I want to pair keyboard and android phone.
I am the tag role in my EV board, not phone.
I can't refer the android sample code.
I already connected the bluetooth via simple tag by SSP spec.
But my friend told me Keyboard need the hash key to confirm.
I tried to use Negotiated handover(tag mode).
The phone(LG G2) can't identify the tag format.
Finial, I found Handover spec indicated handover should use LLCP mode(P2P mode).
I am not sure about it.
Seldom people talk about keyboard and Negotiated handover in Tag.
My questions:
If pair by NFC, does keyboard need hash key or not?
If doesn't need, I can use simple tag mode to easily connect.
Does Negotiated handover use LLCP mode?
Thanks!!
Related
I am using Bluez 5.50 stack on a Linux device which does not have a display. I want to pair my device with a Mobile device (Android or IOS) with secure pairing which requires a passkey to connect.
Every time I am trying to pair, an auto generated passkey is being generated. I want to set a default passkey which should be used during the pairing instead of auto-generated passkey.
How to resolve this issue?
The Bluetooth standard says that the passkey should be randomly generated and that a static key should not be used. There is a good reason for that: the ad-hoc protocol used in Bluetooth is insecure if the passkey is reused. If you don't have any input or output mechanism, you shall use "Just Works" pairing, which unfortunately does not give you any MITM protection. The security of this is technically more or less the same as when using a static passkey but without giving a false sense of security.
See https://stackoverflow.com/a/70479911/556495 for an answer to a similar question.
I have a Bluetooth device, which pairs with an Android smartphone. This creates a link key that I want to change later on. Does the Bluetooth protocol support a method of regenerating it?
Link Key gets regenerated,if you delete and pair again. Bluetooth Specification does describe APIs to change link keys in Host Controller Interface Layer. But, it is up to the operating system/ third party stack to expose it, because of security issues.
Some Bluetooth stack, may provide an option to regenerate link keys[automatically] after every bluetooth session.
I'm trying to make a BLE device that actually pairs securely. As far as I know the transport encryption (using AES) is secure in all versions of BLE, once the 'Long Term Key' has been exchanged.
BLE 4.1
BLE 4.1 and earlier use symmetric cryptography and the passkey (PIN) is only 6 digits so it is trivial to passively eavesdrop on the pairing, brute-force the passkey and derive the LTK from that. It seems that this was insecure by design because it was thought that low power BLE devices wouldn't have enough oomph to do asymmetric cryptography.
BLE 4.2
BLE 4.2 adds 'Secure Connections'. This is apparently also broken and what's more it was broken in 2008 when the same pairing method was used in Bluetooth 2.1!! It doesn't totally break pairing - only the passkey entry method - and you only learn the passkey, not the LTK. But it does allow an attacker to perform a MitM attack if the passkey isn't changed for every pairing attempt.
Out-of-Band pairing
The Out-of-Band pairing method would be an excellent choice, then I can use a QR code or something. However there are no public APIs to access the OOB method on either Android or iOS. Android supports OOB pairing via NFC but iOS doesn't, so that's out.
It seems the only option left is to implement a custom encryption scheme, but that is a ridiculous amount of work.
My questions are:
Why did the Bluetooth SIG specify a pairing method in BLE 4.2 that was already known to be insecure 6 years earlier?
Are there any existing encryption schemes for BLE that secure it? Ideally open source and well-tested, but could be commercial. Would I still be able to use GATT?
Is there any ways, I can store some data in NFC storage element of android device using some special phonegap plugin? I understand, we can read/write nfc tag and can transfer the same from a android device to another android device using Chariot Solution phonegap-nfc plugin ( https://github.com/chariotsolutions/phonegap-nfc ). I need to know, is there any plugin for storing some data in nfc android device, Please advice! Expecting any sort of suggestions and comments. Thanks in advance
There are ways, but cryptographically protected, so you'll need permission from whoever is controlling the Secure Element (I am assuming that by "NFC storage element of android device" you mean the secure chip connected to the NFC frontend and antenna). The Secure Element is the same kind of chip as the ones used in smart cards (not a plain NFC tag), so you will need to know the keys to access it. They are usually very tightly controlled by the phone manufacturer.
Other phones do not have Secure Elements themselves, but connect NFC to their SIM card, which then becomes the Secure Element: in that case, keys are controlled by the mobile network operator.
Standards to access the Secure Element from the rest of the phone are published by the SIM Alliance.
We have bought BLED112 to interface our target via BT.
An android app interacting with target via BT & USB (HID).
We have used some Bluetooth communication to write a program and send data to dongle.
Now can somebody here having any experince in converting that BT data to a HID signal.
Have anybody tried that?
Is there any BGScript code which we need to write to achieve that?
Please let me know if the thought is completely wrong.
Referring to a comment above which states,
We are writing an Android App which can send data to BLED112 over BLE interface or GATT. My question is how can I convert that data (basically a command) to an HID (key event), correct me if my understanding is wrong?
If I understand the use-case correctly, I think, in the initial stages of the development, you will need to use the BLE-GUI utility that BlueGiga provides.
With that utility you can see the communication between the BLED112 Dongle and the BLE112 Module. BLED112 shall be simulating what the android app would do?
First, you will need to know the GATT structure stored in BLED112 to write to or read from the BLED112.
Secondly, the way BLE112 works is an event-based implementation. Going through the API reference document for BLE112 shall help you understand the events generation conditions and codes that are generated modified when a characteristic value is updated by the android application, or read by android application. You get events for connection, disconnection, read from, write to, notification enabled for, indication enabled for, etc.
On the BLE112 side, depending upon what service and what characteristics in that service is going to be used for data transfer between Client (Android App) and Server (BLE112), you need to write suitable implementation in event callback handlers.
There is a standard service called Human Interface Device which has a reserved UUID: 0x1812.
Once you configure your BLE112 as a HID over GATT device, your android app shall see a service with UUID: 0x1812. Parse the service descriptor and get the characteristics bundled up into the service. You can read from or write to that service depending upon access parameters set in gatt.xml
As an example, say, if it is a Keyboard, you can send the scancode for (make and break) of the key depending upon what key is pressed. How to get a scancode is out of the scope of this question anyway, and sadly I had worked on PS2 keyboards, so I don't really know how to get the scancode from a USB keyboard.
So, you have the scancode for the key pressed, and you know the characteristics to write that into. Write it, the application should enable the Notifications for that characteristics, so that it is notified whenever the key is pressed and value is written into the characteristics. To let application enable notifications or indications for the characteristics, study the developer guide that talks about how to write a gatt.xml for Bluegiga-based BLE devices. I'll give you a hint: in xml, in the characteristics configuration you have to write notify="true".
About parsing of the service and characteristics in Android, Unfortunately I am not an android developer, but an embedded developer, I know how the BLE112 module part is to be implemented, while I have no insight of how android parses the data. But, there are plenty of question and discussions about it online, which you might understand better than me since you have an android background.