• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 53 subscribers
  • Views 2442 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LTK value needed to decrypt sniffer packets?

Richard Dolf
Expert 2170 points

The SmartRF™ Packet Sniffer User’s Manual SWRU187G explains how to decrypt packets (page 24)

Step 2 says to:

2. Modify "ltk.txt" with the right ltk. The format is MSO-LSO. 

How is one to discover the 'right ltk'?  

TIA,

Richard

  • 0
    TI__Guru 57865 points

    Hi Richard,

    If you use BTool (Pairing/Bonding Tab), you can bond the devices and store Long-Term-Key (LTK) which you would then use upon re-connect. The procedure is documented in the CC2540DK User Guide, section 4.6.

    Let us know if this works out for you.

    Best Regards

  • 0 in reply to J Lindh
    Expert 2170 points

    Hi Nick,

    I am using a 2540 in our embedded peripheral device, the central device is a PC with Bluegiga USB dongle.  Something goes awry after the link is encrypted, so my thought was to use the TI sniffer to capture and decrypt the data so I can figure out what's wrong.  I'm not clear how BTool can help in this case; I think I need access to the LTK that is stored by the TI BLE stack, but that value is not accessible to me (or is it?).

    Richard

  • 0 in reply to Richard Dolf
    TI__Guru 57865 points

    Hi Richard,

    I have not tried this myself but I think you can access LTK's if you look in the gapbondmgr.c. Seems like the LTK are stored in a gapBondLTK_t struct during GAP_AUTHENTICATION_COMPLETE_EVENT.

    Best Regards

  • 0 in reply to J Lindh
    Prodigy 20 points

    Hi,

    I'm also trying to use the decryption feature.

    The problem I'm running into is that the LTK (Long Term Key) on our target gets calculated while sniffing. I have no control over some of the variables based on which the LTK is generated, so I cannot fill it in prior to starting the sniffing session because the text field is disabled while sniffing.

    Is there a way to either:

    a) fill it in after a sniffing session and have the payloads decrypted "offline"?

    or

    b) change the field while sniffing is on-going?

    Thanks,

    Martijn