while facing problems with a C# BLE connection I've digged deeper in the Bluetooth low energy Connection part.
Here I'm not shure if I understand this part 100%.
In my case I want to connect to a device that requires bonding to start datatransfer otherwise I reiceive the right amount of Bytes but only zeros.
My application somtimes works and I receive the expected values, sometimes I only receive zeros and sometimes I get an error "System.ArgumentException" in mscorlib.dll and my app crashes.
Before I start Changing my Code I want to be shure that I understand the Connection part right.
With BLE I can do bonding, pairing and connect.
Bonding means in general the same a pairing. Encrytion keys are exchanged and in case of bonding, the keys are saved permanent and are resused for future sessions between two specific devices.
Pairing keys are only valid for one session.
https://eewiki.net/display/Wireless/A+Basic+Introduction+to+BLE+Security
Based on this link, Bluetooth uses an AES suit.
So for me, these two Options are clear( of course in case that I understood them correct).
So now I've read that it is possible to get a connection without bonding or pairing since a Windows Creators update.
I understand that there is no key exchange and based on my knowledge on AES can't be used.
Is a communication with using just a Connection between two devices really completely unsecure or am I missing something?
Thank you
That is correct, without pairing/bonding the BLE link is unencrypted and all data transferred back and forth can be read easily using a sniffer. On the other hand, if pairing/bonding is used, all data transferred back and forth is encrypted and cannot be read using a sniffer unless the encryption key is used at the sniffer end as well.
For more information, please see Bluetooth Specification, Version 5.0, Vol 3, Part H, section C.2 (Authentication and Encryption).
I hope this answers your question.
Related
I would like to get a Bluetooth tracking device such as TrackR, Tile, Chipolo, ... and write my own app to detect my devices on a Windows 10 Mobile device. Are they encrypted in some way so that only their app can use them?
Can anyone point me in the right direction for doing that? Or tell me that it's impossible.
Detection is independent of encryption.
Let us call the main device with which other devices should be detected the "Central", and these other devices "Peripherals".
Every Peripheral that wishes to be detected has to send advertisements. There are several advertising modes; without going to much into detail, these different modes are for allowing the peripheral to be discovered, or to be connected with, or both.
All these advertisements are unencrypted, so any device can "see" and understand these advertisments. A Central just has to go into scanning mode; in this mode, the Central listenes for any advertisements it can detect. After finishing the scan, all found devices are presented in a list. There is no encryption here; encryption only comes into play after two devices have connected and at least one devices demands encrypted communication. But this is not necessary for finding and identifying devices.
Note that the only information you can get without connecting is the advertisement data (and possible some additional scan response data). Typically, a short device name or identifier is part of the advertisement data to allow for identification of the device type. If the device implements the Device Information Service, each information there can also be read without encryption (but you have to connect and discover this service first). Most devices will want the Central to know their name, type and purpose, so typically that information will not be encrypted.
Is it possible to receive all bytes which are flowing in WiFi? Can I receive it as a byte or text using (if I know the WiFi passowrd)? The programing language isn't importatant for me. I think that everybody can read the informations which are flowing using the WiFi because they're the electromagnic waves?
You can use Wireshark (www.wireshark.org) to decode packets that are flowing in or out of the machine the programme is running on.
To snoop on packets that are passing between other machines you'll need something that can capture raw packets, such as Shark for Root for Android (https://play.google.com/store/apps/details?id=lv.n3o.shark&hl=en)
Of course, if the traffic is encrypted (connected to an HTTPS address or through a VPN for example) then it's a lot more difficult to decode (though the NSA doesn't have much trouble). You'll need to become a "man in the middle" or get hold of the encryption keys somehow.
this is my first question here, after searching and reading through many places I have not choice but to ask.
I have a C# application that receives data from a GPS device and stored in a database, I need now is to send a string that contains commands which the device should be interpreted.
This device connects to the Internet over GPRS, I haven't idea how to send this packet over TCP over GPRS because the IP is dynamic.
I hope any suggestions or ideas on how to solve this.
Best regards.
You should do it the other way around - the device should poll the server for instructions. Just make sure the server is accessible.
As you have specified that you have developed a C# application to read the GPS data through GPRS that means you are running C# application on a public/static IP.
Nwo as soon as you get a request from the GPRS client, you get the DHCP IP address of the remote endpoint too.
Once you have that endpoint and socket open, you can transmit any data to the GPS device back.
Assuming that your GPS device is having some microcontroller to drive the GSM/GPRS modem.
I'm going to make an assumption here that the 'Device' is some kind of mobile phone connected to a standard GSM network?
If it is, then the short version of the story is "Forget it" even if the IP wasn't dynamic, you simply wouldn't be talking to the IP of your device, you'd actually be talking to the IP address of your providers GGSN, and for a standard consumer connection this is going to be where the buck stops.
Now that said, IF you have the budget, and all your devices (Assuming multiple ones) are with the same carrier, then you can approach the carrier and request a dedicated APN (Access point name) essentially what this is , is the mobile network equivalent of a DNS record, or at least similar enough to use that analogy anyway.
When you set up your data connection on your device you may recall having to enter something like 'pp.vodafone.com' or 'INGhub411.o2-uk.inbound' we'll this is your actual APN, and if you have a custom one they your devices can be set up so that the IP the presents itself at the GGSN actually has a static route back to the individual device in the suppliers GSM network.
As a general rule of thumb however on consumer grade connections this is not enabled and hence there is no ingress available to the individual device.
As zmbq says, the ONLY option you have is for the device to keep polling the server on a regular basis, and yes unfortunately that is going to be very unforgiving on the battery.
of course there is one other way of approaching this, and that's to have the device open a socket directly to your server then keep that socket open. Once the socket is open, 2 way communication can be performed across the link, unfortunately your going to also have to write all the code to manage this connection including, but not limited to monitoring the connection to make sure it's still open and re-establishing it if it's not, something which is incredibly important on a mobile device.
I have PC and VOIP phone. When someone calls to my account and I answer it using VOIP phone, I want the phone number to be stored on my PC.
What is the easiest way to receive caller number? Is finding a VOIP Java/C# SDK and developing my application (just to get a caller number) the only way or are there some clever shortcuts?
Note: I am familiar that softphones are displaying the callerID but there is no (reasonble, non hack'ish) way I can read it from softphone.
Depending on your softphone you might be able to configure it to save a calls log. Alternatively you could obtain CDRs (call detail records) from your VOIP server.
Another route to go would be to monitor incoming VOIP TCP connections and extract caller data from sniffed packets.
Or you could write a small program that will run in background and check periodically which is the active window. If the active window is your softphone, then it will take a screenshot and dump it to a folder.
What Vlad said. Providing the hardphone model details will get you more details :-)
If the PC is sure to be on all the time you want to operate the phone, you can install a simple SIP proxy on the PC that does nothing but logging.
If a softphone is an option, many of them can be scripted, I love twinkle for example.
Using wireshark (or more to the point tshark, the command-line version) you can build a capture spec that will only capture incoming SIP packets on UDP port 5060, and then only if the SIP msg is INVITE. Then you just have to look at the "From" line to see who called you (if it's filled in; it should at least have a number).
I have a piece of hardware with an embedded user control accessed by typing the device's IP Address into a web browser. The device is connected directly to my PC via x-over ethernet cable and static IP's. I need to integrate the control of the device into my C# application.
My thought was to use a packet sniffer to monitor the traffic between my PC and the device while at the same time playing with the device's controls in my web browser. Then finding out which packets that my PC is sending correspond with which controls I am using at that time. Then I can create a class of HTTP or TCP packets in my C# application and send them to the device using the Socket class.
However, I dont have much expereince with network protocols, so when I am using Wireshark to monitor the traffic between my PC and the device, I am not sure where to even start when finding out which packets do what. Does anyone have any ideas? I am open to anything. Thanks!!
EDIT:
Its hard to explain exactly what my device is, but its basically an elaborate sensor and typically used in industrial applications, so it could likely be using Modbus, which I am moderately familiar with. Do you know how I can tell which protocol is being used by examining the packets? I noticed (using Wireshark) that the packets being sent from my PC to the device occur in a pattern of 1 HTTP packet, then 5 TCP packets and repeat that same sequence as long as the control is open in my browser. Are there any resources that might give me a better understanding of what is going on?
If this is browser controlled, my first thought would be to examine the web pages the device sends to your browser and see what the browser is instructed to do when you manipulate the controls - this seems much easier than messing around with Wireshark.
Is there something I'm missing that makes this impossible (such as a Flash-based control system)? If it's just done with HTML or Javascript, and HTML POST messages or something a bit more sophisticated like Ajax, it should be relatively easy to work out the interface.
Depending on the device it will either be using a variant of the modbus protocol (http://en.wikipedia.org/wiki/Modbus) or something obscure and propriatory.
The best thing to do is to keep sending the same command to the device over and over again until you can recognise similarities in the packets.
If it is propriatory it will probably be something simple like a command/data pair or possibly an XML blob. If you're really unlucky it will be compressed or encoded but unless you're hacking a game or a cash machine this is unlikely.
Asking the manufacturer of the device if they can give you the spec often works as well.