In this past I've played with connecting two Android devices and every time they've required the user to input a pin to connect. I've even implemented the old "android-bluetooth" Google code project that attempted to inject the pin for a user-free connection without success after Android 1.5.
My question is, does the new 2.3.3 APIs allow for two Android devices to connect without user intervention? Not including NFC, is there anyway to allow phones to interact without authorization? Thanks.
Bluetooth version 2.1 and above has a new pairing mechanism called - Secure Simple Pairing (SSP), it allows for few different methods to pair , and it is different from the legacy pairing (which was the PIN entry mechanism).
The new Secure simple pairing mechanism does not depend on user entered PIN, instead it has a generated 6 digit pass key.
One of the SSP mechanism allows for pairing without any intervention from the user. This method is called "Just-works" association model, the createInsecureRfcommSocket() API uses this method.
The other API createRfcommSocket() will use the other mechanism - passkey entry or user confirmation where the 6 digit passkey comes into play.
The new pairing will get used only when both devices are bluetooth 2.1 and above
I have a detailed description of the new pairing mechanism here
Related
I have a Bluetooth LE Joystick with a couple of buttons. I want to connect it directly to the app without using the Bluetooth Settings, but by connecting to it via BluetoothLeScanner.
I already can connect to a Heart Rate Monitor and get periodic notifications of the HR-values.
I also have created a little temperature/light/humidity sensor with an ESP32 to which I can also connnect and display the sensor values in the app.
My understanding of this HID device may be erroneous. With the help of the App BLE Scanner I can connect to this gadget via BLE and see the offered services.
One of them is 0x1812 HUMAN INTERFACE DEVICE, which contains a couple of characteristics of type REPORT, among others which are described HID OVER GATT PROFILE SPECIFICATION (HOGP_SPEC)
How can I find out which button got pressed, what position the joystick has been moved to? I guess that this has to occur via notifications to which I have to subscribe to.
Is there any Android library avaliable to handle HID input devices? What I do NOT want to do is to use the Bluetooth settings and connect to the device and have it become detected as a HID device and replace the keyboard with some odd mapping. I don't want the OS to get involved at all, just like when I connect and use the HRM and the ESP32.
I couldn't find any information on this.
I can connect to the device with my app, enumerate the services and characteristics. But from there on, I have no clue how to work with HID. Ideally I'd get notifications like "Button A has been pressed" "Joystick got moved to x=32" where x would range from -127 to 127, for example.
Accessing the HID characteristics requires the BLUETOOTH_PRIVILEGED permission since Android 5.0. The only way for an app to obtain that permission is to be signed with the same certificates as system apps.
This is a security feature, to prevent an app from receiving HID events from your keyboard and stealing your passwords.
Quoting from https://devzone.nordicsemi.com/cfs-file/__key/communityserver-discussions-components-files/4/BLE_5F00_on_5F00_Android_5F00_v1.0.1.pdf
4.6 Protected services
Android does not allow to read or write data to the following characteristics (and their descriptors):
HID Service (since Android 5):
a. HID Information
b. Report Map
c. HID Control Point
d. Report
FIDO (https://fidoalliance.org/) (since Android 6)
a. U2F (0000FFFD-0000-1000-8000-00805F9B34FB)
Only applications with BLUETOOTH_PRIVILEGED, that is, applications signed
with the same certificate as the system, are able to read and write
data to those characteristics.
I'm a little bit confused with BLE. I read that the BLE pairing process has three options and the one I'm interested in is the Passkey Entry.
My goal is to have a sensor on the field and the Android App will scan and find this sensor then it will request to pair with the sensor before they can exchange data. The user app is either running on a cell phone or tablet.
Is the BLE pairing the same as Bluetooth Classic? I mean is the Android API BluetoothDevice.setPin used for both BLE and Classic and the driver will do the rest under the hood?
I'm confused because I read somewhere that for BLE I can set a PIN or a Passphrase but BT Classic only accepts a 4 digit PIN.
Pairing in BLE is just a way of setting up an encrypted link. The devices need to agree on an encryption key and they do this either by just works (which set the key to all zeroes), passkey entry (up to six digits) or out of band (keys distributed over NFC or some other channel).
If you use passkey that means a "snooper" cannot pair with your sensor unless he can see the pass key on the device. (Either printed or on a display)
You can also combine a pairing with bonding where the devices distribute keys after encrypting the link making it possible to reconnect with the same device without having to renter a key.
You then want to set up your database on the sensor to only allow reading the sensor data over an encrypted link. (You don't want your snooper to simple connect to the device and read out the data himself).
The one problem with this approach is that the pass key entry only uses 6 digits. That is not enough entropy to really protect you against someone eavesdropping. The key generated after a passkey entry can be brute forced in milliseconds and all the commercial Bluetooth sniffers does this as part of their normal operation. They do however have to sniff the pairing procedure to do this, so if nobody was eavesdropping when the devices was bonded your usually good.
Also using out of band data is safe, since you cannot easily brute force a random 128 bit AES key.
A PIN type of passkey is not used in BTLE as far as I understand the specification. Legacy Bluetooth devices used a fixed PIN passkey that was hardcoded into the device or entered by the application. This method of pairing was replaced by SSP (Secure Simple Pairing) in the next round of Bluetooth. BTLE came later and uses only SSP. The passkeys in SSP (when man-in-the-middle protection is enabled) are generated randomly by the Bluetooth software usually at pretty low levels. One SSP option is 'just works' and the entire passkey generation is internal. Great for the user but it is possible for Man-In-The-Middle (MITM) attacks. So in the end, for your Bluetooth LE application you will never use the 4-digit PIN.
So pairing with BTLE devices on the Android can be done in exactly the same way as one pairs standard Bluetooth devices. If the BTLE device is using an SSP option beyond 'just works', you will get a popup menu asking for you to either
verify a number displayed on the device and/or provide a number
that you must verify on the device (yes-no and display-only combos)
require that you enter a number that it displayed on the device
and/or display a number that you must enter on the device (keyboard)
The built-in pairing feature works for both BTLE and BT devices in spite of the fact under the hood the mechanisms are very different. BTLE devices transmit advertisements that client devices scan for (BTLE 'discovery') whereas BT devices scan for transmissions from the client (BT discovery) when it is looking for devices.
Alternatively one can use the BluetoothAdapter.startLeScan(LeScanCallback callback) method to scan for BTLE-only devices. This method will give you a list of BTLE devices that one can then select and attempt to connect to. In this scenario, your application will need to take care of pairing when it is required. Usually pairing is not required on BTLE devices until one attempts to enable notifications or indications. Service discovery, reading the Device Information Service and other tidbits often do not require pairing and if memory serves me right one can never require pairing for service discovery.
So to make life easier for my application I link to the standard Android provided tool for the discovery/pairing of any device that requires pairing and for those BTLE devices that do not require pairing (and there are a number of such devices) I use the startLeScan() APIs and do a BluetoothDevice.connectGatt() to one of the 'discovered' devices. If I use this approach and the device actually requires pairing I will get a security error. In theory I should be able to use the pairing APIs provided by Android to then pair with the device. Unfortunately my inept programming skills have led to the fact that I have yet to succeed in implementing it correctly.
I am developing an application which connects devices over bluetooth and exchanges messages. It works fine for paired devices, but I would also like it to automatically pair devices that are not paired. Like for example it could store and use the same PIN for pairing requests, I just dont know how to manage this request programatically in my applciation, how to automatically set and send the PIN when you get a pairing request and how to initiate such a request with the predefined PIN code.
Any snippets or thoughts would be highly appreciated! :)
EDIT:
I know its risky, I am developing this app for emergency situations only where no other means but bluetooth is available. Also is there maybe a way of premature pairing with devices without even connecting to them? Like lets say there is a list of MAC Addresses of those devices and I can use them to generate a bond with that devices so that they appear paired on my device?
You can't do this. To do what you want to do would create a huge security risk. Think about it, my device just comes anywhere in bluetooth range of yours and now I can send you anything I want without you knowing? You can't really do this and I highly recommend not trying to subvert it.
Reflecting the setPin method allowed me to send the pin automatically to the other device. I had to implement it in a broadcast receiver that is listening for pairing requests. Although I cant get rid of the dialog it just stucks there on the screen and I dont know how to close it (programatically) and continue the bonding procedure since this dialog is called from inside connect() which is a blocking method. I am not giving up on it yet though :)
With Bluetooth version 2.1 and above there is a method of pairing called the 'just works' association model. This is the lowest security method of pairing and has no protection against man-in-the-middle attacks.
However, this will provide a secure, encrypted link without the need to exchange pin numbers or verify device ID.
The API on different platforms may differ but the underlying HCI messages require that you indicate that your device (or one of the devices) has the following IO capabilities:
No Keyboard, No Display.
As you might have guessed, this is a mode for very
simple devices that use Bluetooth, such as a speaker or headphones.
If you can find the API to configure that, then the 'just works' association mode of Secure Simple Pairing will be used for pairing.
The next step is to store the link keys e.g. bonding. Many devices e.g. mobile phones, will still create a dialogue box to the user to ask if they want to 'remember this device', as user authorisation is specified by the BT specifications... but that's another problem.
Can anybody tell me how to find out which pairing technique phone used while connecting to other device?
I have a Nexus S(Android 2.3.3) and a BT device(Bluetooth2.1+EDR).
When I try to pair them, I dont have to give any input(passkey). As both devices are having bluetooth 2.1, I want to know which pairing technique they used.
Can we specify the pairing technique to phone?
When both devices are 2.1 and above the Secure Simple pairing (SSP) gets used instead of the legacy pairing (legacy pairing is the one where user was required to enter same PIN on both devices to connect and most of the cases PIN used to be well known common combinations of 0000 or 1234)
Secure simple pairing simplifies the process and gets rid of the need for PINs to be entered, instead it generates 6 digit passkeys automatically as part of the pairing process and user may only be required to verify/enter the passkey on one or more of the devices.
Secure Simple Pairing (SSP) further has few different association modes and the association model to be used is determined by the display and input capabilities on the devices that are trying to pair.
When there is no display or input to enter 6 digits on one of the devices, then "Just works" association model gets used , in this the user input is not required during pairing. In Android it is possible to force this model is SPP applications when using the createInsecureRfcommSocketToServiceRecord() API. This model gets used commonly when pairing with Headsets, other small devices without any display or input capability
Other association models are :
Numeric Comparison - Where a 6 digit number is shown on both devices and user is asked to confirm is they are the same. Used when both devices has display and capable of entering Yes/No.
Passkey entry - When one of the devices has only input capability and no output display capability and the other has an output / display capability, here the user will be asked to enter the 6 digits on the input only capable device as shown on the display capable device.
Out-of-Band - Where devices exchange pairing information over a different channel (other than Bluetooth) example NFC or some other secure mechanism.
You can either sniff the Bluetooth traffic or take a log to figure out which technique is being used. On a Nexus-S $adb shell hcidump -XVt will show you the log. If I/O capabiltiies are being exchanged than its Bluetooth 2.1 pairing.
Another option is to enable bluetoothd log in init.herring.rc file and you can figure out which pairing method is used.
Its most definitely Bluetooth 2.1 pairing in your case and the problem is elsewhere.
I wanted to build an application related to Bluetooth in Android . Is there any way by which I can set the PIN from my application in Android other than using system dialog box to enter PIN which pops out . I checked for API's given by Android for bluetooth, but I could not locate any API for setting keys for bluetooth as provided in WiFi manager e.g. wificonfig.presharedkey = xyz.
Thanks in Advance
It is not possible using the public APIs.
There are few reasons why this is a bad idea ,
1. Pairing by entering PIN is performed with old bluetooth deices (one or both device with Bluetooth version 2.0 or lesser)
2. Bluetooth 2.1 and onwards will use different mechanism for pairing and may not require user to enter a PIN instead it can show user a number / message and ask for user's confirmation.
So if your application has to work in all conditions it is better for it to use the system provided mechanism. (Which prompts the user for PIN / confirmation etc as applicable)