BlueZ BLE Pin or Key Missing authentication error after initial connection

Question

It seems that after initially pairing / connecting with certain BLE devices (In this case, a pulse ox), any subsequent connection results in a PIN or Key Missing (0x06) error. I can remove the device using bluetoothctl or a similar tool, and then I'm able to connect again, but I'm trying to figure out what the actual issue is so that I can get this working. I'm using BlueZ 5.47 and in this case, I'm just attempting to talk to the device via gatttool (works first time, not any subsequent times after making a valid connection). I've read through some tickets where people described a similar issue, but the only solution I've seen so far involved removing the device before pairing.

Here is the btmon log of the failed connection:

< HCI Command: LE Create Connection (0x08|0x000d) plen 25                                                                               #3 [hci0] 91.335394
        Scan interval: 60.000 msec (0x0060)
        Scan window: 30.000 msec (0x0030)
        Filter policy: White list is not used (0x00)
        Peer address type: Public (0x00)
        Peer address: 00:1C:05:FF:9C:A5 (OUI 00-1C-05)
        Own address type: Public (0x00)
        Min connection interval: 50.00 msec (0x0028)
        Max connection interval: 70.00 msec (0x0038)
        Connection latency: 0 (0x0000)
        Supervision timeout: 420 msec (0x002a)
        Min connection length: 0.000 msec (0x0000)
        Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4                                                                                               #4 [hci0] 91.347480
      LE Create Connection (0x08|0x000d) ncmd 1
        Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 19                                                                                               #5 [hci0] 92.874610
      LE Connection Complete (0x01)
        Status: Success (0x00)
        Handle: 1025
        Role: Master (0x00)
        Peer address type: Public (0x00)
        Peer address: 00:1C:05:FF:9C:A5 (OUI 00-1C-05)
        Connection interval: 70.00 msec (0x0038)
        Connection latency: 0 (0x0000)
        Supervision timeout: 420 msec (0x002a)
        Master clock accuracy: 0x01
@ Device Connected: 00:1C:05:FF:9C:A5 (1) flags 0x0000
< ACL Data TX: Handle 1025 flags 0x00 dlen 8                                                                                            #6 [hci0] 92.928535
      ATT: Write Request (0x12) len 3
        Handle: 0x0019
          Data: 01
> ACL Data RX: Handle 1025 flags 0x02 dlen 6                                                                                            #7 [hci0] 92.977319
      SMP: Security Request (0x0b) len 1
        Authentication requirement: No bonding, No MITM, Legacy, No Keypresses (0x00)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28                                                                                #8 [hci0] 92.977466
        Handle: 1025
        Random number: 0x8f15c8e27f50c2fc
        Encrypted diversifier: 0x6ee1
        Long term key: b3c9837306766fd8d4024ae4549c6337
> HCI Event: Command Status (0x0f) plen 4                                                                                               #9 [hci0] 92.988087
      LE Start Encryption (0x08|0x0019) ncmd 1
        Status: Success (0x00)
> ACL Data RX: Handle 1025 flags 0x02 dlen 5                                                                                           #10 [hci0] 93.117417
      ATT: Write Response (0x13) len 0
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                 #11 [hci0] 93.145136
        Num handles: 1
        Handle: 1025
        Count: 1
> HCI Event: Encryption Change (0x08) plen 4                                                                                           #12 [hci0] 93.327778
        Status: PIN or Key Missing (0x06)
        Handle: 1025
        Encryption: Disabled (0x00)
< HCI Command: Disconnect (0x01|0x0006) plen 3                                                                                         #13 [hci0] 93.327909
        Handle: 1025
        Reason: Authentication Failure (0x05)
> HCI Event: Command Status (0x0f) plen 4                                                                                              #14 [hci0] 93.333590
      Disconnect (0x01|0x0006) ncmd 1
        Status: Success (0x00)
> HCI Event: Disconnect Complete (0x05) plen 4                                                                                         #15 [hci0] 93.397883
        Status: Success (0x00)
        Handle: 1025
        Reason: Authentication Failure (0x05)

It rather seems to be the remote device that has an issue, because it says it doesn't have the encryption key that was previously negotiated. — Emil, Jan 22 '18 at 21:53
I suppose if it's the other device there is no way to fix that from the application. The device in question is a Nonin 3230 pulse ox, if that makes any difference. — Joe, Jan 24 '18 at 16:37
What happens if you try to connect and pair it to Android or iOS? — Emil, Jan 24 '18 at 17:18
I've since been able to test this using a much newer system with noble-device as part of a node.js project, and that appears to work without issue. Because of that, I don't think its the device itself having issues. The failure is on an angstrom linux system with blueZ 5.47 on kernel 3.2.6.r4954+ — Joe, Jan 25 '18 at 17:22
Noble doesn't support persistent bonding, so you can't compare with that. Try Android or iOS. — Emil, Jan 25 '18 at 19:05
So I have an iOS device (iPhone 6) and was able to connect to it 5 consecutive times without any issue. I'm able to take off the pulse ox and watch it disconnect, and then I can select it again after activating the device and I see no issues. The only potential difference I can see is that when I'm doing it via the application I'm writing, it writes to a characteristic so that it can read values off of it. I'm obviously not doing that with the iOS device. — Joe, Jan 26 '18 at 16:33
As a quick followup - I'm able to install the nonin connect app on my iPhone and connect as frequently as I want while reading data: https://itunes.apple.com/us/app/noninconnect/id684979072?mt=8 So as far as I can tell my iOS device and connect / reconnect without unpairing / forgetting without any issue. — Joe, Jan 26 '18 at 16:43
Do you pair the device in iOS, i.e. does it ever show a system pop up "do you want to pair this device"? Or do you just connect? — Emil, Jan 27 '18 at 00:54
Emil - I found more information that might be useful after some research and communication with the MFG. It appears that the device uses the 'Just Works' method for pairing. The used a sniffer to track the pairing process for an iOS device (which works correctly). The connection process has MITM set to no, and that appears to be the main difference between what gatttool is currently trying to do (MITM: Yes). Is there a way to disable MITM protection for bluetooth on a linux system, or force the bluez tools not to use MITM when making a connection? — Joe, Mar 16 '18 at 19:22
As a followup comment - the BLE device itself does not support MITM protection. — Joe, Mar 16 '18 at 19:23
I have provided an answer to a similar issue, see https://stackoverflow.com/a/71839089/1725943 - maybe it helps. — Sven Gothel, Apr 19 '22 at 16:56

score 0 · Answer 1 · answered Jan 28 '19 at 13:18

0

I ended up on your SO issue while investigating another BLE issue. It looks your issue might be related to this Linux kernel bug that has been fixed in 3.8: https://lore.kernel.org/patchwork/patch/458251/

answered Jan 28 '19 at 13:18

OlivierM

2,820
24
41

BlueZ BLE Pin or Key Missing authentication error after initial connection

1 Answers1