Android-DFU-Library icon indicating copy to clipboard operation
Android-DFU-Library copied to clipboard

Published 20 hours ago verified publisher icon NordicSemiconductor

Legacy DFU fails on some phones with Android 10

Open plutocon opened this issue 5 years ago • 6 comments

Information This GitHub Issue page is for reporting issues or asking questions regarding the iOS DFU library. For general DFU questions, SDK questions, etc, please check our DevZone. Make sure you are using the latest version of the library: Download Also, before creating a new issue, make sure similar issue isn't already opened in open or closed issues.

DFU Bootloader version (please complete the following information):

  • SDK version: nrf51822 / nRF51_SDK_9.0.0_2e23562
  • Bonding used: no
  • Library version: 1.10.1

Device information (please complete the following information):

  • Device: Samsung S10
  • OS: Android 10

Describe the bug DFU does not work on Android 10 devices. After booting with the boot loader, I cannot connect the device.

The same source code works fine on the previous Android.

DFU does not work even with nrfConnect

Logs Add any other context or logs describing the problem here.

plutocon avatar May 12 '20 04:05 plutocon

Hello, Yes, we are aware of this issue. Have a look at this comment: https://github.com/NordicSemiconductor/IOS-Pods-DFU-Library/issues/368#issuecomment-619066196

Unfortunately, nothing can be done about this on the library side.

philips77 avatar May 12 '20 10:05 philips77

Hello, Yes, we are aware of this issue. Have a look at this comment: NordicSemiconductor/IOS-Pods-DFU-Library#368 (comment)

Unfortunately, nothing can be done about this on the library side.

Thank you for answer.

Since there are products that are already being sold, I would like a solution.

plutocon avatar May 13 '20 07:05 plutocon

The problem is, that iOS and Android device stopped reporting direct advertising to not bonded devices to apps. Direct advertising is what was using in Legacy DFU from SDK 7 until the end when buttonless service was used. To be clear, that does not violate spec and is still allowed, but perhaps there is a security issue related to it, or some newer chips rotate MAC addresses more often, as we have seen similar fixes on Android and iOS made in around the same time.

On affected phones sometimes the buttonless service cannot be used, at least not until the bootloader will be fixed. The device needs to be switched to DFU mode in some other way, like with a button (if possible). On device that have a button and supported this feature, it is usually pressing the button while toggling power on, or some other combination. For devices without a button, an old iPhone or older Android phone is needed. On Android side, I think only the latest models were updated, so majority of the phones can still be unaffected.

An updated bootloader could be prepared and updated. A fix in the legacy DFU bootloader which turns off direct advertising requires just 1 line to be changed, one #define. The same can be achieved by updating the app not to pass peer data to the bootloader. In this case it would behave as if started with a button, advertising undirectly using MAC+1.

In the post below I tried testing this using several phones from our library. The issue seams to be minor, at least right now. Only few phones seem to be affected and even those usually work.

philips77 avatar May 13 '20 12:05 philips77

Affected phones (sometimes DFU failed on connection timeout):

  • Samsung S10 with Android 10 (reported above) (unknown failure rate)
  • Samsung Note 9 with Android 10 (unknown failure rate)
  • iPhone 11 with iOS 13.5.1 (failed 2/10 times)
  • Samsung A51 with Android 10 (#256)

Not affected phones (successful DFU 10 times out of 10 attempts):

  • Pixel 3 with Android 10
  • Samsung S8 with Android 9
  • Sony Xperia L3 (l4312)

philips77 avatar Jun 29 '20 14:06 philips77

e0ab213a369982ae9cf452b55783ba0bdc5a7916 has added an option to force scanning for Legacy DFU bootloader. This requires modifying the fw on the device so that the bootloader is using address +1 and uses non-direct advertising.

philips77 avatar Jul 28 '20 10:07 philips77

The problem is, that iOS and Android device stopped reporting direct advertising to not bonded devices to apps. Direct advertising is what was using in Legacy DFU from SDK 7 until the end when buttonless service was used. To be clear, that does not violate spec and is still allowed, but perhaps there is a security issue related to it, or some newer chips rotate MAC addresses more often, as we have seen similar fixes on Android and iOS made in around the same time.

On affected phones sometimes the buttonless service cannot be used, at least not until the bootloader will be fixed. The device needs to be switched to DFU mode in some other way, like with a button (if possible). On device that have a button and supported this feature, it is usually pressing the button while toggling power on, or some other combination. For devices without a button, an old iPhone or older Android phone is needed. On Android side, I think only the latest models were updated, so majority of the phones can still be unaffected.

An updated bootloader could be prepared and updated. A fix in the legacy DFU bootloader which turns off direct advertising requires just 1 line to be changed, one #define. The same can be achieved by updating the app not to pass peer data to the bootloader. In this case it would behave as if started with a button, advertising undirectly using MAC+1.

In the post below I tried testing this using several phones from our library. The issue seams to be minor, at least right now. Only few phones seem to be affected and even those usually work.

Hi, what is the 1 line to be changed, one #define. ? where can I find that line of code? or what should I define?

sallycmp avatar Sep 16 '20 20:09 sallycmp