我用的设备是CC2640,在调试一个ONCHIP的例程,OAD成功更新后,我发现了一个问题,那就是,OAD的复位服务,FFD1一直可以被外界访问,如果对方是恶意的,那么它可以强行让OAD回到待更新的状态……这样还有什么安全可言呢,有没有什么办法去阻止呢。刚开始接触板子没几天,啥都不知道,让大家见笑了。
This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
1.首先没有input 和output也不一定是justwork,你可以和我们的例程一样设置为GAPBOND_IO_CAP_DISPLAY_ONLY,自己知道默认的key就可以。
此外你说的你的智能灯和鼠标只是just work 配对我认为是不安全的。
2.如果没有pair 也可以进行AES加密,加载到你的oad 传输以及你被升级的oad 解密,而这个AESkey为你预设的。
AES_ECB_EncryptData(inputData, 16, AESkey);
memcpy(encryptedData, inputData, 16);
AES_ECB_DecryptData(inputData, 16, AESkey);
memcpy(decryptedData, inputData, 16);
justwork 是无法干预的,
建议使用passcode 模式也是我们例程里面pairing的模式,
下面是一些加密方式,具体优缺点可以见于SIG标准的Core v5.
//Setup the Gap Bond Manager { //common GAPBondMgr params uint8_t pairMode = GAPBOND_PAIRING_MODE_INITIATE; uint8_t bonding = FALSE; GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode); GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding); //initializtion for secure connections OOB #if (PAIRING == OOB_SC) uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY; GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); #if STATIC_KEYS GAPBondMgr_SetParameter(GAPBOND_ECC_KEYS, sizeof(gapBondEccKeys_t), &eccKeys); #endif //initialization for legacy OOB pairing #elif (PAIRING == OOB_LE) uint8_t scMode = GAPBOND_SECURE_CONNECTION_NONE; uint8_t oobEnabled = TRUE; GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); GAPBondMgr_SetParameter(GAPBOND_OOB_DATA, sizeof(uint8_t) * KEYLEN, oobRemoteData.oob); GAPBondMgr_SetParameter(GAPBOND_OOB_ENABLED, sizeof(uint8_t), &oobEnabled ); //initialization for numeric comparison pairing (only possible with secure connections) #elif (PAIRING == NUMCOMP) uint8_t mitm = TRUE; uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_YES_NO; uint8_t scMode = GAPBOND_SECURE_CONNECTION_ONLY; GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm); GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap); GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); //initialization for passcode entry pairing #elif (PAIRING == PASSCODE) uint8_t mitm = TRUE; uint8_t ioCap = GAPBOND_IO_CAP_KEYBOARD_ONLY; uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW; GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm); GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap); GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); //initialization for just works pairing #elif (PAIRING == JUSTWORKS) uint8_t mitm = FALSE; uint8_t scMode = GAPBOND_SECURE_CONNECTION_ALLOW; GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm); GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &scMode); #endif }