BLE pairing fails with iOS 9.0.x on iPad 3 A1416 model

Dear Team and Developpers,


My team and I have engineered and released last yearon the market a BLE product based on the TI cc2541, stack 1.4.0.

This accessory uses Just Works pairing.


Up to iOS 9.0.x everything was just fine.

Since the upgrade I noticed that full pairing (1st ever connection) or half pairing (the accessory is forgotten on the iPad 3) fail


Using ComProbe BLE Protocol Analyzer, the pairing process stops just after the exchange of the pairing random value at the SMP layer.

Here are the logs, to be opened the ComProbe free software : https://drive.google.com/file/d/0BxzxSBSzsu49aW45d1FyeFE2SkE/view?usp=sharing

The central (iPad 3) isn't actually starting the encryption.


The connection is then terminated after channel encryption timeout.


That's a serious problem as, for my iPad 3 clients, they cannot use their accessory anymore.


Is it a known bug ?

Is there any workaround ?


BR,

//KaHo

Accepted Reply

Please test this with the latest seed of iOS 9.1 beta. If it does not resolve your issue with the iPad 3, please file a bug report at https://bugreport.apple.com


In the meantime, if you want to solve this issue on your end you can try and fix it in firmware.

The reason for having this issue is the peripherals assuming that some reserved bits in BLE Spec 4.0 would always be zero.

iOS 9 is now using the new LE Secure Connections pairing model, and the SC bit is set to 1 in the pairing request.


The peripheral can ignore this request and choose to use the legacy pairing model, but it cannot ignore the bits when creating the keys.


The peripheral is supposed to use the pairing request exactly as received to calculate the keys. Some peripherals are assuming that some of the reserved bits would be zero and calculating the keys based on the wrong data when iOS sends a pairing request with these bits (in this case the SC bit) set to 1.

Replies

Please test this with the latest seed of iOS 9.1 beta. If it does not resolve your issue with the iPad 3, please file a bug report at https://bugreport.apple.com


In the meantime, if you want to solve this issue on your end you can try and fix it in firmware.

The reason for having this issue is the peripherals assuming that some reserved bits in BLE Spec 4.0 would always be zero.

iOS 9 is now using the new LE Secure Connections pairing model, and the SC bit is set to 1 in the pairing request.


The peripheral can ignore this request and choose to use the legacy pairing model, but it cannot ignore the bits when creating the keys.


The peripheral is supposed to use the pairing request exactly as received to calculate the keys. Some peripherals are assuming that some of the reserved bits would be zero and calculating the keys based on the wrong data when iOS sends a pairing request with these bits (in this case the SC bit) set to 1.

Dear Gualtier,


Thanks for your feedback! I'll try the 9.1 Beta ASAP and share the results on this forum.

The solution of adapting our accessory firmware may be hard or even impossible for the products already sold.


BR

//KH

Dear Gualtier,


I have new logs that I think worth sharing.


For the same accessory with the same firmware and the same version of iOS (9.0.2), but with an iPadMini (A1432), the encryption starts right after the pairing random exchange. You can see the LL_ENC_REQ sent by the Central in these log : drive.google.com/.../view


IMHO this is the symptom : the central sends no LL_ENC_REQ.

If I remember well, iPads 3 were the very firsts pads to be compatible with BLE, and have BT 4.0 only chips. This is confirmed by the LL_VERSION_IND in the logs.


If iOS 9.0.2 uses the same LE Secure Connection features whatever the iPhone/iPad model, the fact that this lack of encryption appears only with iPads 3 would mean that this is a bug for this model and maybe because it has BT4.0 controller.


What do you think about it ?


Best Regards,

//KaHo

Hi KaHo,


Can you try this again with 9.1 now please.


The iPad 3 has a very old BT chipset and it's possible it is having issues in this case.

9.1 has some work done for it, but YMMV.