• State Verified Answer
  • Replies 11 replies
  • Subscribers 75 subscribers
  • Views 1346 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 326486
Options

Unable to decrypt Zigbee Shell traffic in Wireshark

Wayne

Hi,

I'm using nRF Connect v2.6.2 with Wireshark (3.6) and it is setup with the nRF sniffer + Nordic network keys configured.

I can decrypt packets from another Zigbee network (Pi + SkyConnect based using the added Home Assistant network key)

I have performed a full flash erase before flashing the shell firmware on my nrf52840.

The command sequence I'm using is as follows (it is/should be re-using the Nordic example network key already configured in Wireshark):

```

bdb start
bdb factory_reset

# nRF HW Reset at this point and reconnect to shell cli

nvram disable
bdb nwkkey abcdef01234567890000000000000000
nvram enable


bdb role zc
bdb start

```

At this point any packets appearing in Wireshark are never decrypted.  

Is anyone able to help point out what steps I have missed or am I doing wrong?

Thank you,

Wayne

Parents
  • 0

    Hi Wayne,

    Can you explain why you are starting the network, factory resetting the device, and disabling/enabling NVRAM before starting the network again?

    Are you able to decrypt the packets if you simply configure the network key, configure the device as coordinator, and then start the network?

    bdb nwkkey abcdef01234567890000000000000000
    bdb role zc
    bdb start

    Best regards,
    Marte

  • 0 in reply to Marte Myrvold

    Hi Marte,

    The factory reset and nvram commands are there because I wanted a standalone end-to-end test case, as I was getting:

    ```

    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Zigbee stack has been configured in the past.
    Please disable NVRAM to change the preconfigured network key.
    Error: Can't change NWK key - NVRAM not empty

    ```

    and also

    ```

    uart:~$ nvram disable

    Error: Stack already started

    ```

    So wanted the NVRAM to be cleared without having to erase the entire flash every time I ran a test.

    Prior to trying out the steps you've suggested I've performed a 'recovery' and 'erase' flash but the result is the packets remain encrypted in Wireshark, log: 

    ```

    *** Booting nRF Connect SDK v3.5.99-ncs1-1 ***
    [00:00:00.014,739] <inf> app: Starting Zigbee shell application
    [00:00:00.014,984] <inf> app: Zigbee shell application started
    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Done
    uart:~$ bdb role zc
    Zigbee shell does not erase the NVRAM between reboots, but is not aware of the previously configured role.
    Remember to set the coordinator role after rebooting the device.
    Coordinator set
    Done
    uart:~$ bdb start
    Started coordinator
    Done
    [00:00:07.212,860] <inf> zigbee_app_utils: Production configuration is not present or invalid (status: -1)
    [00:00:07.213,409] <inf> zigbee_app_utils: Zigbee stack initialized
    [00:00:07.219,604] <inf> zigbee_app_utils: Device started for the first time
    [00:00:07.219,635] <inf> zigbee_app_utils: Start network formation
    [00:00:07.755,767] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:07.758,148] <inf> zigbee_app_utils: Network formed successfully, start network steering (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)
    [00:00:08.221,771] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:08.224,761] <inf> zigbee_app_utils: Joined network successfully (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)

    ```

    Thanks

    Wayne

Reply
  • 0 in reply to Marte Myrvold

    Hi Marte,

    The factory reset and nvram commands are there because I wanted a standalone end-to-end test case, as I was getting:

    ```

    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Zigbee stack has been configured in the past.
    Please disable NVRAM to change the preconfigured network key.
    Error: Can't change NWK key - NVRAM not empty

    ```

    and also

    ```

    uart:~$ nvram disable

    Error: Stack already started

    ```

    So wanted the NVRAM to be cleared without having to erase the entire flash every time I ran a test.

    Prior to trying out the steps you've suggested I've performed a 'recovery' and 'erase' flash but the result is the packets remain encrypted in Wireshark, log: 

    ```

    *** Booting nRF Connect SDK v3.5.99-ncs1-1 ***
    [00:00:00.014,739] <inf> app: Starting Zigbee shell application
    [00:00:00.014,984] <inf> app: Zigbee shell application started
    uart:~$ bdb nwkkey abcdef01234567890000000000000000
    Done
    uart:~$ bdb role zc
    Zigbee shell does not erase the NVRAM between reboots, but is not aware of the previously configured role.
    Remember to set the coordinator role after rebooting the device.
    Coordinator set
    Done
    uart:~$ bdb start
    Started coordinator
    Done
    [00:00:07.212,860] <inf> zigbee_app_utils: Production configuration is not present or invalid (status: -1)
    [00:00:07.213,409] <inf> zigbee_app_utils: Zigbee stack initialized
    [00:00:07.219,604] <inf> zigbee_app_utils: Device started for the first time
    [00:00:07.219,635] <inf> zigbee_app_utils: Start network formation
    [00:00:07.755,767] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:07.758,148] <inf> zigbee_app_utils: Network formed successfully, start network steering (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)
    [00:00:08.221,771] <inf> zigbee_app_utils: Unimplemented signal (signal: 54, status: 0)
    [00:00:08.224,761] <inf> zigbee_app_utils: Joined network successfully (Extended PAN ID: f4ce363f302b9946, PAN ID: 0x8e64)

    ```

    Thanks

    Wayne

Children
No Data
Related
Terms of service