BLE pairing and bonding

Hello naveen,

Most likely you have changed the GATT server database, which Android's stack doesn't particularly like. Can you try clearing the phone's bonding info and cache? If possible, please try on another phone. This will tell you that if it's a phone or device side issues.[

Best wishes

Thank you jxs
as per your input I have tried with different with different mobiles but the problem is still persisting. I have erased all the bond information from embedded side using gapbond manager. And also used auto sync white list enable option.

still am unable to see the services and characteristics. May be the problem with bonded mobile behaviour or after pairing peripheral stops advertising!

Please provide any solution.
Thanks in advance

Can anyone please give suggestion on this?

Thanks

Hello Naveen,

Did this get resolved? Note that use of the whitelist is not permissible with Android 5+ or any iOS device - please set auto sync whitelist to FALSE.

Also, from my original reply, are you changing the GATT server database after bonding?

Best wishes

Hi Jxs

Thanks for the reply , am not getting that issue I reported now.

But I have some questions on pairing

1. Can we use 4 digit pin instead of 6 pin like 1234 ?

2. Is it possible to enable pairing whenever we write some characteristics instead of whenever we connected?

Thanks in advance

Hi Naveen,

1. Yes, the GAP bondManager stores the passcode as a uint32 variable (see gapbondmgr.c:215). However, your application can limit the PIN to be 4 digits and can use the passcode callback to set the PIN, or use a default pin.

2. Yes, to do so you would change the pairing mode to GAPBOND_PAIRING_MODE_WAIT_FOR_REQ (your device won't initiate), then set the GATT permissions of your characteristics to require authentication. This will trigger most devices to send a pairing request. Alternatively, your app can send a slave security request when one of the authenticated chars is read.

Hello Sean

Thank you for the reply. Really help me a lot

Still some issues

1. As you mentioned  I  did changes in the characteristics permission to authentication so whenever  we write any value it is asking pairing key and it is also bonding ...but whenever we enter wrong pin it is not pairing but immediately it is disconnecting

In our case we need to handle wrong pin scenario such that we can achieve brute force mechanism that means each time if wrong pin enters it should ask after some time delay. ..but in our case it is disconnecting for the first attempt  itself .

Please give suggestion on this!

2. I have given default passcode as 1234 , but if I enter 001234 only it is pairing . Can we use 4 digit key as you mentioned?

3. Do we need to play with call backs for achieving wrong pin attempts ?

Thanks in advance !! Any suggestion will be helpful

hi sean and jxs can you please look into this, because dis is almost blocker for us!!!
thank you

Hi Naveen,

Have you registered any GAP Bond Manager Callbacks? If not, the passcode response is handled by the gapbondmgr.c by the processing of the GAP_PASSKEY_NEEDED_EVENT. If the passkey authentication fails, the connection will drop.

If you need alternate behavior, you will need to register a passcode callback in the gapBondCBs_t.

Regarding the range of the passkey (passcode), please see the following in the BT core specification, v4.1 vol 3, Part H:
2.3.5.3 Passkey Entry
The Passkey Entry STK generation method uses 6 numeric digits passed out
of band by the user between the devices. A 6 digit numeric randomly generated
passkey achieves approximately 20 bits of entropy.
--

So, you must always use a 6 digit key. To convert 4 to 6 digits, you can pad with zeros, but the length must be 6 digits.

Best wishes

hi JXS
thank you for the reply,it helps well
one issue appearing whenever i register the callbacks in GapBondManager using gapBondCBs_t bonding is not happening ,if we remove the callbacks and it is working as expected

and one more thing as you mentioned """ To convert 4 to 6 digits, you can pad with zeros, but the length must be 6 digits."""
this can be done in the peripheral side or every time when we enter the passkey from the phone(nexus5,6) we should append with the zeros?
like for the passkey 1234 which is hard coded we should give from the mobile as 001234 is it right? or it can be handle from the peripheral side, if it is then can you explain?
thanks in advance
NAVEEN

Hi Naveen,

For the callback, did you attempt to set a break point in the callback and see if there are any errors being returned?

For the input conversion on the phone side, I'm afraid that I can't comment as to how this is done on the phone. You'll need to talk with the phone's 'manufacturer as to how they handle such conversion and subsequent use in the STK key generation. All I can tell you is the BLE spec requires a six digit passkey. You mentioned that entering 001234 works, so I would conclude that the phone is requiring the zeros to be prepended.

Best wishes

thank you jxs ,,,it works

hi JXS
one more small thing ,i dont know whether this is issue from embedded or mobile side

issue is whenever after bonding am disconnecting the device and again am writing/reading then also it is asking
i thought it will store the bond info,,is that correct scenario
please explain

Hi,

I would suggest taking an air sniffer trace and confirming both devices are requesting bonding in the Pairing Request/Response messages. Also, how did you confirm that bonding occurred on the first pairing?

Best wishes

hi JXS ,
it helps me a lot , i think this will be useful conversation for BLE security for all
| how did you confirm that bonding occurred on the first pairing?
we are confirming from mobile side that it is showing (NRF master) bonded but we are not getting in any call back for bonded state
so far so good,
so on to this security concept can we have implementation like can we set passkey from the mobile at run time , so that every time user can enter his own passkey to authenticate his data?
as we are giving default passkey hard-coded so from where both from mobile side and embedded side keys are comparing?
thanks in advance!

any solution will help for all!!!!!!!

Hello Naveen,

I'm not sure I understand, but you can hard code the passcode and enter it for all clients.

Best wishes

hello JXS
i think i have not explained my use-case properly
as per my knowledge we are hard-coding the pairing pin and also we can generate the pin and display on to the LCD so that mobile App can enter the passkey in both cases.

but in my case i should configure the pin from ble (mobile app), i.e at the run time i should change the pin by entering it from my mobile so that it can store in the flash ,then from the next time user should enter the new pin(which is set from the mobile app)

so can you explain how we can do or is there any example on this ?
thanks in advance!

hello JXS
can you please look into this and suggest any solution!
thank you

Hello Naveen,

You can use any pin (passkey) you like in the range 000000-999999. As long as the pin entered by the mobile matches the pin supplied to the ble stack the pairing will be successful.

By 'store in flash' do you mean the flash on the mobile side? Or, are you trying to configure the pin from the phone side and send it to the ble device by way of a custom characteristic?

Best wishes

yes JXS the second one || trying to configure the pin from the phone side and send it to the ble device by way of a custom characteristic

Hello,

It's quite non-standard but I don't see a reason why you can't exchange data (aka your pin) over a custom characteristic, store that value using osal_snv and set that value in the GAP Bond Mgr. As such there is no dedicated example implementation but we do have examples / documentation for all of these sub components. For example, you can learn about custom characteristics with SimpleLink Academy on the TI BLE Wiki.

Best wishes