Test bed setup
Master device - ubuntu 22.04 with BLE5.0 dongle
Slave device - Custom Bluetooth 5.2 device with BLE application running
Sniffer device - nrf52840 dongle with sniffer_nrf52840dongle_nrf52840_4.1.1 firmware flashed Sniffing tool - Wireshark V3.4.4
Use case - LE Secure connection in debug mode i.e. using Diffie-Hellman private / public key pair defined in Bluetooth core spec, Vol 3, Part H, section 2.3.5.6 LE Secure Connections Pairing Phase 2
Issue - I am trying to pair the slave device with the ubuntu based device using LE Secure connection, but I want to use the default debug keys
defined by the Bluetooth core spec which I have set by using btmgmt
command and triggered pairing/ bonding using bluetoothctl. But in
wireshark logs I can see the data packets are Encrypted, which means
debug keys are not correctly used, even though spec says, only one
side needs to set the debug mode/ keys.
Here are the steps I followed
- nrf52840 dongle is connected and wireshark is collecting logs
- Slave device is up, running and advertising
- Ubuntu 22.04 is up, running
- Enable LE secure connection using debug mode i.e.
Enable debug keys
$ sudo btmgmt debug-keys on
hci0 Set Debug Keys complete, settings: powered ssp br/edr le secure-conn debug-keys
Check this has been enabled by
$ sudo btmgmt info
Index list with 1 item
hci0: Primary controller
addr DC:A6:32:11:22:33 version 10 manufacturer 93 class 0x6c0000
supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy static-addr phy-configuration
current settings: powered bondable ssp br/edr le secure-conn debug-keys
name unique-name
short name
Then start scanning for the advertisements and pair with the slave device using
$ sudo bluetoothctl
[bluetooth]# scan on
[bluetooth]# pair DC:A6:32:11:22:44
Pairing request/ response are seen, keys are exchanged and encryption is started and we cant decrypt the packets
Moreover I also tried to set this keys using LE Generate DHKey Command, but still cant decrypt the wireshark logs
sudo hcitool cmd 0x08 0x26 0xE6 0x9D 0x35 0x0E 0x48 0x01 0x03 0xCC 0xDB 0xFD 0xF4 0xAC 0x11 0x91 0xF4 0xEF 0xB9 0xA5 0xF9 0xE9 0xA7 0x83 0x2C 0x5E 0x2C 0xBE 0x97 0xF2 0xD2 0x03 0xB0 0x20 0x8B 0xD2 0x89 0x15 0xD0 0x8E 0x1C 0x74 0x24 0x30 0xED 0x8F 0xC2 0x45 0x63 0x76 0x5C 0x15 0x52 0x5A 0xBF 0x9A 0x32 0x63 0x6D 0xEB 0x2A 0x65 0x49 0x9C 0x80 0xDC