I am using an nrf52840-MDK along with its sniffer software with wireshark to sniff packets sent from my IPhone to a BLE Mesh light bulb. I figured out that the commands I sent from my Iphone are sent using some type of encryption.
During provisioning the master and slave communicate a set of 1024 bit public keys labeled X and Y. And the BLE lightbulb advertises no OOB support, and the FIPS p-256 elliptic curve algorithm in the « algorithm label ». I have a set of two public keys X and Y both 64 hexadecimals long. These are transmitted during provisioning. There is also a confirmation sent, with another hexadecimal number.
I want to know if there are any available decoders for this algorithms availble ? How can I decode the encrypted data inside the packets ? The data seems to be sent with L2CAP fragmentation, and then reassembled in a « network_pdu (complete) » named packet. Any help would be appreciated. Links to good documentation would also be nice !
I tried looking for a decoder for this data, in which I can 1 : derive the private key from the two public keys I was given. And 2 : Plug the private key along with encrypted data to find the decrypted data. I had no luck, I am also wondering if maybe there is a better way to do this, my end-goal is to be able to have full access to all the services of this BLE light and make my own applications.
If it's Diffie Hellman key exchange you are talking about, then a passive eavesdropper can't "crack" it. You'd better download an equivalent Android app in apk format and decompile it, if you want to reverse engineer.