BlueFruit Sniffer not following connection

For CircuitPython issues, ask in the Adafruit CircuitPython forum.

Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.
Locked
User avatar
xsnovak
 
Posts: 2
Joined: Wed Aug 10, 2022 10:37 am

BlueFruit Sniffer not following connection

Post by xsnovak »

We're trying to troubleshoot a Bluetooth connection between our platform and a keyboard. We recently received the Adafruit Bluefruit LE sniffer v2.0 to log the packets going back and forth. I have the appropriate python scripts as well as Wireshark v3.6.7 installed.

I am able to get the setup to display advertising packets, select the keyboard by it's MAC address, and even display the pairing proccess. However, once the two devices are paired, Wireshark doesn't display any additional packets between the devices once they're bonded. (Presumably it's not able to decrypt the connection between them). I've even tried forwarding the LTK and the IRK to Wireshark, but I still do not see anything.

From the guides I came across, it seems as though Wireshark should be able to obtain the appropriate keys if it's listening during the pairing process and decrypt the appropriate information from there. I feel as though there's some step I'm missing here. Are there additional tutorials that could give me extra guidance?

User avatar
hathach
 
Posts: 1270
Joined: Tue Apr 23, 2013 1:02 am

Re: BlueFruit Sniffer not following connection

Post by hathach »

Which pairing procedure devices are using, if it is Legacy it is probably possible to obtain the LTK. However, in case of the LESC, I doubt if wireshark can do that. More info on the LESC here https://www.bluetooth.com/blog/bluetoot ... ng-part-4/

> From the guides I came across, it seems as though Wireshark should be able to obtain the appropriate keys if it's listening during the pairing process and decrypt the appropriate information from there. I feel as though there's some step I'm missing here. Are there additional tutorials that could give me extra guidance?

Can you specify which guide you are following here, if it is not one from Nordic, maybe give this a try
- https://infocenter.nordicsemi.com/topic ... aired.html
- https://infocenter.nordicsemi.com/topic ... onded.html

you also need to pay attention to endian when input the key as mentioned in above guide.

Note: The Bluefruit Sniffer is based on nrf51 and has its own limit in packet size as well https://infocenter.nordicsemi.com/topic ... ments.html

User avatar
xsnovak
 
Posts: 2
Joined: Wed Aug 10, 2022 10:37 am

Re: BlueFruit Sniffer not following connection

Post by xsnovak »

Thanks for the guidance. Bluetooth has a lot of parts to it, and it's actually a bit overwhelming when trying to troubleshoot. I had seen both of those guides before. Your comment about the edian was what led me to the problem. Turns out, when I exposed the keys on our device, I printed it backwards from how I intended to.

Our connection with the keyboard is using LESC, but the keyboards I'm working with are only randomizing it's address on a power cycle (it seems), so I managed to get around that by keeping that on. Managed to get some captures of the crash, and will start going through them with someone.

User avatar
hathach
 
Posts: 1270
Joined: Tue Apr 23, 2013 1:02 am

Re: BlueFruit Sniffer not following connection

Post by hathach »

great that you get it all worked out. if your device use large packet size, you may want to re-purpose one of adafruit nrf52840 as sniffer following this guide
https://learn.adafruit.com/ble-sniffer-with-nrf52840

Locked
Please be positive and constructive with your questions and comments.

Return to “Wireless: WiFi and Bluetooth”