When I wrote zbdsniff, I wanted it to work like the classic Dug Song dsniff tool: read a pcap, and extract plaintext keys. When @SteveJM converted zbdsniff to Scapy in 61fbf5f3bf104132c665c1aeec34598e1c7d2ed3, we got a much simpler tool with a lot more extensibility since we can rely on Scapy decoding. However, in the process we lost the ability to extract transport keys sent in plaintext during device provisioning.
@SteveJM's changes added new capability to decrypt traffic and identify upper-layer keys, but require a key to be specified as a command line argument. This PR retains this functionality, and restores the ability to extract transport keys sent in unencrypted APS messages. If a key is not specified on the command line, then the APS decryption functionality @SteveJM added is skipped, but the extraction of transport keys will still work.
My implementation is a little inefficient, since it requires parsing all packets for each key recovery routine, but I figure this is not a huge problem for the typically small pcaps we work with in 802.15.4. Also, my bytestohex() function might better belong in a utils package; I added it just because list comprehension was getting annoying to convert bytes to he:xs:tr:in:gs.
When I wrote
zbdsniff
, I wanted it to work like the classic Dug Songdsniff
tool: read a pcap, and extract plaintext keys. When @SteveJM convertedzbdsniff
to Scapy in 61fbf5f3bf104132c665c1aeec34598e1c7d2ed3, we got a much simpler tool with a lot more extensibility since we can rely on Scapy decoding. However, in the process we lost the ability to extract transport keys sent in plaintext during device provisioning.@SteveJM's changes added new capability to decrypt traffic and identify upper-layer keys, but require a key to be specified as a command line argument. This PR retains this functionality, and restores the ability to extract transport keys sent in unencrypted APS messages. If a key is not specified on the command line, then the APS decryption functionality @SteveJM added is skipped, but the extraction of transport keys will still work.
My implementation is a little inefficient, since it requires parsing all packets for each key recovery routine, but I figure this is not a huge problem for the typically small pcaps we work with in 802.15.4. Also, my
bytestohex()
function might better belong in autils
package; I added it just because list comprehension was getting annoying to convert bytes to he:xs:tr:in:gs.Thanks!
-Josh