes, 

    From what I can see from the code, after waking up from NFC, it will cycle through the bonded device list with the directed advertising. Each time the directed advertising timeout it will cycle to the next bonded device in the list and continue directed advertising. When the list is over, it will do the normal advertising. 
    Here is when it loops through the list of bonded device to do directed advertising and do regular advertising if the list is over: 

    Here is when the directed advertising timeout (1.25ms): 


    So in your case it should do normal advertising after the timeout. 
    What do you see when you connect the second phone to it ? 

    In my case here when I test with my phone, I had an issue that a new bond is started with my phone everytime I bring the phone to wake the board up. Maybe something to do with the phone that it wants to do new pairing when reading NFC. 

Related
Terms of service