Android Question Xbee3 BLE issue

techknight

Well-Known Member
Licensed User
Digi had just released the new BLE firmware for their new Xbee3 line. Nicest thing is, the BLE module has a +19dbm output which is a pretty good range. So I was thinking it would be ideal for what I do.

I was going to use the module in my App, but there is a problem. Digi has decided to make authentication to the module required in order to send/receive data to and from it. The authentication might as well be built like fort knox as its way above my level of understanding mathematics.

They call it the "BLE Unlock Frame 0x2C. The problem for me isnt the frame, I have worked with Digi Zigbee frames before. The trouble is the authentication math as outlined here:

https://www.digi.com/resources/documentation/digidocs/pdfs/90001539.pdf

The unlock process is an implementation of the SRP (Secure Remote Password) algorithm using the RFC5054 1024-bit group and the SHA-256 hash algorithm . The value of I is fixed to the username apiservice.

Upon completion, each side will have derived a shared session key which is used to communicate in an encrypted fashion with the peer. Additionally, a Modem Status frame - 0x8A with the status code 0x32 (Bluetooth Connected) is sent through the UART (if AP = 1 or 2). When an unlocked connection is terminated, a Modem Status frame with the status code 0x33 (Bluetooth Disconnected) is sent through the UART.

The following implementations are known to work with the BLE SRP implementation: n github.com/cncfanatics/SRP You need to modify the hashing algorithm to SAH256 and the values of N and g to use the RFC5054 1024-bit group. n github.com/cocagne/csrp n github.com/cocagne/pysrp

So for me, this might as well be NASA level. I looked at the example python and C code shown in the documentation but I have no idea how to convert that into B4A code.

But not only does this have to take place, the derived "session key" has to be used to encrypt all traffic to and from the module, no matter what it is. Yikes! From the little I understand of what is going on here, almost feels like SSL or TLS over BLE. I remember hearing about SRP before but I cant remember where.

So I was wondering if someone could tackle this, or maybe even already has an implementation for B4A?
 
Last edited:

f0raster0

Well-Known Member
Licensed User
Do you have your digi modules with you and already tested the range? if yes, what is the real range?
I used Xbee1-2 but never got the range from specifications.

We're working with nRF52 mesh/long distance up to 700+ mts, but having problems with BLE+B4A

Digi had just released the new BLE firmware for their new Xbee3 line. Nicest thing is, the BLE module has a +19dbm output which is a pretty good range. So I was thinking it would be ideal for what I do.
 
Upvote 0

techknight

Well-Known Member
Licensed User
I use the 900Mhz Xbee PRO modules with an effective range of around 250 to 300FT with 6DBi antennae.

I can get "about" the same range with the 2.4Ghz versions but that "cloud" is jammed packed with interference so during a crowded sports game, the distance is reduced significantly.

This is going to be an issue with BLE no matter what, so my target area for the usage of these modules will be in Gymnasiums plus other smaller fields. Not full size pressbox based fields, I have to use 900Mhz in those environments.

Odd thing is I am asking about working with these in Android, and the reality is I need it for iOS which is why I am doing this. Standard old school SPP dont work with iCrap devices. Thats what I currently use now and I can get 300+ft with those things as well.
 
Upvote 0

techknight

Well-Known Member
Licensed User
No, it would have to be built. There is a Java library from Digi themselves for communicating with xBee in general, but not this new BLE setup.

Closest thing I can find is the Java Nimbus library for SRP needed for authentication.

But ultimately I want to target iOS and that is a different ballgame because its Objective C.
 
Upvote 0
Top