Android 蓝牙连接安全不安全 [英] Android Bluetooth Connection Secure Insecure

问题描述

我一直在使用适用于 Android 2.2(API 级别 8，HTC Desire)的蓝牙 API，并且有一个应用程序使用以下方式连接到嵌入式蓝牙设备:

I have been playing around with the bluetooth API for Android 2.2 (API level 8, HTC Desire) and had an app connecting to an embedded Bluetooth device using:

device.createRfcommSocketToServiceRecord(DEV_UUID);

这按预期生成了一个配对请求，但是为了简化连接过程，我希望在配对时避免用户交互，因此我将其移至 API 级别 10(HTC Desire 与 CyanogenMod 7)，以便我可以使用:

This generated a pairing request as expected, however to streamline the connection process I wanted to avoid the user interaction when pairing so moved to API level 10 (HTC Desire with CyanogenMod 7) so I could use:

 device.createInsecureRfcommSocketToServiceRecord(DEV_UUID);

在测试时这也可以按预期工作(在不提示用户配对的情况下进行连接)，但是当我尝试在 API 级别 10 下创建安全的 RfcommSocket 时，就像以前使用 2.2 一样，我收到连接被拒绝异常...

When testing this also works as expected (connecting without prompting the user to pair), however when I try to create the secure RfcommSocket under API level 10 as before with 2.2 I get a connection refused exception...

 java.io.IOException: Connection refused
    at android.bluetooth.BluetoothSocket.connectNative(Native Method)
    at android.bluetooth.BluetoothSocket.connect(BluetoothSocket.java:204)

据我所知，这应该仍然以相同的方式工作，提示用户配对?

As far as I can tell this should still work in the same way, prompting the user to pair?

刚刚使用以下代码再次尝试，结果是相同的(适用于不安全但不适用于安全)，我将尝试使用库存 2.3 设备进行测试.

Just tried again using the following code and the outcome is the same (working for insecure but not for secure), I will try and get my hands on a stock 2.3 device to test on.

        try {
            Method m = dev.getClass().getMethod("createInsecureRfcommSocketToServiceRecord", new Class[] { UUID.class } );
            BluetoothSocket bs = (BluetoothSocket)m.invoke(dev, devUUID);
            Log.d("TEST", "Method Invoked");
            bs.connect();
            Log.d("TEST", "Connected to socket");
            bs.close();
            Log.d("TEST", "Closed Socket");
        }

推荐答案

在我的应用中寻找类似问题的解决方案时，我从 code.google.com 找到了这个博客

While looking for the solution of similar problem in my app, I have found this blog from code.google.com

它将帮助所有仍在寻找此问题解决方案的人

It will help all those who are still looking for this problem solution on SO

http://mobisocial.stanford.edu/news/2011/03/bluetooth-reflection-and-legacy-nfc/(链接失效了)

解决方案现在变得非常简单.只需在您的项目中包含 InsecureBluetooth.java 并在 BluetoothChatService.java 中更改 2 行.

The solution has become very simple now. Just include InsecureBluetooth.java in your project and change 2 lines in BluetoothChatService.java.

tmp = InsecureBluetooth.listenUsingRfcommWithServiceRecord(mAdapter, NAME, MY_UUID, true);

和

tmp   = InsecureBluetooth.createRfcommSocketToServiceRecord(device, MY_UUID, true);

就是这样！

这篇关于Android 蓝牙连接安全不安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！