BTmesh dissector not decrypting
Hi,
What follows concerns the latest (at the moment of writing) committed dev version of Wireshark (May 23rd 2019 - wireshark-3.1.0rc0-856-gd36b72e6b881).
I downloaded the source code and compiled it under Ubuntu 18.04 LTS.
I have some captures of Bluetooth Mesh packets as pcap files. The protocol is recognized by Wireshark. I've added the relevant NetKey, AppKey and IVindex to the keys table under btmesh protocol preferences. I'm confident that those entries are the right ones, since I can decrypt the packets with a Python script. But when it comes to Wireshark, nothing changes after entering the keys. The mesh data remains obfuscated and encrypted, and therefore cannot be dissected.
Has anyone already been able to use this generic dissector? Decryption and dissection? I know it is still under development but I just want to know if there are any results so far.
Thanks a lot.
What I get:
Bluetooth Low Energy Link Layer
Bluetooth Mesh
Network PDU
0... .... = IVI: 0
.001 1011 = NID: 27
Obfuscated: 777a1cd0111f
Encrypted data and NetMIC: 5dbe26a7fca2f630704c1e4f3b08a99d3bc22c93f29f
Have you ensured support for Gcrypt is compiled in? What does the Help -> About Wireshark > Wireshark dialog show (tshark -v shows the same info)?
Thanks for your fast reply. As requested:
(more)As the "running" output shows it managed to load Gcrypt, I suspect you're OK from that issue. You are missing GnuTLS, but I don't think that's involved for BT Mesh.
There are some sample captures for BT Mesh at https://bugs.wireshark.org/bugzilla/s..., you could try those and see if they decrypt.
Tested with all the sample captures with the relevant keys, I get the same behaviour. The data remains encrypted.
I can't make them work either. I think you'll have to raise a bug at the Wireshark Bugzilla.