search

microsoft / busiotools

Tools for debugging and testing io buses for Windows
MIT License
192 stars 100 forks source link

SMP Data: first fragments are truncated #92

Open XavierBoniface opened 3 years ago

XavierBoniface commented 3 years ago

The first L2CAP fragments of SMP packets are truncated when capturing HCI logs using WPR or BTVS.

Log 1 (btvs) = DellLatitudeE7240.zip Captured with Windows 11 on a Dell Latitude E7240 laptop with intel 7260 Bluetooth chip (see report_2021-7-12_19-2-48.txt) See red and green markers in the HCI overview (Note: because of a sniffer issue they only appear in the Instant Timing view, then one can double click from there on the packet to make them appear in the HCI Injection Overview) : first fragments are truncated, others are not. Here the air log was captured at the same time and we can map those HCI packets to the L2CAP packets exchanged over the air (yellow markers). Pairing was successful, what was exchanged on HCI was correct, it must be just btvs that truncates the data.

Log 2 (etl) = etl: BthTracing.zip and extracted cfa: BthTracing.btt.zip Captured with Windows 10 PRO 21H1 on a Dell Vostro 3591 with Qualcomm 11ac QCA 9377 Bluetooth chip, driver version 10.0.0.953 Here we don't have the air logs and this is the problem: we cannot see what the SMP problem was :-(

Note: this is somewhat similar to https://github.com/microsoft/busiotools/issues/85.

erikpe-msft commented 3 years ago

I left a comment on #85. This should be the same issue.

XavierBoniface commented 3 years ago

Thank you @erikpe-msft, clicking "Full Packet Logging" indeed fixed the issue. Leaving this issue open still for now, as a reminder for you to document this feature.

Also, how can a user enable this directly in WPR?

erikpe-msft commented 3 years ago

@XavierBoniface : btvs is currently the only way to enable full packet logging. In order to capture sensitive data with wpr, you'll need to run btvs and click Full Packet Logging, once, on that test system. Then you can close btvs. After that, wpr should capture the sensitive data just like btvs.

XavierBoniface commented 3 years ago

Thank you. Yes, I had inferred that method already. It's just a bit cumbersome for a user that will only use wpr to have to install and run another tool (btvs) to change a configuration that affects also wpr. I had expected that there was an option in wpr to achieve the same.