How to decrypt zigbee traffic?

asked 2018-01-13 16:21:55 +0000

spe2l gravatar image

updated 2018-01-13 16:32:59 +0000

Hi, I'm trying to decrypt zigbee packets. I used the file zigbee-join-authenticate.pcap.gz from and entered the Zigbee network key to the Zigbee, Protocol settings Zigbee --> AES-128 Encryption, 32-bit Integrity Protection Network Key: 39:30:65:63:6E:61:69:6C:6C:41:65:65:42:67:69:5A

The procedure and solution is more or less decribed already in 2011:

However, it does not work for me. I would expect to see some kind of key exchang in packet 21, but that data still seems to be encrypted. I'm using WireShark Version 2.4.3 (Git v2.4.3 packaged as 2.4.3-1).

Are there additional steps to take?

edit retag flag offensive close merge delete