Hi,
What follows concerns the latest (at the moment of writing) committed dev version of Wireshark (May 23rd 2019 - wireshark-3.1.0rc0-856-gd36b72e6b881).
I downloaded the source code and compiled it under Ubuntu 18.04 LTS.
I have some captures of Bluetooth Mesh packets as pcap files. The protocol is recognized by Wireshark. I've added the relevant NetKey, AppKey and IVindex to the keys table under btmesh protocol preferences. I'm confident that those entries are the right ones, since I can decrypt the packets with a Python script. But when it comes to Wireshark, nothing changes after entering the keys. The mesh data remains obfuscated and encrypted, and therefore cannot be dissected.
Has anyone already been able to use this generic dissector? Decryption and dissection? I know it is still under development but I just want to know if there are any results so far.
Thanks a lot.
What I get:
Bluetooth Low Energy Link Layer
Bluetooth Mesh
Network PDU
0... .... = IVI: 0
.001 1011 = NID: 27
Obfuscated: 777a1cd0111f
Encrypted data and NetMIC: 5dbe26a7fca2f630704c1e4f3b08a99d3bc22c93f29f