Clarification about LE encryption field used in the LL_FEATURE_REQ and LL_FEATURE_RSP

Question

I sniffed with my Ubertooth One, some BLE packets between my Android phone and my BLE device, and I would like clarifications about a particular field and its meaning.

After the connection is established, a LL_FEATURE_REQ is sent with the value of the LE Encryption field set to 0 (false).

According to the offical documentation (BLUETOOTH SPECIFICATION Version 4.2 [Vol 6, Part B], 4.6 FEATURE SUPPORT):

"When this information is sent from a Controller to a Host, a bit set to 0 indicates that the Link Layer Feature is not supported in this Controller; a bit set to 1 indicates that the Link Layer Feature is supported in this Controller.

When this information is sent from a Controller to a peer Controller, a bit set to 0 indicates that the Link Layer Feature shall not be used by the Controllers; a bit set to 1 indicates that the Link Layer Feature may be used by the Controllers. "

Also in the LL_FEATURE_RSP the LL Encryption field is set to 0 (false).

So, according to this Message Sequence Chart (BLUETOOTH SPECIFICATION Version 4.2 [Vol 6, Part D]), before sending the LL_FEATURE_REQ, the Master device (my Android phone), first reads the supported features and then sends the request.

Does this mean that my Android device does not support communication encryption?

EDIT:

Below is the Wireshark output (on the left is the the Bluetooth HCI snoop log from my Android phone, and on the right the packtet captured with my Ubertooth):

Emil · Accepted Answer

If the LL_FEATURE_REQ contains a 0 for position of LE Encryption (position 0), then that device's controller does not support encryption. The LL_FEATURE_RSP contains the bitwise AND of the master's and the slave's supported features.

But it sounds strange that an Android device wouldn't support encryption...

Clarification about LE encryption field used in the LL_FEATURE_REQ and LL_FEATURE_RSP

Answers (2)

Related Questions