pairing with encryption, no MITM protection / Just Works

[ChrisHoS]

• bleak version: 0.9.1
• Python version: 3.7
• Operating System: Windows 10 Enterprise (Build 18363.1198) [64Bit]
• BlueZ version (bluetoothctl -v) in case of Linux:

Description

Wanted to pair to a slave with encryption level 2 / Just Works / LE Security Mode 1, Level 2

What I Did

1. set up the server with Nordic nRF Connect and nRF52840 Dongle

2. connected, tried to pair to slave

Comment:

• If encryption for the characteristic is disabled, everything works fine.
• On the final peripheral, it sends a security request what shall trigger a pairing request by the master / central device. So, probably, this method is needed to be exposed to Bleak.

I apologize for not providing a non-vendor specific example.

import asyncio
import uuid
import logging
from  bleak import BleakClient, discover

DATA_RX_CHARACTERISTIC_UUID = "EF680903-9B354-9339-B105-2FFA9740042"
address = "E8:40:C6:EF:5F:C7"


async def scan():
    devices = await discover()
    for d in devices:
        print(f"{d.name}: {d.address}: {d.rssi}dB")


async def run_ble(address):
    async with BleakClient(address) as client:
        await client.is_connected()
        await client.pair(protection_level=2)
        # hello world = 0x68 0x65 0x6c 0x6c 0x6f 0x20 0x77 0x6f 0x72 0x6c 0x64
        await client.write_gatt_char(uuid.UUID(DATA_RX_CHARACTERISTIC_UUID), str.encode("hello world"))


def run():
    loop = asyncio.get_event_loop()
    loop.run_until_complete(scan())
    loop.run_until_complete(run_ble(address))


if __name__ == "__main__":
    logging.basicConfig(level=logging.DEBUG)
    run()




DEBUG:bleak.backends.dotnet.scanner:Received E8:40:C6:EF:5F:C7: nRF Connect.
DEBUG:bleak.backends.dotnet.scanner:Received E8:40:C6:EF:5F:C7: Unknown.
DEBUG:bleak.backends.dotnet.client:Connecting to BLE device @ E8:40:C6:EF:5F:C7
DEBUG:bleak.backends.dotnet.client:_ConnectionStatusChanged_Handler: 1
DEBUG:bleak.backends.dotnet.client:Get Services...
INFO:bleak.backends.dotnet.client:Services resolved for BleakClientDotNet (E8:40:C6:EF:5F:C7)
DEBUG:bleak.backends.dotnet.client:Disconnecting from BLE device...
DEBUG:bleak.backends.dotnet.client:_ConnectionStatusChanged_Handler: 0
Traceback (most recent call last):
  File "C:/git/fire/asd/test_nrf52_dongle_server_with_bleak_client/src/bleak_client.py", line 32, in <module>
    run()
  File "C:/git/fire/asd/test_nrf52_dongle_server_with_bleak_client/src/bleak_client.py", line 27, in run
    loop.run_until_complete(run_ble(address))
  File "C:\Users\honeggec\AppData\Local\Programs\Python\Python37\lib\asyncio\base_events.py", line 587, in run_until_complete
    return future.result()
  File "C:/git/fire/asd/test_nrf52_dongle_server_with_bleak_client/src/bleak_client.py", line 19, in run_ble
    await client.pair(protection_level=2)
  File "C:\git\fire\asd\test_nrf52_dongle_server_with_bleak_client\.env\lib\site-packages\bleak\backends\dotnet\client.py", line 331, in pair
    "Cannot set minimally required protection level yet..."
NotImplementedError: Cannot set minimally required protection level yet...

[hbldh]

Maybe that would do the trick. I was content with the protection_level=1 as a start on Windows. It is not good enough, but it points the way for future expasion at least. I also had no device to test it with...

You are free to try to get it to work, since I will not have time and energy to do it for quite some time I am afraid.

[patrick-dojofive]

Is the winnt backend restricted to protection_level 1 still?