5.4 Input Key and Value

This field is used to supply the Bluetooth Low Energy Sniffer with additional data that it cannot obtain solely from air traffic (see Figure 5-1). To do this, choose the input key from the options provided and input the corresponding value in the designated field. The input keys that the user can select from are as follows:

Legacy Passkey: When the device prompts to input the passkey, enter the six-digit passkey into the designated text field, then press <Enter>. Subsequently, input the same passkey into the device.

Legacy OOB data: If the device employs an older pairing method with a 16-byte Out-of-Band (OOB) key, the user needs to supply this key in hexadecimal format (beginning with 0x, in big endian). Do this prior to the device initiating encryption. If the key provided is less than 16 bytes, zeros will be added to the front to pad it out.

Legacy LTK: If the device has a pre-existing connection using an old Long Term Key (LTK), the user needs to supply this key in hexadecimal format (beginning with 0x, big endian). Do this before the device initiates encryption. If the key provided is less than 16 bytes, it will be front-padded with zeros.

SC LTK: If the device has an existing bond using an LE secure connections LTK, the user needs to provide it in hexadecimal format (beginning with 0x, big endian) before the device starts the encryption process. If the key provided is less than 16 bytes, it will be front-padded with zeros.

SC Private Key: If the device employs LE secure connections pairing and none of the devices are in the Debug mode (utilizing the debug private key), the user needs to supply the 32-byte Diffie-Hellman private key of the device in hexadecimal format (beginning with 0x, big endian). Do this prior to the initiation of the device-pairing process. If the key provided is less than 32 bytes, it will be front-padded with zeros.

IRK: If the device supports privacy, the user needs the Identity Resolving Key (IRK) to keep tracking the device even when its Low Energy (LE) address changes. This key must be provided in a hexadecimal format (beginning with 0x, in big endian). The user must complete this before the device starts encryption. If the key provided is less than 16 bytes, it will be front-padded with zeros. When the user chooses a device that can be resolved using the IRK, the sniffer continues to track any LE addresses that can also be resolved with the IRK. If the current LE address of the device is not known, the user can track the device by selecting “Follow IRK” in the device list.

Add LE Address: If the device that the user is trying to detect is currently not advertising and, hence, was not found, the user can manually add its LE address to the device list. Enter the complete 6-byte LE address, with each byte separated by a colon, and add the address type at the end, which can be either public or random. For example, 57:25:b0:81:eb:e5 random.

Note: A device added while capturing is halted does not display immediately in the device list. It will only display after capturing is resumed.

Follow LE Address: If the user has a lengthy device list, the user can use this field to choose the LE address from the list. Enter the complete 6-byte LE address with each byte separated by a colon. Also, include the address type, which can be either public or random. For example, 57:25:b0:81:eb:e5 random.

Note: If the user tracks a device while the capture is inactive, the device is not going to be selected until the user initiates the capture.