Device identifiers

Mobile secret

As mentioned above under Data matrix sticker, every Particle device with BLE capabilities also has a mobile secret. This is to make sure the communication between a mobile app and the device over BLE is secure. This is used as part of the handshake process to prevent a nearby BLE device from being able to sniff or spoof communications. In classroom or hackathon situations where there are a large number of devices in close proximity, the combination of the serial number sticker and mobile secret also assures that he user configures the correct device.

The mobile secret is 15 ASCII characters in length (HAL_DEVICE_SECRET_SIZE).

To get the mobile secret from device firmware:

char mobileSecret[HAL_DEVICE_SECRET_SIZE + 1] = {0};
int ret = hal_get_device_secret(mobileSecret, HAL_DEVICE_SECRET_SIZE, nullptr);
if (ret == SYSTEM_ERROR_NONE) {
  // Success

HAL_DEVICE_SECRET_SIZE is currently 15. Note that mobileSecret is not null terminated by hal_get_device_secret but is by the example code by making the buffer 1 byte larger and zero initializing it.

You can override the mobile secret. One reason you would do this is to hardcode the same mobile secret across your whole product to simplify the BLE provisioning process by eliminating the need to scan a device-specific mobile secret. This will reduce the security of the BLE setup process, but may be an acceptable tradeoff in some circumstances. If you override the mobile secret you will not be able to use the Particle mobile apps or other tools designed to use the mobile secret encoded in the data matrix sticker.

// Override the mobile secret used for BLE provisioning
char arr[HAL_DEVICE_SECRET_SIZE] = {};
memcpy(arr, "0123456789abcde", HAL_DEVICE_SECRET_SIZE);
hal_set_device_secret(arr, sizeof(arr), nullptr);

To restore the default mobile secret:

// Restore the default mobile secret (on the sticker)

The mobile secret is available by the Particle cloud API get device information in the mobile_secret field. Overriding the mobile secret locally using hal_set_device_secret does not affect the value stored in the cloud.