• State Not Answered
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 1154 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 307354
Options

Unable to sniff LE Secure Connections in debug mode using nRF52840 Dongle

Klurav

Test bed setup

  • Master device - RPI4 Model B Rev 1.2, raspbian/ debian version 11 (bullseye)
  • Slave device - Custom Bluetooth 5.2 device with BLE application running
  • Sniffer device - nrf52840 dongle with sniffer_nrf52840dongle_nrf52840_4.1.1 firmware flashed
  • Sniffing tool - Wireshark V3.4.4
  • Use case - LE Secure connection in debug mode i.e. using Diffie-Hellman private / public key pair defined in Bluetooth core spec V5.0, Vol 3, Part H, section 2.3.5.6 LE Secure Connections Pairing Phase 2

            
  • Issue - I am trying to pair the slave device with the RPi using LE Secure connection, but I want to use the default debug keys defined by the Bluetooth core spec which I have set by using btmgmt command and triggered pairing/ bonding using bluetoothctl. But in wireshark logs I can see the data packets are Encrypted, which means debug keys are not correctly used, even though spec says, only one side needs to set the debug mode/ keys.

                          

Detailed description - Here are the steps I followed

  1. nrf52840 dongle is connected and wireshark is collecting logs
  2. Slave device is up, running and advertising
  3. Rpi i.e. master device is up, running
  4. In Rpi cli, enable debug keys            
    $ sudo btmgmt debug-keys on
    hci0 Set Debug Keys complete, settings: powered ssp br/edr le secure-conn debug-keys
  5. Check this has been enabled by  
    $ sudo btmgmt info
    Index list with 1 item
    hci0: Primary controller
    addr DC:A6:32:11:22:33 version 10 manufacturer 93 class 0x6c0000
    supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy static-addr phy-configuration
    current settings: powered bondable ssp br/edr le secure-conn debug-keys
    name unique-name
    short name
  6. Then start scanning for the advertisements and pair with the slave device using   
    $ sudo bluetoothctl
    [bluetooth]# scan on
    [bluetooth]# pair DC:A6:32:11:22:44
  7. As seen into the above logs, Pairing request/ response are seen, keys are exchanged and encryption is started and we cant decrypt the packets

Moreover I also tried to set this keys using LE Generate DHKey Command, but still cant decrypt the wireshark logs

           


Can somebody suggest how can I trigger pairing/ bonding from RPi or any linux machine that uses debug keys for LE secure connection.?
Am I missing anything on nrf52840 dongle/  wireshark configuration?

Related
Terms of service