0

Is nRF Sniffer doing decryption?

Elias Simon gravatar image

asked 2016-05-23 21:38:35 +0100

I recently tried to add security features (encryption, no MITM) to my application, and I am using nRF Sniffer to verify. nRF Master Control Panel gives me the request for the devices to pair and says that the devices are bonded. However, even though Sniffer/Wireshark says "Encrypted: Yes", it still gives me perfectly readable data. So, is nRF Sniffer just smart enough to decrypt messages as long as it's listening to that connection from the beginning?

Also, is it possible to view "junk" traffic? It would make me feel a bit better to be able to see decryption obviously not working, i.e. seeing unreadable packets.

edit retag flag offensive close delete report spam

1 answer

Sort by » oldest newest most voted
2
vibe gravatar image

answered 2016-05-23 21:51:11 +0100

The sniffer picks up the encryption key if it is listening during the key exchange, and when it has this key it is able to decrypt the BLE traffic. But the sniffer will not be able to decrypt the packets if the key exchange took place before it started 'sniffing'. You will then see "junk" traffic.

edit flag offensive delete publish link more

Comments

You answered my first question, but when the connection is encrypted, I cannot see any traffic whatsoever, even though I know some (presumably encrypted) traffic is happening. Should I actually be getting the junk packets, or is there a way to enable viewing them?

Alternatively, sniffing a secure connection from the start and then deleting the keys to simulate this would also be acceptable. I still want to actually see the encrypted packets.

Elias Simon ( 2016-05-24 01:12:20 +0100 )editconvert to answer
1

You have to start sniffing before the connection is established, and then you will only be able to follow the first 10 to 20 packets transmitted before connection jumps to a new channel. The sniffer will not be able to follow the connection after that since it is not able to resolve the channel map.

Vidar Berg ( 2016-05-24 13:27:58 +0100 )editconvert to answer

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer. Do not ask a new question or reply to an answer here.

[hide preview]

Question Tools

1 follower

Stats

Asked: 2016-05-23 21:38:35 +0100

Seen: 456 times

Last updated: mai 23 '16