Setting up the BPA 600

1. Run the ComProbe Protocol Analysis Software and select Bluetooth Classic/low energy (BPA 600). This will bring up the BPA 600 datasource window. This is where the parameters are set for sniffing, including the devices to be sniffed and how the link is to be decrypted.
2. Select Devices Under Test tab on the Datasource window.
3. Click/select LE Only.

4. To decrypt encrypted data transmissions between the Bluetooth low energy devices the ComProbe analyzer needs to know the LTK because this is the shared secret used to encrypt the session. There are two ways to provide this information and which to select will depend on the pairing method: Just Works or Passkey Entry.

    

   

   BPA 600 datasource Encryption Key Entry

   1. Passkey Entry is easiest if you have the code that was displayed or entered during device pairing. The code is what is used to generate the LTK. Under LE Encryption enter the code in the Enter New PIN/OOB data text box.

   2. Just Works is more of a challenge because you must know the LTK that is created at the time of pairing and identification of an encrypted link.

      • If your device was previously used in an encrypted capture session, the device information including LTK can be found in the Device Database tab.
      • In a design and development environment the LTK is often known beforehand.
      • Capture of Host Controller Interface (HCI) events using ComProbe HSU can reveal the LTK, which is contained in the HCI_Link_Key_Request_Reply command. HCI capture is through direct connection to the device host controller. The information obtained in a direct connection can later be used in a wireless encrypted capture session that requires prior knowledge of encryption keys.
5. To start capture click on the Start Sniffing button on the BPA 600 datasource toolbar.

Next....