Android蓝牙和笔记本电脑蓝牙设备之间是否可以建立不安全的连接?
[英]Is it possible to make insecure connection between android bluetooth and laptop bluetooth device?
问题描述
I am trying to connect android device with laptop or desktop which contains Bluetooth via Bluetooth socket connection. 
我正在尝试通过蓝牙套接字连接将android设备与包含蓝牙的笔记本电脑或台式机连接。
I have created one android application (Client) which tries to connect laptop Bluetooth device where java application (Server) is running. 我创建了一个Android应用程序(客户端),该应用程序尝试连接运行Java应用程序(服务器)的笔记本电脑蓝牙设备。
My concern is that, Is it possible to connect both the device insecurely (without pin authentication) using Bluetooth socket connection? 我担心的是,是否可以使用蓝牙套接字连接将两个设备安全地连接(没有引脚验证)?
If possible, Please suggest me solution. 如果可能的话,请给我建议解决方案。
If not, Is there any way to programmatically auto pair both the devices? 如果没有,是否可以通过编程方式自动配对两个设备?
Thanks in advance !!! 提前致谢 !!!
2 个解决方案
解决方案1
1 2014-06-25 06:16:08
By referring java api for bluetooth, I got the solution for Insecure connection between two Android and laptop Bluetooth devices. 通过将Java API引用为蓝牙,我得到了两个Android和便携式蓝牙设备之间不安全连接的解决方案。
I have used SPP client server mechanism. 我已经使用了SPP客户端服务器机制。
My server is in java. 我的服务器在Java中。 In java add certain parameters to URL. 在Java中,将某些参数添加到URL。 Make authentication= false; 使认证= false; authorize=false;encrypt=false; 授权= FALSE;加密= FALSE; open this URL for connection acceptance. 打开此URL进行连接接受。
//Create a UUID for SPP
UUID uuid=new UUID("0f2b61c18be240e6ab90e735818da0a7", false);
System.out.println("\n"+uuid.toString());
//Create the servicve url
String url="btspp://localhost:"+uuid.toString()+";"+"name=remoteNotifier;authenticate=false;authorize=false;encrypt=false";
//open server url
StreamConnectionNotifier streamConnNotifier = (StreamConnectionNotifier)Connector.open(url);
//Create a UUID for SPP
UUID uuid=new UUID("0f2b61c18be240e6ab90e735818da0a7", false);
System.out.println("\n"+uuid.toString());
//Create the servicve url
String url="btspp://localhost:"+uuid.toString()+";"+"name=remoteNotifier;authenticate=false;authorize=false;encrypt=false";
//open server url
StreamConnectionNotifier streamConnNotifier = (StreamConnectionNotifier)Connector.open(url);
Now on client side: Android API 10 above contains insecure connection method. 现在在客户端:上面的Android API 10包含不安全的连接方法。 "createInsecureRfcommSocketToServiceRecord(UUID)" So use this method for connection. “ createInsecureRfcommSocketToServiceRecord(UUID)”因此,请使用此方法进行连接。 It will not pop up for pairing request adn try to connect with remote Bluetooth device where Java server is already running. 配对请求以及尝试与已在运行Java服务器的远程蓝牙设备连接时,它不会弹出。
Code: 码:
// Set up a pointer to the remote node using it's address.
BluetoothDevice device = mBluetoothAdapter.getRemoteDevice(address);
// Two things are needed to make a connection:
// A MAC address, which we got above.
// A Service ID or UUID. In this case we are using the
// UUID for SPP.
try {
// btSocket = device.createRfcommSocketToServiceRecord(MY_UUID);
btSocket = device.createInsecureRfcommSocketToServiceRecord(MY_UUID);
} catch (IOException e) {
AlertBox("Fatal Error", "In onResume() and socket create failed: " + e.getMessage() + ".");
}
// Discovery is resource intensive. Make sure it isn't going on
// when you attempt to connect and pass your message.
mBluetoothAdapter.cancelDiscovery();
// Establish the connection. This will block until it connects.
try {
btSocket.connect();
out.append("\n...Connection established and data link opened...");
} catch (IOException e) {
try {
btSocket.close();
e.printStackTrace();
} catch (IOException e2) {
e2.printStackTrace();
AlertBox("Fatal Error", "In onResume() and unable to close socket during connection failure" + e2.getMessage() + ".");
}
}
// Create a data stream so we can talk to server.
out.append("\n...Sending message to server...");
try {
outStream = btSocket.getOutputStream();
} catch (IOException e) {
AlertBox("Fatal Error", "In onResume() and output stream creation failed:" + e.getMessage() + ".");
}
// Bitmap bitmap = BitmapFactory.decodeResource(getResources(), R.drawable.android_logo);
// byte[] msgBuffer = getBytesFromBitmap(bitmap);
String message = "Hello from Android.\n";
byte[] msgBuffer = message.getBytes();
try {
outStream.write(msgBuffer);
} catch (IOException e) {
String msg = "In onResume() and an exception occurred during write: " + e.getMessage();
if (address.equals("00:00:00:00:00:00")) {
msg = msg + ".\n\nUpdate your server address from 00:00:00:00:00:00 to the correct address on line 37 in the java code";
msg = msg + ".\n\nCheck that the SPP UUID: " + MY_UUID.toString() + " exists on server.\n\n";
}
// AlertBox("Fatal Error", msg);
}
I have provided only required code. 我只提供了所需的代码。 For connection UUID should be same for both the devices. 对于连接,两个设备的UUID应该相同。
Provide server Bluetooth MAC address at "address" field at client side. 在客户端的“地址”字段中提供服务器蓝牙MAC地址。
We are able to communicate with remote Bluetooth device insecurely (Without pairing). 我们能够与远程蓝牙设备进行不安全的通信(无配对)。
But this code is device dependent... 但是此代码取决于设备...
certain device are able to communicate very efficiently. 某些设备能够非常有效地进行通信。 Like Lenovo laptop, external bluetooth device for PC for Java server AND Android devices DELL venue 7, Sony, LG mobiles for client. 像联想笔记本电脑一样,用于Java服务器的PC的外部蓝牙设备和用于DELL场所7的Android设备DELL索尼,LG移动设备。 Tested and working properly. 经过测试并正常工作。
But in Dell laptop, Micromaxx, xolo mobile it doesn't work. 但是在Dell笔记本电脑,Micromaxx和xolo mobile中,它不起作用。 I don't know why it is not working, If anyone knows please give the solution. 我不知道为什么它不起作用,如果有人知道,请给出解决方案。
解决方案2
0 2014-06-16 20:33:48
For Bluetooth 2.1 and above devices, security is mandatory. 对于Bluetooth 2.1及更高版本的设备,安全性是强制性的。 If you are just trying to avoid the passkey entry/display, you can set the security requirements on the laptop and android device to "MITM protection not required". 如果您只是想避免输入/显示密码,则可以将便携式计算机和android设备上的安全要求设置为“不需要MITM保护”。 This way the devices will pair automatically, but the link would be susceptible to man in the middle attacks. 这样,设备将自动配对,但是在中间攻击中,该链接容易受到人的攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.