0

I'm working with a linux computer that will have no way to interface with it when it is deployed.

The only (end user friendly) access point it will have to start off is a bluetooth access point.

Bluetooth communication has been succesfully established, and a phone can connect with the controller without having to do any input on the controller.

The problem is that it isn't safe in this situation, anything can now freely pair and connect.

I would like the controller to request a controller unique pin from the connecting device so only people with access to that pin can connect with the controller.

I'm using python to manage the agent that handles the pairing process, and I'm currently using this code:

import dbus.service
import dbus.mainloop.glib
from gi.repository import GLib

BUS_NAME = 'org.bluez'
ADAPTER_IFACE = 'org.bluez.Adapter1'
ADAPTER_ROOT = '/org/bluez/hci'
AGENT_IFACE = 'org.bluez.Agent1'
AGNT_MNGR_IFACE = 'org.bluez.AgentManager1'
AGENT_PATH = '/my/app/agent'
AGNT_MNGR_PATH = '/org/bluez'
CAPABILITY = 'KeyboardDisplay'
DEVICE_IFACE = 'org.bluez.Device1'
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()

def set_trusted(path):
    props = dbus.Interface(bus.get_object(BUS_NAME, path), dbus.PROPERTIES_IFACE)
    props.Set(DEVICE_IFACE, "Trusted", True)

class Agent(dbus.service.Object):

    @dbus.service.method(AGENT_IFACE,
                         in_signature="", out_signature="")
    def Release(self):
        print("Release")

    @dbus.service.method(AGENT_IFACE,
                         in_signature='o', out_signature='s')
    def RequestPinCode(self, device):
        print(f'RequestPinCode {device}')
        return '0000'

    @dbus.service.method(AGENT_IFACE,
                         in_signature="ou", out_signature="")
    def RequestConfirmation(self, device, passkey):
        print("RequestConfirmation (%s, %06d)" % (device, passkey))
        set_trusted(device)
        return

    @dbus.service.method(AGENT_IFACE,
                         in_signature="o", out_signature="")
    def RequestAuthorization(self, device):
        print("RequestAuthorization (%s)" % (device))
        auth = input("Authorize? (yes/no): ")
        if (auth == "yes"):
            return
        raise Rejected("Pairing rejected")

    @dbus.service.method(AGENT_IFACE,
                         in_signature="o", out_signature="u")
    def RequestPasskey(self, device):
        print("RequestPasskey (%s)" % (device))
        set_trusted(device)
        passkey = input("Enter passkey: ")
        return dbus.UInt32(passkey)

    @dbus.service.method(AGENT_IFACE,
                         in_signature="ouq", out_signature="")
    def DisplayPasskey(self, device, passkey, entered):
        print("DisplayPasskey (%s, %06u entered %u)" %
              (device, passkey, entered))

    @dbus.service.method(AGENT_IFACE,
                         in_signature="os", out_signature="")
    def DisplayPinCode(self, device, pincode):
        print("DisplayPinCode (%s, %s)" % (device, pincode))


class Adapter:
    def __init__(self, idx=0):
        bus = dbus.SystemBus()
        self.path = f'{ADAPTER_ROOT}{idx}'
        self.adapter_object = bus.get_object(BUS_NAME, self.path)
        self.adapter_props = dbus.Interface(self.adapter_object,
                                            dbus.PROPERTIES_IFACE)
        self.adapter_props.Set(ADAPTER_IFACE,
                               'DiscoverableTimeout', dbus.UInt32(0))
        self.adapter_props.Set(ADAPTER_IFACE,
                               'Discoverable', True)
        self.adapter_props.Set(ADAPTER_IFACE,
                               'PairableTimeout', dbus.UInt32(0))
        self.adapter_props.Set(ADAPTER_IFACE,
                               'Pairable', True)


if __name__ == '__main__':
    agent = Agent(bus, AGENT_PATH)
    agnt_mngr = dbus.Interface(bus.get_object(BUS_NAME, AGNT_MNGR_PATH),
                               AGNT_MNGR_IFACE)
    agnt_mngr.RegisterAgent(AGENT_PATH, CAPABILITY)
    agnt_mngr.RequestDefaultAgent(AGENT_PATH)

    adapter = Adapter()
    mainloop = GLib.MainLoop()
    try:
        mainloop.run()
    except KeyboardInterrupt:
        agnt_mngr.UnregisterAgent(AGENT_PATH)
        mainloop.quit()

I got this code from here, but to be honest, I don't understand it.

It defines a bunch of dbus.service.method's and I think it somehow chooses one or something.

As someone who is used to less abstract languages I just dont know where its putting all this stuff or where its pulling.

I believe it just uses the RequestConfirmation() method in this case. so all the others are just junk.

But I would like to know if/how I can modify this to make it ask for a pin or passkey on my phone when I try to pair with the controller.

owndampu
  • 55
  • 8

1 Answers1

0

To try to explain what the code is doing...

There is a Bluetooth daemon (bluetoothd) running on a Linux system. bluetoothd handles the Bluetooth functionality on the system. Below is a sequence diagram of the interactions with bluetoothd for pairing.

enter image description here

RegisterAgent() is used to tell bluetoothd where the D-Bus org.bluez.Agent1 interface has been created and which capability to use this registered agent for.

When a pairing request comes in to bluetoothd it calls RequestConfirmation() at the registered location. If the returned value back is empty then the confirmation is confirmed. If there is either org.bluez.Error.Rejected or org.bluez.Error.Canceled thrown then the pairing is rejected.

Which of the org.bluez.Agent1 methods gets called by bluetoothd will depend on exactly what type of pairing request has been received.

The capability setting is probably best summarized by this table:

enter image description here

If it is the RequestConfirmation() method that is getting called, then the device D-Bus path and a uint32 passkey are the parameters passed in. It is up to the method in the agent to decide, on that information, if it should accept the request or not.

The org.bluez.Agent1 interface is documented at:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/doc/agent-api.txt

The official BlueZ example for a simple agent is at:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/test/simple-agent

ukBaz
  • 6,985
  • 2
  • 8
  • 31
  • Okay, so I set the capability to DisplayOnly, and I see it display its passkey in the terminal. But when I try to pair it still doesnt ask me to enter the passkey on my phone to connect. This passkey also seems to be randomly generated eacht time which wont work either. I need something that i can set myself. I think the method I want to use is the RequestPinCode one. But I don't see how I select it. where can i set the method that should actually be used. – owndampu Feb 25 '22 at 08:14
  • Okay i did some extra testing: the resulting method used from every capability. NoInputNoOutput = RequestAuthorisation (which makes no sense at all); DisplayOnly = RequestConfirmation (again makes no sense, i feel like this should be NINO); KeyboardOnly = RequestPasskey (the only one that makes sense); KeyboardDisplay = RequestConfirmation (???); DisplayYesNo = RequestConfirmation (again???); I just dont see how this is supposed to make sense – owndampu Feb 25 '22 at 08:35
  • You might want to look at: https://stackoverflow.com/a/70479911/7721752 which discusses why BlueZ doesn't allow you to set your own pin key – ukBaz Feb 25 '22 at 08:50
  • interesting, im now handling the verification after the connection is made, which allows me to achieve my goal in the end. Thanks for the link! – owndampu Feb 25 '22 at 12:02