Found TK, STK but 0 packets decrypted

Question

Found TK, STK but 0 packets decrypted

Opened this issue a year ago · 0 comments

I came across a problem exactly like this closed issue.

I am using the nRF sniffer(3rd-party nRF52840 based hardware) with wireshark to get the packets.

$ crackle -v -i mydevice_pairing2.pcapng -o decryted.pcapng
PCAP contains [NORDIC_BLE] frames
Warning: packet is too short to be encrypted (1), skipping
Warning: packet is too short to be encrypted (1), skipping
Found 1 connection

Analyzing connection 0:
  mac1 (random) -> mac2 (random)
  Found 2179 encrypted packets
  Cracking with strategy 0, 20 bits of entropy

  !!!
  TK found: 6digits
  !!!

  STK: 5e0be96c4f80c856e9aba58917126545
  Decrypted 0 packets

Did not decrypt any packets, not writing a new PCAP
Done, processed 0 total packets, decrypted 0
Connection 0
  connect_found: 1
  preq_found: 1
  pres_found: 1
  confirm_found: 2
  random_found: 2
  enc_req_found: 1
  enc_rsp_found: 1
  pairing_public_key_found: 0
  pairing_dhkey_check_found: 0
  AA: af9a852b
  IA: mac1
  RA: mac2
  IAt: 1
  RAt: 1
  PREQ: 0b 0b 10 2d 00 04 01
  PRES: 03 02 10 05 00 00 02
  MCONFIRM: 6c a3 32 c4 7f ae c3 b8 77 ac 86 37 f0 d3 48 b4
  SCONFIRM: c8 72 56 6c 4f 26 d1 01 7d 58 b5 9d 4b 6c 0b 13
  MRAND: 39 3c d8 24 06 ce 15 2a 7c 28 60 10 fe 28 dc 6c
  SRAND: 14 6f 12 c2 ad b8 c0 9b 24 20 b4 cf f3 41 96 21
  Rand: 00 00 00 00 00 00 00 00
  EDIV: 00 00
  SKDm: 0e 60 16 0f 5a ae 4a 99
  IVm:  31 57 96 8d
  SKDs: c0 81 bf 1c 50 4c a6 e6
  IVs:  18 7c 29 54

I can send some files through email if you are interested.