How to hard code BLE pairing passkey in bluez 5.x peripheral?

Question

I need to have a hard coded passkey pin (eg "123456") in my peripheral device so that android mobile will have to enter this code while pairing.

I am using ubuntu 18.04, bluez 5.48 and a TI BLE4.0 + wifi chip on board.

Currently, I am able to establish pairing using all other methods which are provided by stack (noinputoutput, Keyboardonly,displayonly and keyboarddisplay).

My peripheral device will not have display and keyboard at production and hence planning to use a unique key which is stored in a file.

I have tried modifying simple-agent code to return a fixed key..I also tried tweaking bt-agent code to pass a passkey file.. but all these methods cant be used because stack is creating a random key and not taking my static hard coded key :(

I could see dozens of similar questions in web but none with a correct answer.. I had previously worked on few other BLE chips and achieved the same requirement(cc2650 etc with their on controller chip and stack), but with bluez stack I am not able to do it.

I heard that older stack had feature to read pin from a file, but how to achieve same in new stack?

Following points are mandatory i hope?: 1) I have to disable hci0 sspmode 2) I need Bluetooth daemon service to be running 3) I need an agent for pairing

Please let me know if anybody out there achieved the same with bluez...

Thanks!

Answer 1

The Bluetooth standard says the passkey should be random for each attempt. There's a good reason for that: the security property of the protocol is broken if a passkey is reused (at least for LE Secure Connections). So you should probably stick to "Just Works" method. If you need authentication, use a PAKE algorithm in your application layer.

See https://devzone.nordicsemi.com/f/nordic-q-a/35856/questions-about-lesc-mitm-and-passkey/138216#138216 for a longer description.