• Hi,

    I'm working on making an existing keyboard mouse combo (https://www.tindie.com/products/arturo18­2/bb-q20-keyboard-with-trackpad-usbi2cpm­od/) available via bluetooth using the MDBT breakout board. It's working quite well so far, and it was easy and fun to implement right inside the IDE, which always keeps me coming back to Espruino. It's the original promise well served.

    (the combo minified module might be broken, not sure though, I now use the non-minified one)

    Now, I wonder though, what security setting I should use to have a professional and secure solution.
    I saw the encryption settings, mitm etc, but the default seems to be "off" and I wonder why that is and what I should use. Bit lost here.

    Also I found that the device is not recognised as a potential keyboard when it comes to the icon displayed by the host (generic BT icon instead of a keyboard). Anything I can do about that?

    Thanks in advance
    Stev

  • the default seems to be "off" and I wonder why that is

    It's because at least initially it made it harder to connect sometimes - and for everyone that has a connection error that's one more person not having it work out of the box and asking for support :)

    the combo minified module might be broken

    You mean this? https://www.espruino.com/BLE+Keyboard#co­mbination

    If it is, can you let me know for sure and what's wrong/what error you get and I'll look into it?

    I'm not sure what you can do about the icon - I think if you're just a keyboard it'll work ok? So it might just be a side-effect of it trying to do two things at once.

    In terms of security, I'd have said that NRF.setSecurity({passkey:"123456", mitm:1, display:1}); would be a good start, which should force the requirement for a secure connection. You'd probably also want to turn the UART service off completely

  • Hey Gordon,

    Thanks. I'll try these settings and will report (I guess I should drill a hole for the (reset)button as the first measure).

    For the combo.js (yes, the one you linked) I got errors with a simple require (that the IDE would fetch) but things would work fine if I used the full URL to the unminified version and let the IDE do the minification. Great that this works that easy.
    So I suspected the minified version to have a problem, and looking at a few points inside the minified code it looks like there were some jumps or repetitions that make the code invalid. Though you never know what magical obfuscation might be at work.

    What's the current recommended way to disable the UART? Since I still need to update the code now and then: To get it back I would have to implement my own switch, or would flashing new code still work and just the interactive console would be disabled? If so, can I disable reflashing-without-DFU in the end?

    Nice to just pick up Espruino after a few years and it just works. An important point for the whole concept of Espruino. I know other frameworks that would need you to either keep up with their development the whole time (which is the opposite of tinkering) or relive the whole toolchain learning curve every time.

    -Stev

  • Ok, I just spotted a few issues which I've fixed, so hopefully it'll be fine now. The closure minifier was inlining a function and had added a label/break-to-label, which is something Espruino doesn't support.

    What's the current recommended way to disable the UART?

    Best bet is https://www.espruino.com/BLE+Security#di­sable-the-ble-uart - and there's some code to re-add it after a button press. But... if you apply power while holding BTN1 down then unless you uploaded as 'flash, even after reset' the board won't load the saved code and you'll be ok to connect anyway.

  • The closure minifier was inlining a function and had added a label/break-to-label

    Cool. That explains the "jump" I spotted in the minification. Didn't think of a label in js.

    Best bet is https://www.espruino.com/BLE+Security#di­sable-the-ble-uart

    Ah. nice. The perfect page for my all questions above (that I could have found myself :)) Thanks.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

HID Keyboard security settings / encryption and HID identifier

Posted by Avatar for Stev @Stev

Actions