ZigBee Packet Sniffers and Security Models

nedim teklik

Expert 1950 points

Other Parts Discussed in Thread: CC2650, CC2531, Z-STACK, CC2650STK

Hello,

I am using Wireshark&TiWsPc and Wireshark&KillerBee to sniff ZigBee frames so in this scenario;

I need to understand

1-how the sniffers get Network Key (and-or also who),

2-how the sniffer decrypt the frames? Or 2-Who decrypts frames?

There are BBB as the gateway(Linux gw home design),cc2650 as sensor tag in my ZigBee network topology.

3-Which of these models(Distributed Security Model, Centralized Security Model) does have my network?

over 6 years ago

0 Ryan Brown1 over 6 years ago

TI__Guru**** 217527 points

Hello nedim,

You will have to contact Wireshark support for more information on how their sniffer software operates. The CC2531 BBB gateway is a Centralized Security Model.

Regards,
Ryan

0 YiKai Chen over 6 years ago

Guru 735685 points

1. When device joins to trust center (usually is Coordinator), trust center will send network key which is encrypted by TC link key and Wireshark will capture it.
2. I believe Wireshark implementation decryption algorithm and parser according to Zigbee spec.

0 nedim teklik over 6 years ago in reply to Ryan Brown1

Expert 1950 points

The CC2531 BBB gateway is a Centralized Security Model! Thanks a lot for your response.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

Can´t we change TC Link Key then our network will be secure thanks to that and no one will be able to decrypt our frames. And in the source code where does TC Link Key stay? Ryan Brown1

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Yes, you can change TC Link Key but that will make your GW and devices won't be compatible to 3rd party GW and devices. TC Link Key in Z-Stack is defined by DEFAULT_TC_LINK_KEY in nwk_globals.h.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

In order to join a network, devices have to have-know network key, link key or both? So even end devices have-know network key and link key?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

By using Trust center, a new device only need well-known Zigbee TC link key to join any Zigbee trust center network running with well-known TC link key.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

1-So, if I change TC Link Key on BBB to prevent my network against easy and malicious sniff, then my sensortag(cc2650) will not be able to join to BBB(coordinator) and network! Right?
2-Is it possible to change TC Link Key on BBB and ALSO sensortag ---otherwise as I asked maybe it is not possible for sensortag to join to the network-coordinator---.And I can keep my network secure and sensortag will be able to join to network.

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

1.Yes
2. Yes

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

How can I change TC Link Key on sensor tag (cc2650stk)? I am using two hex files from Ti for cc2650. Is there any source code or C files for that to change it? Or basically, how can I change it?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Search DEFAULT_TC_LINK_KEY in sensor tag example ZStackCore project and you will find where to change it.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

My ZStackCore file is a hex file. I have attached a screenshot for that. So I don't know how I can change it.

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Search it from IAR not from file explorer.

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

DEFAULT_TC_LINK_KEY is also defined in nwk_gobals.h in sensor tag example.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

Hello,

I opened ZStackCore hex file with IAR but It doesn't look like it has a meaning. Do not I need any C files or Eww file?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

Hello,
ok, As I said before I just have 2 hex files. I guess, my folder-file and yours are different than each other. Could you please send it to me?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

I use original Z-Stack Home 1.2.2a sensortag example without any modification.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

I do not have any sensortag example under Z-Stack Home 1.2.2a, could you please show me where it is?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

If you install complete Z-Stack Home 1.2.2a, you should find it under C:\ti\simplelink\zstack_home_1_02_02a_44539\Projects\zstack\HomeAutomation\SensorTag\CC2650

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

C:\Texas Instruments\Z-Stack Home 1.2.2a.44539\Projects\zstack\HomeAutomation under here there is no SensorTag and,
C:\Texas Instruments\simplelink under here there is ble_sdk_2_02_02_25 folder ,
C:\ti and here there is no simple link...
So Should I delete Z-Stack Home 1.2.2a and install again?

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Yes, install Z-Stack Home 1.2.2a again and make sure you don't skip anything.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

Thanks now I have the files, I guess last time I missed to the cc26xx section. Now, after I change the key, I will be able to flash SensorTag with using make&download-debug buttons on IAR. To flash cc2650 with the new version, I can connect cc2650 on the SmartBoard06 right? I will try this in approximately one hour. Thanks for your help! If I will more help I will ask you :)

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Yes, you can program CC2650STK by SmartRF06EB.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

I just wonder, when we flash cc2650 with Flash Programmer 2 we choose two hex files. If we flash cc2650 with IAR, does it use SensorTag and EndDevice files at the same time or do we need to do anything else? Or, is there any way to get hex files thanks to IAR or CodeComposerStudio and flash cc2650 with Flash Programmer 2.

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Using IAR, you can download ZStackCore to CC2650STK first and ZStack Application after ZStackcore.

0 nedim teklik over 6 years ago in reply to YiKai Chen

Expert 1950 points

Do you mean I need to download firstly ZStackCore to cc2650 then I can download to SensorTag on cc2650. Becasuse there are 2 different sections under SensorTag.eww (also another one is overview)

0 YiKai Chen over 6 years ago in reply to nedim teklik

Guru 735685 points

Yes, that’s what I mean and all those are described in Z-Stack Sample user guide.

Zigbee & Thread

Zigbee & Thread forum

ZigBee Packet Sniffers and Security Models