Hey TI Community,
i am using a CC2531 USB dongle flashed with "MACcoP-cc2531.hex" firmware image, flashed via CC Debugger and a suited Coordinator, to get the possibility to send out messages.
My intention is: I want to send out AES CCM encrypted Messages and want to find them on a Wireshark sniffer. I tried several things, but it did not work properly. It seems to me that the encryption part in this Firmware refers to a point, which is really strange. As soon as this function is accessed, it automatically drops the security parameters.
in zmac.c you can find :
uint8 ZMacDataReq( ZMacDataReq_t *pData )
{
return ZMacDataReqSec( pData, NULL );
}
My pData contains the information I want to send. First of all i started to send an unencrypted package which looked like this one :
uint8 pBufMeasurementsFirst[47] = {
0x2C, 0x22, 0x05, // 3 Byte.
0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x35, // . 11byte
0x03, 0x00, 0x01, 0x0f, 0xff, // 5 Byte // src 16 bit / handle 01 / txo 80 / cn 15 / pwr - ff
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 11 Byte. // key source
0x10, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef}; // 17 Byte len + data
MT_MacDataReq(pBufMeasurementsFirst);}
Using the content above everything worked fine and sniffing via Wireshark was able to show, that four times "deadbeef" was sent.
In the next step i wanted to encrypt this by using this package:
uint8 pBufMeasurementsFirst[47] = {
0x2C, 0x22, 0x05, // 3 Byte.
0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x35, // 11byte
0x03, 0x00, 0x01, 0x0f, 0xff, // 5 Byte // src 16 bit / handle 01 / txo 80 / cn 15 / pwr - ff
0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x04, 0x01, 0x00, // 11 Byte. // key source
0x10, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef}; // 1+16 Byte
MT_MacDataReq(pBufMeasurementsFirst);
}
Before i used the above mentioned "encyrpted package" I initalized the following :
uint8 initKeyTable[5] = {0x02, 0x22, 0x31, 0x61, 0x00};
MT_MacSecuritySetReq(initKeyTable);
AND
uint8 Write_Key[36] = {0x21, 0x22, 0x34, //3byte
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //16 Byte
0x00, 0x00, 0x00, 0x00, // 4 Byte
0x00, 0x01, // 2 Byte
0x01, 0x09, 0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33, 0x03}; // 11 Byte
MT_MacWriteKey(Write_Key);
The encrypted package is not sent. I cannot find it - after the establishing of the connection of course - anywhere on Wireshark. The unencrypted is allways shown there.
Has anyone any idea how to send the encrypted message? Or could someone help me with an example encrypted MT_MacDataReq ? I cannot find the mistake. In addition to that i am not able to understand why ZMacDataReqSec allways (and only) gets the SecParameters "NULL".
I hope I gave you all the neccessary information, if u need further details i can soon add them. It would be very great if someone might give me a hint.
Thank you,
Chris