802.15.4-2003 secure CCM decryption

asked 2021-08-19 15:58:03 +0000

isak gravatar image


I'm trying to decode a secure 802.15.4 packet. The packet is encrypted with AES-CCM-32 (802.15.4-2003). They key is an all zeros vector (0000....) Entered this key in the "decryption keys" window, with index 0 and "No hash". when receiving a secure packet, I get a "Expert Info (Warning/Undecoded): No encryption key set - can't decrypt" message The decoded frame counter, sequence number and the MIC are decoded correctly. It also seems that Wireshark does try to do some sort of decoding, as it displays the "Data" field with the correct size, but with a "garbaged" data (not the one that's in the packet). Am I doing something wrong?

Thanks, Isak.

edit retag flag offensive close merge delete


There is a pcap attached to Wireshark crashes during IEEE 802.15.4 decryption and key in the comments.
Try them to see that a known good can be decrypted.

Chuckc gravatar imageChuckc ( 2021-08-19 18:26:33 +0000 )edit