Login/Register
Since Bluez 5.48, iPhones require pairing when connecting on a BLE GAP peripheral, why?
Asked Answered
iosiphonebluetooth-lowenergybluezpairing
D

2

1

I have an application running on an embedded device, using Bluez 5.X and DBus.

  • My application sets an agent with the capability "NoInputNoOutput" and an adapter as not pairable (I don't want pairing).

  • My embedded device do not initiate connection (GAP peripheral) and broadcast advertising (GATT server).

With BlueZ 5.48 (and 5.52), when I try to connect to my embedded device from Android device, everything works smoothly, but when I try with iOS, the connection gets lost after some time and in btmon tool there are the following logs:

> ACL Data RX: Handle 68 flags 0x02 dlen 9              #1050 [hci0] 398.940027
  ATT: Error Response (0x01) len 4
    Read Request (0x0a)
    Handle: 0x0016
    Error: Insufficient Authentication (0x05)
< ACL Data TX: Handle 68 flags 0x00 dlen 7              #1051 [hci0] 398.940268
      ATT: Read Request (0x0a) len 2
        Handle: 0x0016
> ACL Data RX: Handle 68 flags 0x02 dlen 9              #1052 [hci0] 398.991500
      ATT: Error Response (0x01) len 4
        Read Request (0x0a)
        Handle: 0x0016
        Error: Insufficient Authentication (0x05)

If my application sets the adapter as pairable (but I don't want), I got a popup on the iPhone (not on androïd), in order to authorize the pairing

Infos:

  • I do not have this issue with BlueZ 5.47
  • I do not see my embedded device in the iPhone's regular Bluetooth "Devices" list.
  • I have the issue even if my application does not setup any characteristics

I didn't found (in the ChangeLog & git) the change since BlueZ 5.47, that would cause this problem. Any Ideas ?

I think that there is a GATT server on the iPhone because I can see many object which are registered on DBus on connection. I do not have this issue with androïd, even when I setup a GATT server with a characteristic with "Read encrypted" permissions (nRF Connect)

My analyse:

  1. On the Iphone, I launch the connection with my embedded device

  2. My embedded device try to Read something (a characteristic protected ?) on the iPhone (NOK!! Why ?)

  3. The iPhone refuse "Insufficient encryption" (?)

  4. My embedded device send a "Security Request"

  5. The Iphone send a "Pairing Request"

  6. My embedded refuse "Reason Pairing Not Supported"

Edit: The popup appears with the commit "client: Rename set-filter-uuids to uuids" (e1021f7e486ebd6c0618673a758fa2c50d81109c) (between Bluez 5.47 and 5.48)

Docker answered 6/12, 2019 at 13:54 Comment(1)
Can you figure out which attribute it tries to read?Whitehorse
D
7

This is a bit late, but hopefully this can help others who have this same problem.

This issue started occurring in Bluez v5.48 after the battery GATT characteristic was moved into the DBUS org.bluez.Battery1 interface.

The simplest way to fix this issue is to prevent the Bluez battery plugin from loading at boot. You will need to modify the bluetooth service file located at the following path: /lib/systemd/system/bluetooth.service . In this file, go to the line that begins with "ExecStart" and make sure that that this line has "ExecStart=/usr/lib/bluetooth/bluetoothd -P battery" (without the surrounding quotes). This -P option prevents any listed plugins from loading.

The other way to fix the issue is to write your own custom agent that auto-accepts pairing requests. I used the Bluez simple-agent example and modified it so that the RequestPinCode function always returned successfully instead of asking for input. The downside of this type of approach is that this still asks the iOS user to pair. Although, this can be a positive outcome if you want to have the reliability and encryption access from a fully paired bluetooth connection.

Desdamonna answered 25/3, 2021 at 21:15 Comment(1)
This was my issue. Thank you. Gatt Server worked perfect on Android, but on Iphone kept asking to pair even with registering agent with "NoInputNoOutput".Atropos
D
0

My procedure wasn't correct (the popup doesn't appears with the commit "client: Rename set-filter-uuids to uuids" : the "client" correspond to "bluetoothctl" and has nothing to do with my use).

Actually, the popup appears with the battery module. I don't know why but I am satisfied with this workaround (works with Bluez 5.48 and 5.52):

In the file "Makefile.plugins", delete the lines:

builtin_modules += battery
builtin_sources += profiles/battery/battery.c

And force the automake into your "bluez5_utils.mk":

BLUEZ5_UTILS_AUTORECONF = YES

Thank you Emil to have consider my question. I have compared the logs "/var/log/message" I got during the connection with and without popup: the only differences where:

These lines appear only during the connection with popup:

profiles/battery/battery.c:batt_probe() BATT profile probe (6E:FA:33:75:2A:6A)
src/service.c:change_state() 0x8c17200: device 6E:FA:33:75:2A:6A profile batt-profile state changed: unavailable -> disconnected (0)
profiles/battery/battery.c:batt_accept() BATT profile accept (6E:FA:33:75:2A:6A)
src/service.c:change_state() 0x8c17200: device 6E:FA:33:75:2A:6A profile batt-profile state changed: disconnected -> connected (0)

And these lines appear only during the connection without popup:

src/gatt-client.c:service_create() Exported GATT service: /org/bluez/hci0/dev_6E_FA_33_75_2A_6A/service0014
src/gatt-client.c:characteristic_create() Exported GATT characteristic: /org/bluez/hci0/dev_6E_FA_33_75_2A_6A/service0014/char0015
src/gatt-client.c:descriptor_create() Exported GATT characteristic descriptor: /org/bluez/hci0/dev_6E_FA_33_75_2A_6A/service0014/char0015/desc0017
Docker answered 27/1, 2020 at 13:58 Comment(1)
I'm installing bluez from the tarball on their website. I modified Makefile.plugins, but I don't see any bluez5_utils.mk. Handle 0x0016 is still throwing repeated errors after I make and install with that modification. Perhaps it's because I'm missing that .mk file.Desdamonna

© 2022 - 2024 — McMap. All rights reserved.