Can anybody tell me how to find out which pairing technique phone used while connecting to other device?
I have a Nexus S(Android 2.3.3) and a BT device(Bluetooth2.1+EDR).
When I try to pair them, I dont have to give any input(passkey). As both devices are having bluetooth 2.1, I want to know which pairing technique they used.
Can we specify the pairing technique to phone?
When both devices are 2.1 and above the Secure Simple pairing (SSP) gets used instead of the legacy pairing (legacy pairing is the one where user was required to enter same PIN on both devices to connect and most of the cases PIN used to be well known common combinations of 0000 or 1234)
Secure simple pairing simplifies the process and gets rid of the need for PINs to be entered, instead it generates 6 digit passkeys automatically as part of the pairing process and user may only be required to verify/enter the passkey on one or more of the devices.
Secure Simple Pairing (SSP) further has few different association modes and the association model to be used is determined by the display and input capabilities on the devices that are trying to pair.
When there is no display or input to enter 6 digits on one of the devices, then "Just works" association model gets used , in this the user input is not required during pairing. In Android it is possible to force this model is SPP applications when using the createInsecureRfcommSocketToServiceRecord() API. This model gets used commonly when pairing with Headsets, other small devices without any display or input capability
Other association models are :
Numeric Comparison - Where a 6 digit number is shown on both devices and user is asked to confirm is they are the same. Used when both devices has display and capable of entering Yes/No.
Passkey entry - When one of the devices has only input capability and no output display capability and the other has an output / display capability, here the user will be asked to enter the 6 digits on the input only capable device as shown on the display capable device.
Out-of-Band - Where devices exchange pairing information over a different channel (other than Bluetooth) example NFC or some other secure mechanism.
You can either sniff the Bluetooth traffic or take a log to figure out which technique is being used. On a Nexus-S $adb shell hcidump -XVt will show you the log. If I/O capabiltiies are being exchanged than its Bluetooth 2.1 pairing.
Another option is to enable bluetoothd log in init.herring.rc file and you can figure out which pairing method is used.
Its most definitely Bluetooth 2.1 pairing in your case and the problem is elsewhere.
Related
I use the technic described here to capture the Bluetooth paquets exchanged between my Android phone and a device (a very simple device).
I can capture a lot of scanning and the pairing between the two devices, but I can't see any of the later exchanges, only the scanning.
Moreover, just after the pairing there is a huge gap in the time, and other gaps later when I think data are exchanged between the device.
For exemple, the timeline is in this form:
0-8s: scanning (LE Set Scan)
8-15s: pairing
80-120s: scanning
180-200s:scanning
I'm sure that the gaps correspond with data exchanges, but I don't know why I can't see the paquets.
I've tried simple file exchange between the phone and a computer, and I've been able to see the paquets containing the file.
I assume you are using the BLE and you are sniff the air log. According to your description, you can scan the advertisement(and scan) and the pair procedure(I assume after the pair you can see nothing).
Did you entered the LTK(long term key)? it is just something like the link key in the classic Bluetooth, with out this you can not decrypt the encrypted packages. The best method to observer the log would be check the btsnoop.log.
You said you can see the paquets between PC and your mobile phone, should be you are using classic Bluetooth actually? or you did not pairing?
I would like to be able to pre-pair bluetooth devices, to save the step of user confusion when using the app. I have discovered that there is a patent for
System, method and apparatus for pre-pairing bluetooth enabled devices.
I am looking at pairing an array of android devices with an array of embedded devices, so when the android device is set up, I can pre-pair it with the devices it needs to communicate with. I have considered maintaining a list of MAC-addresses that can be downloaded and updated by the app.
Is there a way to pair two devices without having to bring them into contact?
My memory is not exact, it's a while ago I poked around in the Bluetooth stack, however, I don't think this is possible.
Basically there is a white list (text file pretty much) which is kept by the system with devices that may connect to your phone, in order to access that white list outside of the Bluetooth api you need to be platform manufacturer. The Bluetooth Api is strongly guarded (by the specification), if you don't fulfill it you can't say your device supports Bluetooth. Pairing is an important part of the Bluetooth security model, I doubt even an oem would be allowed to do this.
One thing you could look into are Bluetooth low energy devices, those don't require pairing prior to connection (you should be able to connect if you have the MAC address), only Bluetooth classic requires pairing.
More info:
https://developer.android.com/guide/topics/connectivity/bluetooth-le.html
No its not possible unless you make changes to the ROM.
If the use-case supports,you can have ble devices advertising data in a pre-defined format so that the app detect your devices.Once you have recognized your devices,you can internally send a pairing request.
I'm trying to realize an Android-Beam-like behaviour between an Android Smartphone and a Linux Host. The Android Smartphone (Galaxy Note 3, Android 4.4.2) touches an NFC Dongle connected to the Linux Host and exchanges Bluetooth carrier data via NFC so it then can connect to a Bluetooth Dongle, also connected to the Linux host.
Now the problem is, that the Android Smartphone always asks the User (me) if I really want to pair with the Bluetooth Dongle. In Android Beam between two Android mobiles, this user confirmation doesn't show up, the user only has to click the content (i.e. the picture) to send it (and this is the behaviour I'm trying to get to). I'm using the "nfctool" to sniff the incoming Handshake Request message by the Android mobile (see http://pastebin.com/Dr0D0nqn ). According to the "Bluetooth Secure Simple Pairing Using NFC" document by the NFC Forum (see http://members.nfc-forum.org/resources/AppDocs/NFCForum_AD_BTSSP_1_0.pdf page 19) this Handshake Request should contain a Simple Pairing Hash and a Simple Pairing Randomizer, which are both missing in the Handshake Request by Android.
So my questions are:
First of all, is Android Beam using Secure Simple Pairing with OOB at all, or another mechanism? Why is the Android Beam between two Android devices working without confirmation of the pairing?
If it is using SSP, why are the SSP Hash and Randomizer missing in the HR message? Could this be the reason, why my pairing needs user confirmation?
If Android is using another mechanism, how do the HR messages roughly look like? Do they use a special type name (other than "application/vnd.bluetooth.ep.oob") or anything else in their Handshake Request, which circumvents the user confirmation of the BT pairing?
Are there any technical documentations (I couldn't find any so far) of Android Beam available? The NFC guide on android developers ( http://developer.android.com/guide/topics/connectivity/nfc/nfc.html ) isn't of much help concerning Android Beam.
Any help is much appreciated :)
I finally found the solution for this problem, and answers to most of my questions:
Yes, Android is using SSP, but Hash and Randimizer are not mandatory, so it's no must that they are included in the NDEF HR/HS messages.
Android is using HR messages with type name "application/vnd.bluetooth.ep.oob", this is correct.
It seems to be sufficient for SSP, if one device confirms the pairing process. So the solution for my problem is, to set the IO capabilities of the Linux Host to "DisplayYesNo" and then autoconfirm the authorization request. This way the Linux host fakes User input and the Android mobile wont ask the User for his confirmation anymore. A quick (and a bit dirty) way to realize this is to change BlueZs "simple-agent" script to confirm every authorization request.
I'm a little bit confused with BLE. I read that the BLE pairing process has three options and the one I'm interested in is the Passkey Entry.
My goal is to have a sensor on the field and the Android App will scan and find this sensor then it will request to pair with the sensor before they can exchange data. The user app is either running on a cell phone or tablet.
Is the BLE pairing the same as Bluetooth Classic? I mean is the Android API BluetoothDevice.setPin used for both BLE and Classic and the driver will do the rest under the hood?
I'm confused because I read somewhere that for BLE I can set a PIN or a Passphrase but BT Classic only accepts a 4 digit PIN.
Pairing in BLE is just a way of setting up an encrypted link. The devices need to agree on an encryption key and they do this either by just works (which set the key to all zeroes), passkey entry (up to six digits) or out of band (keys distributed over NFC or some other channel).
If you use passkey that means a "snooper" cannot pair with your sensor unless he can see the pass key on the device. (Either printed or on a display)
You can also combine a pairing with bonding where the devices distribute keys after encrypting the link making it possible to reconnect with the same device without having to renter a key.
You then want to set up your database on the sensor to only allow reading the sensor data over an encrypted link. (You don't want your snooper to simple connect to the device and read out the data himself).
The one problem with this approach is that the pass key entry only uses 6 digits. That is not enough entropy to really protect you against someone eavesdropping. The key generated after a passkey entry can be brute forced in milliseconds and all the commercial Bluetooth sniffers does this as part of their normal operation. They do however have to sniff the pairing procedure to do this, so if nobody was eavesdropping when the devices was bonded your usually good.
Also using out of band data is safe, since you cannot easily brute force a random 128 bit AES key.
A PIN type of passkey is not used in BTLE as far as I understand the specification. Legacy Bluetooth devices used a fixed PIN passkey that was hardcoded into the device or entered by the application. This method of pairing was replaced by SSP (Secure Simple Pairing) in the next round of Bluetooth. BTLE came later and uses only SSP. The passkeys in SSP (when man-in-the-middle protection is enabled) are generated randomly by the Bluetooth software usually at pretty low levels. One SSP option is 'just works' and the entire passkey generation is internal. Great for the user but it is possible for Man-In-The-Middle (MITM) attacks. So in the end, for your Bluetooth LE application you will never use the 4-digit PIN.
So pairing with BTLE devices on the Android can be done in exactly the same way as one pairs standard Bluetooth devices. If the BTLE device is using an SSP option beyond 'just works', you will get a popup menu asking for you to either
verify a number displayed on the device and/or provide a number
that you must verify on the device (yes-no and display-only combos)
require that you enter a number that it displayed on the device
and/or display a number that you must enter on the device (keyboard)
The built-in pairing feature works for both BTLE and BT devices in spite of the fact under the hood the mechanisms are very different. BTLE devices transmit advertisements that client devices scan for (BTLE 'discovery') whereas BT devices scan for transmissions from the client (BT discovery) when it is looking for devices.
Alternatively one can use the BluetoothAdapter.startLeScan(LeScanCallback callback) method to scan for BTLE-only devices. This method will give you a list of BTLE devices that one can then select and attempt to connect to. In this scenario, your application will need to take care of pairing when it is required. Usually pairing is not required on BTLE devices until one attempts to enable notifications or indications. Service discovery, reading the Device Information Service and other tidbits often do not require pairing and if memory serves me right one can never require pairing for service discovery.
So to make life easier for my application I link to the standard Android provided tool for the discovery/pairing of any device that requires pairing and for those BTLE devices that do not require pairing (and there are a number of such devices) I use the startLeScan() APIs and do a BluetoothDevice.connectGatt() to one of the 'discovered' devices. If I use this approach and the device actually requires pairing I will get a security error. In theory I should be able to use the pairing APIs provided by Android to then pair with the device. Unfortunately my inept programming skills have led to the fact that I have yet to succeed in implementing it correctly.
I am a newbie working on bluetooth, and I would like to get some advice regarding the pairing process. I have googled this but I did not find much information ...
My goal is simple: I want to do a pairing to a headset without entering a pin. I have an android (nexus S running Android 4.1.2) and an iphone (3GS running ios 6.1.3).
If I connect to a device like a Jabra BT3030 (bluetooth headset), the pairing is performed without asking me any pin code.
Now I want to do the same from an Ubuntu (with BlueZ 4.6), i.e. I fake a bluetooth headset by enable only the correct service and so on. I disabled the authentication.
When I pair my iphone to this device, no pin code is required (as expected), but when I connect from my Android device, it still asks me for a pin code, whereas I would expect to have the same behavior than with the Jabra.
Would you have any idea of what I am missing here?
Thanks in advance,
Best regards,
Guillaume
Android Uses UUID for pairing and connection for two devices...for two devices conneting, one device should send request and one should accept and for both UUID should be same...
Like also used bluetooth there I need to intall my android app to both the devices then only I can pair the two devices...because only that app is knowing the UUID. and for iPhone it may be different so if from the native code of iOS u can know the UUID ur android device can be paired through app...
The Standard password for a Jabra BT3030 is 0000. Many other bluetooth devices have a standard password. For the Case a system only accepts devices with passwords, and u cant enter a pasword on a device without keys :D
Maybe the solution is implementing the standard passwords for mutliple devices and use them instead f forcing a connection without password.