使用QR码作为带外(OOB)通道的蓝牙安全简单配对(SSP)

时间:2015-06-24 13:07:57

标签: android bluetooth qr-code android-bluetooth bluetooth-oob

我有一个Windows 7应用程序,它使用Stollmann SDK成功地将PC与Android绑定。蓝牙MAC地址,散列和随机发生器的双向交换通过NFC在带外中执行:

application with qr code

不幸的是,Windows应用程序的源代码无法在这里共享。在Android端,一旦收到带有application/vnd.bluetooth.ep.oob的NDEF消息,则不需要应用程序,安全简单配对由操作系统(HandoverManager?)执行。

现在我正在尝试创建an Android app,它将使用单向身份验证通过扫描的QR码(而不是NFC)执行OOB配对。

自定义QR码将显示在PC屏幕上(由ZXing.Net生成)并包含蓝牙MAC地址,哈希和随机发生器。

然而,在Android中似乎尚未实现OOB绑定 -

BluetoothAdapter.java

/**
 * Read the local Out of Band Pairing Data
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH}
 *
 * @return Pair<byte[], byte[]> of Hash and Randomizer
 *
 * @hide
 */
public Pair<byte[], byte[]> readOutOfBandData() {
    if (getState() != STATE_ON) return null;
    //TODO(BT
    /*
    try {
        byte[] hash;
        byte[] randomizer;

        byte[] ret = mService.readOutOfBandData();

        if (ret  == null || ret.length != 32) return null;

        hash = Arrays.copyOfRange(ret, 0, 16);
        randomizer = Arrays.copyOfRange(ret, 16, 32);

        if (DBG) {
            Log.d(TAG, "readOutOfBandData:" + Arrays.toString(hash) +
              ":" + Arrays.toString(randomizer));
        }
        return new Pair<byte[], byte[]>(hash, randomizer);

    } catch (RemoteException e) {Log.e(TAG, "", e);}*/
    return null;
}

BluetoothDevice.java

/**
 * Start the bonding (pairing) process with the remote device using the
 * Out Of Band mechanism.
 *
 * <p>This is an asynchronous call, it will return immediately. Register
 * for {@link #ACTION_BOND_STATE_CHANGED} intents to be notified when
 * the bonding process completes, and its result.
 *
 * <p>Android system services will handle the necessary user interactions
 * to confirm and complete the bonding process.
 *
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
 *
 * @param hash - Simple Secure pairing hash
 * @param randomizer - The random key obtained using OOB
 * @return false on immediate error, true if bonding will begin
 *
 * @hide
 */
public boolean createBondOutOfBand(byte[] hash, byte[] randomizer) {
    //TODO(BT)
    /*
    try {
        return sService.createBondOutOfBand(this, hash, randomizer);
    } catch (RemoteException e) {Log.e(TAG, "", e);}*/
    return false;
}

/**
 * Set the Out Of Band data for a remote device to be used later
 * in the pairing mechanism. Users can obtain this data through other
 * trusted channels
 *
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
 *
 * @param hash Simple Secure pairing hash
 * @param randomizer The random key obtained using OOB
 * @return false on error; true otherwise
 *
 * @hide
 */
public boolean setDeviceOutOfBandData(byte[] hash, byte[] randomizer) {
  //TODO(BT)
  /*
  try {
    return sService.setDeviceOutOfBandData(this, hash, randomizer);
  } catch (RemoteException e) {Log.e(TAG, "", e);} */
  return false;
}

我的问题:

由于OOB蓝牙配对在Android上比NFC更好 - 你认为有一种(hackish)方式通过QR码做同样的事情吗?

也许(疯狂的想法)通过向HandoverManager提供虚假的NDEF消息?

1 个答案:

答案 0 :(得分:1)

当您检测到NFC标签时,您无法伪造NFC服务应用实际发布的NFC广播。由于这是一个受保护的广播非系统应用程序无法广播意图。