I got a home automation system with a gateway and a powerplug device that I like to analyse. My setup is the ApiMote v4 with an external antenna and the newest killerbee version installed on ubuntu 20.04. The ApiMote and both devices are about 2 meters apart.
zbdsniff
If I run
sudo python3 ./zbdsniff -f testfile.pcap -k 5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39
it returns
Processing testfile.pcap
./zbdsniff:34: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
keyHash = sec_key_hash(key, '\0')
Traceback (most recent call last):
File "./zbdsniff", line 111, in <module>
sniffNetworkKey(pkts, options.transportKey, options.verbose)
File "./zbdsniff", line 34, in sniffNetworkKey
keyHash = sec_key_hash(key, '\0')
TypeError: argument 2 must be a byte string of length 1, not str
which I seemed to fix if I force the string to a byte in line 34
34 keyHash = sec_key_hash(key, b'\0')
It still gives out the warning, but processes.
zbassocflood
When I use
sudo python3 ./zbassocflood -c 15 -p afb1
it returns
zbassocflood: Transmitting and receiving on interface '/dev/ttyUSB0'
Traceback (most recent call last):
File "./zbassocflood", line 153, in <module>
assocreqinj = b''.join(assocreqp)
TypeError: sequence item 0: expected a bytes-like object, str found
which could be solved with the help of #259, but then I receive the error
zbassocflood: Transmitting and receiving on interface '/dev/ttyUSB0'
ERROR: Unable to inject packet
string argument without an encoding
Passing the PAN ID argument in 0xafb1 format does not help. I can't find out where this encoding error lies. Can anyone else relate to this?
zbstumbler
zbstumbler sends frames but almost never receives any. Only if I send data over the network while stumbler is in the right channel it returns
Transmitting beacon request.
# DEBUG b'Clearing overflow'
Received frame.
Received frame is not a beacon (FCF=b'a\x88').
Might a faster USB interface (3.0) solve the overflow issue? Since I read it happens because my host can't handle the frames fast enough.
if I run zbwireshark I do get frames detected. Some of them have the bad FCS flag. There are six wifi networks here, three of them have strong signals. I will try my setup in a quieter environment tomorrow, maybe that will help with malformed packets.
However I never see a key exchange after I factory reset the gateway and device and pair them again. The Gateway and the device are from two different manufacturers and I did not enter any PIN in the device during setup, so I assume the key exchange happens with the standard TC link key? Won't a factory reset also delete known network keys? See the pcap file attached.
Zigbee_Pairing_after_factoryReset.zip
Maybe someone has good ressources for the "Symmetric-Key Key Establishement Protocol", since I don't understand how the network key is securely established if the standard link key is known.
Hello community,
I got a home automation system with a gateway and a powerplug device that I like to analyse. My setup is the ApiMote v4 with an external antenna and the newest killerbee version installed on ubuntu 20.04. The ApiMote and both devices are about 2 meters apart.
zbdsniff
If I run
sudo python3 ./zbdsniff -f testfile.pcap -k 5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39
it returnswhich I seemed to fix if I force the string to a byte in line 34
It still gives out the warning, but processes.
zbassocflood
When I use
sudo python3 ./zbassocflood -c 15 -p afb1
it returnswhich could be solved with the help of #259, but then I receive the error
Passing the PAN ID argument in 0xafb1 format does not help. I can't find out where this encoding error lies. Can anyone else relate to this?
zbstumbler
zbstumbler sends frames but almost never receives any. Only if I send data over the network while stumbler is in the right channel it returns
Might a faster USB interface (3.0) solve the overflow issue? Since I read it happens because my host can't handle the frames fast enough.
if I run zbwireshark I do get frames detected. Some of them have the bad FCS flag. There are six wifi networks here, three of them have strong signals. I will try my setup in a quieter environment tomorrow, maybe that will help with malformed packets. However I never see a key exchange after I factory reset the gateway and device and pair them again. The Gateway and the device are from two different manufacturers and I did not enter any PIN in the device during setup, so I assume the key exchange happens with the standard TC link key? Won't a factory reset also delete known network keys? See the pcap file attached. Zigbee_Pairing_after_factoryReset.zip
Maybe someone has good ressources for the "Symmetric-Key Key Establishement Protocol", since I don't understand how the network key is securely established if the standard link key is known.
Thank you for your support, Shaq