Reorder Identity Resolving Key (IRK)
When editing a Bluetooth low energy device from the Wireless Devices pane using the Edit Device Details dialog, the Frontline software will automatically reorder the user entry. When the user provides an IRK that is in reverse order, the software applies the correct order when validating a secure connection using the IRK.
A reversed IRK is defined as the original IRK value with its endianness reversed. For example, the IRK 0xf31c 22ea a9cb 0422 f9b8 3e03 2305 27e2 in reverse order is 0xe227 0523 033e b8f9 2204 cba9 ea22 1cf3.
When the user enters a complete IRK in the Identity Resolving Key field, a validation of the reversed IRK will occur under the following conditions:
- The device BD_ADDR is a random resolvable private address (RPA), and
- Validation of the IRK in the user-entered order has failed.
If the reversed IRK validates successfully, the Identity Resolving Key field turns green and becomes inactive (read only). The status bar at the bottom of the dialog displays "Identity Resolving Key: Valid (Reordered) - Properly resolves the random address". In the Wireless Devices pane, the IRK will now appear for the selected device with "(Reordered)" applended.
RPA Device IRK Valid and Reordered
RPA Wireless Device IRK Reordered and Matched
In the Wireless Devices pane, when the user selects a device for filtering for analysis, if that device has an IRK, other devices will also be selected if they match. Two devices match if they satisfy any of the following conditions:
- If two devices have equal IRKs, they are considered to match.
- If one device has a user-entered IRK and its BD_ADDR is not a random resolvable private address (i.e., it is not either a public address or a random static address, and therefore the IRK cannot be validated), it matches if either its IRK is equal or the reverse of its IRK is equal to the other device.
In this next example, we have selected a device with a public address. Entering the IRK in the Edit Device Details dialog will indicate "Identity Resolving Key: Complete - Unable to determine if valid." and the Identity Resolving Key field remains white and editable but the OK button is active. Clicking OK closes the dialog, and the reordered IRK appears in with the public address device with "(Reordered)" appended and matching addresses will display the same reordered IRK.
Public Address Device IRK: Unable to Determine if Valid
Public Address Device IRK Reordered
Open the Security pane. In the first security context for the public address device, enter the LTK into the Link Key field. If valid, the IRK for the public address device will appear with "(Reordered)" removed.
Public Address Device: LTK Entered in Security pane to Validate IRK
Public Address Device: IRK Reordered and Validated