How to enable debug keys/ mode in LE Secure connection journey

dj flag

Test bed setup

  1. Master device - ubuntu 22.04 with BLE5.0 dongle

  2. Slave device - Custom Bluetooth 5.2 device with BLE application running

  3. Sniffer device - nrf52840 dongle with sniffer_nrf52840dongle_nrf52840_4.1.1 firmware flashed Sniffing tool - Wireshark V3.4.4

  4. Use case - LE Secure connection in debug mode i.e. using Diffie-Hellman private / public key pair defined in Bluetooth core spec, Vol 3, Part H, section LE Secure Connections Pairing Phase 2

  5. Issue - I am trying to pair the slave device with the ubuntu based device using LE Secure connection, but I want to use the default debug keys defined by the Bluetooth core spec which I have set by using btmgmt command and triggered pairing/ bonding using bluetoothctl. But in
    wireshark logs I can see the data packets are Encrypted, which means debug keys are not correctly used, even though spec says, only one
    side needs to set the debug mode/ keys.

Here are the steps I followed

  • nrf52840 dongle is connected and wireshark is collecting logs
  • Slave device is up, running and advertising
  • Ubuntu 22.04 is up, running
  • Enable LE secure connection using debug mode i.e.

Enable debug keys

$ sudo btmgmt debug-keys on
hci0 Set Debug Keys complete, settings: powered ssp br/edr le secure-conn debug-keys 

Check this has been enabled by

$ sudo btmgmt info
Index list with 1 item
hci0: Primary controller
addr DC:A6:32:11:22:33 version 10 manufacturer 93 class 0x6c0000
supported settings: powered connectable fast-connectable discoverable bondable link-security ssp br/edr hs le advertising secure-conn debug-keys privacy static-addr phy-configuration
current settings: powered bondable ssp br/edr le secure-conn debug-keys
name unique-name
short name

Then start scanning for the advertisements and pair with the slave device using

$ sudo bluetoothctl
[bluetooth]# scan on
[bluetooth]# pair DC:A6:32:11:22:44

Pairing request/ response are seen, keys are exchanged and encryption is started and we cant decrypt the packets

Moreover I also tried to set this keys using LE Generate DHKey Command, but still cant decrypt the wireshark logs

sudo hcitool cmd 0x08 0x26 0xE6 0x9D 0x35 0x0E 0x48 0x01 0x03 0xCC 0xDB 0xFD 0xF4 0xAC 0x11 0x91 0xF4 0xEF 0xB9 0xA5 0xF9 0xE9 0xA7 0x83 0x2C 0x5E 0x2C 0xBE 0x97 0xF2 0xD2 0x03 0xB0 0x20 0x8B 0xD2 0x89 0x15 0xD0 0x8E 0x1C 0x74 0x24 0x30 0xED 0x8F 0xC2 0x45 0x63 0x76 0x5C 0x15 0x52 0x5A 0xBF 0x9A 0x32 0x63 0x6D 0xEB 0x2A 0x65 0x49 0x9C 0x80 0xDC
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.