Wireshark mailing list archives
Help with Zigbee decryption
From: Joe Desbonnet <joe () galway net>
Date: Fri, 14 Jan 2011 00:38:40 +0000
I'm attempting to sniff and decrypt packets in home automation equipment which is supposed to be setup with encryption key "ZigBeeAlliance09". I've entered ZigBeeAlliance09 as a string in the "Network Key" field in Edit -> Preferences -> Protocols -> Zigbee NWK however the UI does not seem to be acting on it. In the packet view under Zigbee Security Header I have a collapsible node: [Expert Info (Warn/Undecoded): Encrypted Payload] [Message: Encrypted Payload] [Severity level: warn] [Group: Undecoded] Then the Data node just lists the data from the packet verbatim (no decryption). What must I do to decrypt this payload? I've tried other random strings for the key and it makes no difference. It doesn't seem to be trying to decrypt. To reproduce my problem see the pcap capture file here: http://www.mail-archive.com/wireshark-bugs () wireshark org/msg24773.html (file bug5331_test.pcap). The text of the bug implies it uses the same key (ZigBeeAlliance09). Look at the first packet. The payload is two bytes 0xb9 0x06 (encrypted). I cannot find any way view the decrypted packet. I'm using the standard Ubuntu package (version 1.2.7) and I also tried the latest version 1.4.3. Any pointers or suggestions would be greatly appreciated. Thanks in advance, Joe. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Help with Zigbee decryption Joe Desbonnet (Jan 13)