• State Verified Answer
  • Replies 11 replies
  • Subscribers 64 subscribers
  • Views 208 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 326486
Options

Unable to decrypt Zigbee Shell traffic in Wireshark

Wayne

Hi,

I'm using nRF Connect v2.6.2 with Wireshark (3.6) and it is setup with the nRF sniffer + Nordic network keys configured.

I can decrypt packets from another Zigbee network (Pi + SkyConnect based using the added Home Assistant network key)

I have performed a full flash erase before flashing the shell firmware on my nrf52840.

The command sequence I'm using is as follows (it is/should be re-using the Nordic example network key already configured in Wireshark):

```

bdb start
bdb factory_reset

# nRF HW Reset at this point and reconnect to shell cli

nvram disable
bdb nwkkey abcdef01234567890000000000000000
nvram enable


bdb role zc
bdb start

```

At this point any packets appearing in Wireshark are never decrypted.  

Is anyone able to help point out what steps I have missed or am I doing wrong?

Thank you,

Wayne

  • 0

    Hi Wayne,

    Can you explain why you are starting the network, factory resetting the device, and disabling/enabling NVRAM before starting the network again?

    Are you able to decrypt the packets if you simply configure the network key, configure the device as coordinator, and then start the network?

    bdb nwkkey abcdef01234567890000000000000000
    bdb role zc
    bdb start

    Best regards,
    Marte

  • 0 in reply to Marte Myrvold

    Hi Marte,

    The factory reset and nvram commands are there because I wanted a standalone end-to-end test case, as I was getting:

    ```

    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Zigbee stack has been configured in the past.
    Please disable NVRAM to change the preconfigured network key.
    Error: Can't change NWK key - NVRAM not empty

    ```

    and also

    ```

    uart:~$ nvram disable

    Error: Stack already started

    ```

    So wanted the NVRAM to be cleared without having to erase the entire flash every time I ran a test.

    Prior to trying out the steps you've suggested I've performed a 'recovery' and 'erase' flash but the result is the packets remain encrypted in Wireshark, log: 

    ```

    *** Booting nRF Connect SDK v3.5.99-ncs1-1 ***
    [00:00:00.014,739] <inf> app: Starting Zigbee shell application
    [00:00:00.014,984] <inf> app: Zigbee shell application started
    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Done
    uart:~$ bdb role zc
    Zigbee shell does not erase the NVRAM between reboots, but is not aware of the previously configured role.
    Remember to set the coordinator role after rebooting the device.
    Coordinator set
    Done
    uart:~$ bdb start
    Started coordinator
    Done
    [00:00:07.212,860] <inf> zigbee_app_utils: Production configuration is not present or invalid (status: -1)
    [00:00:07.213,409] <inf> zigbee_app_utils: Zigbee stack initialized
    [00:00:07.219,604] <inf> zigbee_app_utils: Device started for the first time
    [00:00:07.219,635] <inf> zigbee_app_utils: Start network formation
    [00:00:07.755,767] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:07.758,148] <inf> zigbee_app_utils: Network formed successfully, start network steering (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)
    [00:00:08.221,771] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:08.224,761] <inf> zigbee_app_utils: Joined network successfully (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)

    ```

    Thanks

    Wayne

  • 0 in reply to Marte Myrvold

    Hi,

    I've also tried setting the network key in the shell main.c hoping this would be the default key instead of any randomly assigned one:

    int main(void)
    {
    LOG_INF("Starting Zigbee shell application");
     
    ...
    uint8_t network_key[ZB_CCM_KEY_SIZE] = {0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
    zb_secur_setup_nwk_key(network_key,0);

    LOG_INF("Zigbee shell application started");

    return 0;
    }

    Although this doesn't work either, but it's not clear to me that this actually takes effect and is not overwritten by any other zigbee startup code.

    All the best

    Wayne

  • 0 in reply to Wayne

    Hi Wayne,

    Can you upload your sniffer log here as a pcap file, as well as a screenshot of your pre-configured keys in Wireshark?

    Best regards,
    Marte

  • 0 in reply to Marte Myrvold

    Hi Marte,

    Please find attached a log of issuing a light toggle command a few times. (zcl cmd 0x7be2 1 0x0006 0x02)

    I've also tried setting the network key to that of the HomeAssistant one (the Home Assistant network is off), but it still doesn't decrypt.  EDIT: Just to be clear the key being used for the attached log is the 'Nordic Examples' key.

    Thanks

    Wayne

    toggle_light.pcapng.zip zigbee_pc_keys.zip

Related