使用QR码作为带外(OOB)通道的蓝牙安全简单配对(SSP)

Question

我有一个Windows 7应用程序,它使用Stollmann SDK成功地将PC与Android绑定.蓝牙MAC地址,哈希和随机化器的双向交换通过NFC 在带外进行:

遗憾的是,Windows应用程序的源代码无法在此处共享.在Android端,一旦收到NDEF消息,就不需要应用程序,安全简单配对由操作系统(通过HandoverManager？)执行application/vnd.bluetooth.ep.oob.

现在我正在尝试创建一个Android应用程序,它将使用单向身份验证通过扫描的QR代码(而不是NFC)执行OOB配对.

自定义QR码将显示在PC屏幕上(由ZXing.Net生成)并包含蓝牙MAC地址,散列和随机发生器.

然而,在Android中似乎尚未实现OOB绑定 -

BluetoothAdapter.java:

/**
 * Read the local Out of Band Pairing Data
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH}
 *
 * @return Pair<byte[], byte[]> of Hash and Randomizer
 *
 * @hide
 */
public Pair<byte[], byte[]> readOutOfBandData() {
    if (getState() != STATE_ON) return null;
    //TODO(BT
    /*
    try {
        byte[] hash;
        byte[] randomizer;

        byte[] ret = mService.readOutOfBandData();

        if (ret  == null || ret.length != 32) return null;

        hash = Arrays.copyOfRange(ret, 0, 16);
        randomizer = Arrays.copyOfRange(ret, 16, 32);

        if (DBG) {
            Log.d(TAG, "readOutOfBandData:" + Arrays.toString(hash) +
              ":" + Arrays.toString(randomizer));
        }
        return new Pair<byte[], byte[]>(hash, randomizer);

    } catch (RemoteException e) {Log.e(TAG, "", e);}*/
    return null;
}

BluetoothDevice.java:

/**
 * Start the bonding (pairing) process with the remote device using the
 * Out Of Band mechanism.
 *
 * <p>This is an asynchronous call, it will return immediately. Register
 * for {@link #ACTION_BOND_STATE_CHANGED} intents to be notified when
 * the bonding process completes, and its result.
 *
 * <p>Android system services will handle the necessary user interactions
 * to confirm and complete the bonding process.
 *
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
 *
 * @param hash - Simple Secure pairing hash
 * @param randomizer - The random key obtained using OOB
 * @return false on immediate error, true if bonding will begin
 *
 * @hide
 */
public boolean createBondOutOfBand(byte[] hash, byte[] randomizer) {
    //TODO(BT)
    /*
    try {
        return sService.createBondOutOfBand(this, hash, randomizer);
    } catch (RemoteException e) {Log.e(TAG, "", e);}*/
    return false;
}

/**
 * Set the Out Of Band data for a remote device to be used later
 * in the pairing mechanism. Users can obtain this data through other
 * trusted channels
 *
 * <p>Requires {@link android.Manifest.permission#BLUETOOTH_ADMIN}.
 *
 * @param hash Simple Secure pairing hash
 * @param randomizer The random key obtained using OOB
 * @return false on error; true otherwise
 *
 * @hide
 */
public boolean setDeviceOutOfBandData(byte[] hash, byte[] randomizer) {
  //TODO(BT)
  /*
  try {
    return sService.setDeviceOutOfBandData(this, hash, randomizer);
  } catch (RemoteException e) {Log.e(TAG, "", e);} */
  return false;
}

我的问题:

由于OOB蓝牙配对在Android上比NFC更好 - 你认为有一种(hackish)方式通过QR码做同样的事情吗？

也许(疯狂的想法)喂HandoverManager一个假的NDEF消息？

Answer 1

您无法伪造 NFC 广播，该广播是由 NFC 服务应用程序检测到 NFC 标签时实际发布的。由于这是受保护的广播，非系统应用程序无法广播该意图。