1

Can someone point me to a doc or site with information about how to build the encrypted section(s) of a zigbee packet? I'm looking at the output of a zigbee sensor system and I can see where most of the 'data' packets are being produced but there is a section call NWK Payload that is encrypted. I've watched the whole sequence of the connection with the 'base station' and I don't see where any sort of encryption key is being passed.

enter image description here

This shows the section I'm referring to. The packet analyzer has figured out the rest.

Long term goal is to build these packets and use the sensors separately from the 'base station'. To do that I need to be able to replicate the whole communication cycle.

ethrbunny
  • 10,379
  • 9
  • 69
  • 131
  • Zigbee has quite a few different types of encryption schemes depending on the profile the device is using (Home Automation, Smart Energy, etc). Do you know which profile your particular devices are using? – kyork Aug 04 '13 at 05:47
  • I don't know for certain. The docs (such as they are) mention zigbee HA but they are 'translated' - sort of. – ethrbunny Aug 04 '13 at 11:38

2 Answers2

2

In Zigbee there is are two keys used for encryption: the Link Key and the Network Key. The Link Key is used during the network association process, and the Network Key is used to encrypt all traffic once the device is "associated" (also referred to as "joined") to the network.

If the device is HA (Home Automation), the security handshake goes something like:

  1. Joining Device sends Association Request to the Trust Center (usually address 0x000)
  2. Trust Center responds to joining device with a NWK Key packet. The contents of this packet are encrypted using the well know Home Automation Link Key.

You should be able to decrypt the NWK Key packet if you know the Link Key. I'm pretty sure I can't post the key (sorry), but you can probably find it online.

As for the actual encryption algorithm, that's defined in the main Zigbee Specification, which I believe you have to be a member to gain access too. There are a few open source Zigbee stacks though ZBoss and FreakZ.

You might also look at Wireshark, I believe they have a decent Zigbee packet decoder though I haven't used it personally.

kyork
  • 713
  • 5
  • 14
1

We use here the Perytons sniffer (http://www.perytons.com).

They have an Add-On with which you can create, edit and transmit messages (in parallel of doing the capture). We also use the add-on for "constructing" the ZigBee packets and encrypt it based on what you need so you can consider using it for debugging your encryption process.

They have a 30 days free evaluation with some of the TG Add-On options enabled ;-). Hope this helps.

AviDrugi
  • 21
  • 1