• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 52 subscribers
  • Views 731 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2650: Questions about BLE frames

Pablo Garcia Cardarelli
Prodigy 120 points
Part Number: CC2650

Hello everyone:

We are sniffing packets with the Packet Sniffer and we have seen that in some packets there are fields named Decrypted L2CAP Payload and Decrypted MIC,

Our questions are:

  • What is MIC?
  • The fields seem to be decrypted by the Packet Sniffer software. However, we have also used ubertooth and Wireshark in order to sniff them and the data is the same (Litterally the same hex numbers), is the data shown in wireshark also decrypted or the packet sniffer isn't able to decrypt packets?
  • We are trying to find the packet where the LTK is sent, is there a way to do it?

  • 0
    TI__Mastermind 33460 points
    Hello,

    1. MIC stands for Message Integrity Check and is only used on encrypted links. This is described in Vol 6, Part B, Section 2.4 of the 4.2 BLE Spec
    (www.bluetooth.com/.../bluetooth-core-specification)

    2. I do not have knowledge of the Ubertooth solution but it is likely that they are also decrypting the payload.

    3. I would take a look at the Key Distribution Phase of the pairing procedure. This is the final stage of pairing. It is described in Vol 3 Part H Section 3.6.1 of the 4.2 BLE Spec. Note that the LTK is not distributed in LE Secure Connection pairing.