Ask Your Question
0

How to decrypt zigbee traffic?

asked 2018-01-13 16:21:55 +0000

spe2l gravatar image

updated 2018-01-13 16:32:59 +0000

Hi, I'm trying to decrypt zigbee packets. I used the file zigbee-join-authenticate.pcap.gz from https://wiki.wireshark.org/SampleCapt... and entered the Zigbee network key to the Zigbee, Protocol settings Zigbee --> AES-128 Encryption, 32-bit Integrity Protection Network Key: 39:30:65:63:6E:61:69:6C:6C:41:65:65:42:67:69:5A

The procedure and solution is more or less decribed already in 2011: https://www.wireshark.org/lists/wires...

However, it does not work for me. I would expect to see some kind of key exchang in packet 21, but that data still seems to be encrypted. I'm using WireShark Version 2.4.3 (Git v2.4.3 packaged as 2.4.3-1).

Are there additional steps to take?

edit retag flag offensive close merge delete

Comments

Were you successful with the capture? By the looks of the traffic to this posting a lot of other people (myself included) are having the same problem.

Larry gravatar imageLarry ( 2018-10-20 02:48:01 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-08 20:10:40 +0000

cmaynard gravatar image

Did you try with "ZigBeeAlliance09" instead? Or try reversing the bytes to 5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39, since they're in the wrong order.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-01-13 16:21:55 +0000

Seen: 7,528 times

Last updated: Oct 20 '18