Hello everyone, I’m reaching out to seek some guidance on a project I’m working on for an upcoming BLE course. The goal is to demonstrate the vulnerabilities of legacy connections and pairings by simulating an insecure pairing between two nRF52840 dongles. The idea is to capture the network traffic during this process so that students can analyze the key exchange and attempt to brute-force the encryption.
However, I’ve encountered a snag in the setup. When attempting to pair the dongles using the Desktop Connect application, I consistently receive an ‘Authentication failed with status BLE_GAP_SEC_STATUS_AUTH_REQ’ error. Interestingly, when I opt for secure pairing, the process works without any issues. I’m using SDK 3.0 to compile the DevAcademy solution from lelel 5, exercise 1.
I’m wondering if there’s a specific configuration setting I might have overlooked in either the Desktop Connect application or the project itself that enforces the use of LESC. How can I modify this to explicitly allow for insecure legacy pairing? Any insights or suggestions would be greatly appreciated!
This project is a fantastic opportunity to hands-on explore BLE security, and I’m eager to get it up and running for my students. Looking forward to hearing from the community!