AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Zigbee sniffer wireshark3/2/2024 ![]() Putting in the type 23 key reveals some more, but it doesn't seem to clear the picture up in Wireshark as expected. Entering the 0x79 key doesn't seem to do much. Adding it to Wireshark it I could see there are "Transport Key" packets a few minutes later of type 0x79, 0x23. The default Zigbee default global trust center link key is shown in a response packet, but not the network key. Power Source = AC/Mains Power indicates that it is not battery-powered and will always be awake. We can see the device is a "full function device", meaning that it can perform as a router. On Channel 0x14 I was rewarded with an association request, association response, and an APS command containing a key-transfer packet. Then I tried turning a battery off for 30s and back on. There was no halting of communication with the dongle unplugged either, I finally realized the batteries must have continued to transmit even if no one was listening. What I was hoping for was to see the zigbee network security key transmitted unencoded. So, then I tried recording on both channels and disconnected, then reconnected after 15 minutes the zigbee dongle. Then I realized there was a nonce, so that burst that bubble. That was pretty exciting as I started thinking I wouldn't need to decode the data, I could just map it. So, I changed from Savings Mode to Full Saving to see if anything changed and did spot something: First, I noticed that all of the beacon packets on channel 0x19 had the same data. Had some time to conduct a few experiments.
0 Comments
Read More
Leave a Reply. |