我有一个Windows 7应用程序,它使用Stollmann SDK成功地将PC与Android绑定。蓝牙MAC地址,散列和随机发生器的双向交换通过NFC在带外中执行:
不幸的是,Windows应用程序的源代码无法在这里共享。在Android端,一旦收到带有application/vnd.bluetooth.ep.oob
的NDEF消息,则不需要应用程序,安全简单配对由操作系统(HandoverManager?)执行。
现在我正在尝试创建an Android app,它将使用单向身份验证通过扫描的QR码(而不是NFC)执行OOB配对。
自定义QR码将显示在PC屏幕上(由ZXing.Net生成)并包含蓝牙MAC地址,哈希和随机发生器。
然而,在Android中似乎尚未实现OOB绑定 -
/**
* Read the local Out of Band Pairing Data
* <p>Requires {@link android.Manifest.permission#BLUETOOTH}
*
* @return Pair<byte[], byte[]> of Hash and Randomizer
*
* @hide
*/
public Pair<byte[], byte[]> readOutOfBandData() {
if (getState() != STATE_ON) return null;
//TODO(BT
/*
try {
byte[] hash;
byte[] randomizer;
byte[] ret = mService.readOutOfBandData();
if (ret == null || ret.length != 32) return null;
hash = Arrays.copyOfRange(ret, 0, 16);
randomizer = Arrays.copyOfRange(ret, 16, 32);
if (DBG) {
Log.d(TAG, "readOutOfBandData:" + Arrays.toString(hash) +
":" + Arrays.toString(randomizer));
}
return new Pair<byte[], byte[]>(hash, randomizer);
} catch (RemoteException e) {Log.e(TAG, "", e);}*/
return null;
}
/**
* Start the bonding (pairing) process with the remote device using the
* Out Of Band mechanism.
*
* <p>This is an asynchronous call, it will return immediately. Register
* for {@link #ACTION_BOND_STATE_CHANGED} intents to be notified when
* the bonding process completes, and its result.
*
* <p>Android system services will handle the necessary user interactions
* to confirm and complete the bonding process.
*
* <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
*
* @param hash - Simple Secure pairing hash
* @param randomizer - The random key obtained using OOB
* @return false on immediate error, true if bonding will begin
*
* @hide
*/
public boolean createBondOutOfBand(byte[] hash, byte[] randomizer) {
//TODO(BT)
/*
try {
return sService.createBondOutOfBand(this, hash, randomizer);
} catch (RemoteException e) {Log.e(TAG, "", e);}*/
return false;
}
/**
* Set the Out Of Band data for a remote device to be used later
* in the pairing mechanism. Users can obtain this data through other
* trusted channels
*
* <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
*
* @param hash Simple Secure pairing hash
* @param randomizer The random key obtained using OOB
* @return false on error; true otherwise
*
* @hide
*/
public boolean setDeviceOutOfBandData(byte[] hash, byte[] randomizer) {
//TODO(BT)
/*
try {
return sService.setDeviceOutOfBandData(this, hash, randomizer);
} catch (RemoteException e) {Log.e(TAG, "", e);} */
return false;
}
我的问题:
由于OOB蓝牙配对在Android上比NFC更好 - 你认为有一种(hackish)方式通过QR码做同样的事情吗?
也许(疯狂的想法)通过向HandoverManager
提供虚假的NDEF消息?
答案 0 :(得分:1)
当您检测到NFC标签时,您无法伪造NFC服务应用实际发布的NFC广播。由于这是一个受保护的广播非系统应用程序无法广播意图。