ST意法半导体
直播中

张磊

7年用户 522经验值
私信 关注
[问答]

BlueNRG 1安全示例无法正常工作

亲爱的大家

我在为客户开发的应用程序中遇到了安全问题。我在我的目标系统中使用BlueNRG-2(这是定制的),我也在STEVAL-IDB007V1上观察到相同的情况。

简而言之,重现问题的最简单方法是将“安全外设”示例上传到STEVAL-IDB007V1(简称EVAL)板上,并使其运行。然后下载Android的nRF Connect应用程序(我知道的最好的应用程序),并与EVAL绑定。 Bonding似乎工作得很好,虽然有时我会选择PIN事件,但我选择了“JustWorks”,但无论如何。然后,在绑定之后我可以毫无问题地连接,但是只有当我断开连接后,固件开关才能进行无向连接调用aci_gap_set_undirected_connectable finction with WHITELIST。现在每当我再次尝试连接时,我都会感到害怕0x85 GATT ERROR(通过北欧半论坛阅读,看看为什么我说“可怕”)。从现在开始连接EVAL板的唯一方法是重置它(它清除安全数据库和白名单)并清除手机上的绑定信息。每次复位后,EVAL板将自身切换到一般的可移动模式(无白名单)并接受粘接和/或连接。我在这方面花了很少的钱,并且:

*试过华为荣誉9和三星galaxy s5
*尝试了一些旧的iPhone和iPad(我没有进入Apple,因此无法回想起模式ls,但肯定是BLE能力,并且第一次连接工作正常)。
*试过Ubuntu 18.04,其中IT工作(即我可以在绑定后重新连接),但仅在它下面(!!!!)
*尝试了STSW-BLUENRG1-DK版本2.6.0和3.0.0(BTW修复了我之前完全不同的BUG)。
*根据BlueNRG-2目标上的安全示例尝试了我自己的固件。
*如果我不使用WHITELIST_FOR_ALL,那么每件事似乎都有效,但显然我想阻止其他设备在我的设备与用户的手机绑定后能够连接。
*在ble_status.h中有一个名为BLE_STATUS_INTERVAL_TOO_LARGE的错误常量,定义为0x85值,表明问题可能与错误的连接或广告间隔有关。我尝试了一些较短的但没有运气。
*我在nrodic半论坛上尝试了很多想法,但仍然没有。

我倾向于意见,这是ST的BLE堆栈错误,但是谁知道......如果有人可以测试我的场景,那就太好了。或许你们有一些其他想法可以与单个绑定设备进行独占连接,这也很棒。

以上来自于谷歌翻译


以下为原文

Dear all

I have terrible problem regarding security in my application developed for a client. I am using BlueNRG-2 in my target system (which is custom made) and I observed the same situation on STEVAL-IDB007V1 as well.

To make things short, the easiest way to reproduce the problem is to upload the "Security peripheral" example onto STEVAL-IDB007V1 (EVAL for short) board, and make it run. Then download the nRF Connect application for Android (the best app I know), and bond with the EVAL. Bonding seems to work fine, although it sometimes would ask me for a PIN event though I opted for "JustWorks", but whatever. Then , after bonding I can connect without problems, BUT only after when I disconnect, firmware switches do undirected connectable calling aci_gap_set_undirected_connectable finction WITH the WHITELIST. And now whenever I try to connect again I get dreaded 0x85 GATT ERROR (read through nordic semi forums to see why I said "dreaded"). The only way to connect to EVAL board from now on is to reset it (it clears security databse and the whitelist) and to clear bond information on the cellphone. After every reset the EVAL board switches itself to general doscoverable mode (without whitelist) and accepts bonding and/or connecting. I spent few deys on this and:

* Tried HUAWEI honor 9, and Samsung galaxy s5
* Tried some old iPhone, and iPad (i'm not into Apple, so can't recall the mode ls, but surely BLE capable, and first connection works just fine).
*Tried Ubuntu 18.04 under which IT WORKS (i.e. I can reconnect after bonding), but only under it (!!!!)
* Tried STSW-BLUENRG1-DK version 2.6.0 and 3.0.0 (which BTW fixes completely different BUG I had previously).
* Tried my own firmware based on the Security example on the BlueNRG-2 target.
* If I don't use WHITELIST_FOR_ALL, every thing seems to work, but obviously I want to prevent other devices to be able to connect after my device was bonded with user's cellphone.
* In the ble_status.h there is an error constant named BLE_STATUS_INTERVAL_TOO_LARGE defined to 0x85 value suggesting, that maybe the issue has something to do with wrong connection or advertising intervals. I tried some shorter ones, but no luck.
* I tried many ideas found on nrodic semi forums, but still nothing.

I am leaning towards opinion, that this is a ST's BLE stack bug, but who knows... Please, if someone could test my scenario, that would be great. Or maybe you guys have some other idea for exclusive connections to a single bonded device, that also would be great.

回帖(2)

张磊

2018-9-21 17:06:58
大家好,
 
 正如在这个论坛上的其他地方所建议的那样,iOS和Android Lollipop及更高版本都使用Random Private Resolvalble地址(http://www.summitdata.com/blog/overview-addressing-privacy-lairds-ble-modules/),所以这可以解释我的情况。所以,如果有人可以帮我打开BlueNRG-2上的“Controller Privacy”。每当我发出:
 
aci_gap_init(GAP_PERIPHERAL_ROLE,0x02 .....
 
在我的代码中,我收到错误BLE_STATUS_INVALID_PARAMS。就好像我使用了一些旧的版本的BLE堆栈,其中不支持BLE 4.2,但就像我上面说的那样,我使用的是最新的STSW版本3.0.0。如果我想转为“LE安全连接”而不是“传统配对”,那么我也会得到BLE_ERROR_UNSUPPORTED_FEATURE。
 
谢谢。

以上来自于谷歌翻译


以下为原文

Hey guys,

As suggested somewhere else on this forums It seems, that both iOS and Android Lollipop and higher uses Random Private Resolvalble addresses (http://www.summitdata.com/blog/overview-addressing-privacy-lairds-ble-modules/), so this would explain my case. So please If someone could help me to turn on "Controller Privacy" on my BlueNRG-2. Whenever I issue :

aci_gap_init (GAP_PERIPHERAL_ROLE, 0x02 .....

In my code, I get error BLE_STATUS_INVALID_PARAMS. It is as if I used some older version od BLE stack, where BLE 4.2 was not supported, but just like I said above, I use the newest STSW version 3.0.0. The same goes if I want to turn "LE secure connections" instead of "legacy pairing" then I get BLE_ERROR_UNSUPPORTED_FEATURE.

Thanks.
举报

张磊

2018-9-21 17:25:26
这确实是隐私问题。我做了一篇关于我如何解决以防万一有兴趣的小文章:http://www.iwasz.pl/electronics/bluenrg-2-android-source-code-troubleshooting-bonding-and-privacy/

以上来自于谷歌翻译


以下为原文

It indeed were problems with privacy. I made small article on how I fixed this in case someone was interested : http://www.iwasz.pl/electronics/bluenrg-2-android-source-code-troubleshooting-bonding-and-privacy/
举报

更多回帖

发帖
×
20
完善资料,
赚取积分