ez-serial CYBT-353027-02 BLE pairing choices

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
BigGuy27
Level 1
Level 1
5 sign-ins 5 replies posted First reply posted

I've been using a CYBT-353027-02 in ASCII text mode to successfully connect to other Bluetooth classic devices with the version 1.2.29.29 ez-serial firmware version.

Now I'm trying to communicate with a BLE device and not able to fully accomplish this.  Using the CYBT-353027-02 I am able to scan and see the remote BLE device, and then I can connect to the remote device.  I can discover services and discover characteristics and descriptors in the remote device.  

The screen shot below shows various characteristics discovered.  When I attempt to read the device model info from GUID 2A24 (using handle 0035 with the gattc_read_handle command /RRH) it doesn't report back the actual model info string.  It just reports back the GUID and the value of the R field in the discovery list and 0x02.

BigGuy27_0-1662658043235.png

All the reads behave like this except for the few descriptors that have descriptive text about a characteristic.  The descriptive text actually does come through.

So, working now on trying to get the right combination of SSBP parameters and pairing/bonding procedure.

After I connect, I set the SSBP to use BLE secure, MITM, and bonding, display only, and use passkey, and auto-accept pairing.   I'm not sure if this is correct.  Ignore the blue text.

BigGuy27_1-1662658450575.png

I configure my CYBT-353027-02 using the SSBP message, I set a passkey value that the remote device should expect (This is where I'm not sure this is even right), and then I send a /P pair message which triggers the P, CU, ENC, PR, CU event messages to come out.  PR result reports 0 which is good.  And when I look at the bond table, the 3CA4 node is now in there that I am connected to.

However, when I attempt to read the characteristic again, it still just returns GUID and handle information.  Not the expected data. 

Also when I connect to 3CA4 node again, the connection message reports B=0 which is NOT bonded.  

BigGuy27_2-1662658769678.png

I believe that I am not getting expected data because the pairing/bonding process must not actually be completing properly???

I am able to connect to the remote BLE device with an Android cell phone and pair/bond, and then read the characteristic and receive the proper text string for the model number.  So I know it CAN work, but just not sure what am I doing wrong with my ez-serial protocol commands, etc...

Note: When I use windows to connect to this remote BLE device, windows makes me put in a passkey that was given to me on a piece of paper with the remote device.  I am able to finish the pairing process and windows seems to be happy.

 

Thanks.

 

 

 

0 Likes
1 Solution
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 ,

Thanks for the updates and trying out various combinations. 

We checked with our FW development team and they told us the following points regarding the limitations of the current FW even though keyboard option is provided:

1. It is not possible to enter a passkey to the module 

2. It is not possible to enter Yes/ No to the module

We can do passkey display and it lets the other user to enter this passkey into the peer device. Therefore, for your use case it is not possible to use the ez serial fw with this module.

However, it should be easier to implement this directly using the BTSDK application. BTSDK provides several libraries that allows you to develop custom applications using the module with the required functionalities. We have several code examples that helps you get started 

https://github.com/Infineon?q=mtb-example-btsdk-ble&type=all&language=&sort=

For a central device, this should be a very good application to start with

https://github.com/Infineon/mtb-example-btsdk-ble-hello-client

You can also go over our several tutorials on getting started with BTSDK

https://github.com/Infineon/training-modustoolbox-level3-bluetooth/tree/master/Type2

Please get back to us if you have any queries.

Regards,
Bragadeesh

View solution in original post

0 Likes
13 Replies
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 ,

In the response of the /DRC command, H represents the Characteristic Declaration handle and R represents the Characteristic Attribute value handle. Therefore, in your case for reading the value of the characteristic you need to use 0x36.

The attribute value of the declaration handle will be a combination of Characteristic property (0x02), Characteristic Attr Value handle (0x0036) and the characteristic UUID (0x2A24). From spec, declaration handle will look like below. 

BragadeeshV_0-1662703249527.png

In the current release of the ez-serial fw, bonding feature is not implemented. Please check description of smp_set_security_parameters in the user guide. 

Regards,
Bragadeesh
0 Likes

 

Hello Bragadeesh,

Thank you for the handle information.

Thank you for the bonding information.  I hope the unimplemented bonding feature does not prevent me from getting data from my remote device.

When I attempt to read handle 0036 I get zero bytes back... (Note, in my SSBP config I have tried many different values for M… Here is example using M=4C (BLE secure, MITM, no bonding))

BigGuy27_0-1662718989384.png

You can see the SSBP message, then I send a pair request (note: this example still had B=01 in the /P message).  I then attempt to read handle 0036, but I get no bytes back in the D field.

Here is another test with /P message using B=0 since you said bonding is not implemented…

BigGuy27_1-1662718989387.png

Still the same result.

One thing I still don’t understand…What is the procedure for providing the passkey that my remote BLE device is expecting to see somewhere?  I have been sending the SFPK messages to my CYBT-353027-02 module to set some kind of passkey after I send the SSBP message (My examples in this reply don’t show this).   I am using the F=3 (auto-accept pair requests, and enable use of fixed key), so I “guess” the CYBT-353027-02 must be using it??? But I have changed the value to something invalid and the pair sequence still returns PR event with status R=0000 (which is success)????   So something doesn’t seem right.  It feels like the passkey isn’t getting used?

I have also tried setting SSBP to use I=4 (display and keyboard) to try to trigger something to ask for a passkey…When I do this, I see a pair message come in, followed by a single CU (gap_connection_updated) event…

BigGuy27_2-1662718989387.png

There is then a several seconds pause in traffic.

Finally a pair result event occurs declaring non-zero status, so failure….

BigGuy27_3-1662718989387.png

 

I'm not sure what to do at this point.

Thank you for any help / insight.

0 Likes
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 ,

I tried to read the remote characteristic value using handle with RRH command I m getting the right values in the data field. Do you know if the peer device requires any particular kind of security to be established for reading that particular characteristic?

Try to gather air logs and see if the peer device is actually sending the right data in the read response packet.

Next, for the passkey issue, please capture the steps completely in a single log file from reset till end and share with us.

Regards,
Bragadeesh
0 Likes

Yes, I do believe the RRH command can work in general.  I think security pairing requirements are not being established properly with this remote sensor, and it's not clear what command procedure I should be using to use the passkey given to me on a piece of paper with the sensor.

I will have to get a BLE sniffer dongle.

Regarding the passkey - All of the screen shots I've been sending you are showing the exact commands I am sending to the CYBT-353027-2.  I don't have a BLE sniffer tool at the moment.  Do you have firmware/sw I can put in a CYBT-353027-2 to become a sniffer tool, perhaps work with wireshark?

Regarding the question about a "particular kind of security"...I do know that when I connect to the remote sensor with my Android phone and attempt to read this characteristic, it forces the pairing process to happen first.  Other devices I connect to with the Android app don't always make you pair/bond first before reading the device model number info.

 

0 Likes

Additional information / notes:

I am working on getting a BLE sniffer, it will be a few days to arrive.

Just trying to clarify...

When I connect to my remote device with an Android phone or windows laptop, I am always requested to type in my passkey that was provided with the remote device when I purchased it.

I'm trying to perform this same kind of connection procedure to the remote device using my CYBT-353027-02.  It feels like I need a BLE example in the ez-serial user guide of how to connect to a remote device and provide the passkey required by the device.  My CYBT-353027-02 is part of an embedded system with no display or keyboard.  My firmware of course communicates with the CYBT-353027-02 and can provide a "passkey" when a defined procedure requires it.  Can you please provide an example of required ASCII text mode messages showing this?   Note: It seems like the SFPK command is meant for defining what the passkey would be for MY CYBT-353027-02 if someone was trying to connect to me.  This is NOT my scenario, and so I question if the SFPK message is correct for my use case.

Also, it is  not clear if I should be setting B=01 in the SSBP message.  An example in the documentation sets to 01, but then the SSBP definition says not implemented and it should be 00 ?? Not clear what to do, especially for my specific passkey example.

Please provide guidance on what the message sequence / procedure should be for the scenario I have been describing in my posts.

Thanks.

0 Likes

Also note, the remote device I am connecting to with my CYBT-353027-02 using the ez-serial FW has documentation that the remote device contains the following :

EZ-BLE PRoC Module

Part Number CYBLE-022001-00

FCC ID WAP2001

Bluetooth-ID  67366

0 Likes
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 ,

From your description it looks the peer remote device has set a authentication requirement to read that characteristic of interest. (ie) It requires the devices to be paired before attempting to read the particular characteristic. Any attempt to read this characteristic should return insufficient authentication. A mobile phone would automatically issue a pairing request upon receiving this response. This might be the reason why you are observing this behavior in the mobile phone.

If you wish to enter a passkey provided in the peer device (paper), you need to perform the LE Secure Connections - Passkey entry method. There are two variants of this. 1. users enter the same passkey in both the devices. 2. One device displays a passkey and other device has to enter the passkey. In your case, you might have to use the second variant. You might have to enter the passkey displayed in the peer device. the following conditions has to be satisfied in case you need to use this technique:

1. Both  devices but set SC flag. In ez-serial module, you can set that using the smp_set_security_parameters (SSBP, command. 

2. One or both devices have set the MITM (Man In The Middle) flag. Use smp_set_security_parameters

3. Io capabiltity must be set such that one device has a display (your case peer device has passkey in a paper) and your device must have a keyboard to enter the passkey. For this you need to set Io capabilities as Keyboard Only

Regards,
Bragadeesh
0 Likes

I don't see an "SC" parameter in the SSBP command.  Please advise.  Are you talking about the "M" parameter in SSBP?  (Ensure bit 3 is set to request LE Secure Connection.)

Can you review the SSBP and /P commands I have posted and tell me what to change?  I have tried many variants of the M parameter.  Possibly post example of expected SSBP  /  SFPK / /P command sequence I should use.

0 Likes
lock attach
Attachments are accessible only for community members.

I have now captured BLE traffic with wireshark for three different cases...

See attached zip file.

1. Android phone connects to Sensor.

2. Linux SBC connects to Sensor.

3. CYBT-353027 connects to Sensor.

I also tried the case where SSBP is setup for keyboard only.  There is a delay in the traffic after sending the pair request, and the eventual timeout / failure.  It's as if the CYBT-353027 is waiting for me to send it a message with the passkey in it.  (Note: I already provided the SFPK setting many times if the CYBT-353027 is supposed to use it???)

For CYBT-353027 connections...

 

Wireshark filename = Sensor_and_CYBT-353027_Conn_and_Pair5_DisplayOnly.pcapng

display-only setting in this case.  

BigGuy27_1-1664036915026.png

BigGuy27_0-1664036898230.png

The sniffer file shows encryption being sent, but things don't work after that.  Even the sniffer is confused and can't decrypt the messages in wireshark...

BigGuy27_2-1664036931374.png

 

 

Wireshark filename =Sensor_and_CYBT-353027_Conn_and_Pair6_KeyboardOnly.pcapng

In this test case there is a long pause between the connection-update (CU) message and then a disconnect message.  During this time I believe it is waiting for someone to input a passkey, since we are setup for keyboard only.  What message do I send to the module to input the passkey info in this "keyboard" case???   The SFPK had already been set.

BigGuy27_3-1664037204994.pngBigGuy27_4-1664037212954.png

 

Wireshark filename = Sensor_and_Android_Pair_and_Read3.pcapng

Capture file shows connection established, try to read a characteristic, the sensor reports insufficient encryption, and this triggers Android to request passkey from user.  I type it in, and the "Sent Pairing Confirm" messages continue at timestamp 30.584.  Everything works.

BigGuy27_5-1664037514512.png

 

wireshark filename = Sensor_and_Linux_Pair3.pcapng

Very similar message traffic to the Android case.

BigGuy27_6-1664037964433.png

 

I hope this information helps you identify the issue. 

Please advise.

 

0 Likes
lock attach
Attachments are accessible only for community members.

In addition to my 9/24/2022 post, I have now attempted to connect with a different BLE sensor2.  This sensor2 uses a pop-up message passkey yes/no approach asking if numbers match.

I am not able to get this connection to work either with the CYBT-353027.  The PKD message is output from my CYBT-353027 which matches the passkey displayed on my sensor2.  The connection process just hangs at that point for about 28-30 seconds, then disconnects.  It seems like I need some kind of message I can send to my CYBT-353027 module to tell it, yes, this code is ok, and please continue with the connection process.  I can't find any message for this.

I must use I=4 or I=1 (to include keyboard), otherwise the sensor reports back authentication requirements fail.

The SSBP is setup with I=4 for Display and Keyboard, and F still set to 3.  (I've tried various settings)

BigGuy27_0-1664292490240.png

There is a 30 second delay here...Then process then fails... (What do I do with the PKD information??? The P field is a match to value on the sensor display)

BigGuy27_1-1664292518712.png

Wireshark capture  file "Sensor2_and_Module_Conn_and_Pair_Disp_Keyboard1.pcapng"

BigGuy27_2-1664292718445.png

Delay happens....Then connection drop...

BigGuy27_3-1664292905570.png

How do I accept (yes/no) the PKD message, to allow connection to complete successfully?

Please advise.

 

0 Likes
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 ,

Thanks for the updates and trying out various combinations. 

We checked with our FW development team and they told us the following points regarding the limitations of the current FW even though keyboard option is provided:

1. It is not possible to enter a passkey to the module 

2. It is not possible to enter Yes/ No to the module

We can do passkey display and it lets the other user to enter this passkey into the peer device. Therefore, for your use case it is not possible to use the ez serial fw with this module.

However, it should be easier to implement this directly using the BTSDK application. BTSDK provides several libraries that allows you to develop custom applications using the module with the required functionalities. We have several code examples that helps you get started 

https://github.com/Infineon?q=mtb-example-btsdk-ble&type=all&language=&sort=

For a central device, this should be a very good application to start with

https://github.com/Infineon/mtb-example-btsdk-ble-hello-client

You can also go over our several tutorials on getting started with BTSDK

https://github.com/Infineon/training-modustoolbox-level3-bluetooth/tree/master/Type2

Please get back to us if you have any queries.

Regards,
Bragadeesh
0 Likes

1. Where can I find the source code for ezserial?  It would be good to not have to start over from scratch with the simple hello client example.  It doesn't show up as supported for the CYBT-353027, and any serial port example?

2. Does the BTSDK provide examples for bluetooth classic as well?  It was nice with EZSerial to run either mode.

 

0 Likes
BragadeeshV
Moderator
Moderator
Moderator
First question asked 1000 replies posted 750 replies posted

Hi @BigGuy27 

1. Ez-serial FW is proprietary and hence we might not be able to share the source code with you.  

 We have several examples in the GitHub that shows how to use each of the peripheral and different features of BT 

For example, for serial port  example you can refer to:

https://github.com/Infineon/mtb-example-btsdk-hal-puart

Please note that CYBT-353027 is based on CYW20706A2 device. Therefore any example that works for 20706 should work for this module as well.

2. Yes, btsdk supports BT classic as well. Can you please let us know what all profiles you are looking for.

https://github.com/Infineon/mtb-example-btsdk-rfcomm-spp

Regards,
Bragadeesh
0 Likes