Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] LoRaWAN: Correct decryption of downlink traffic

From: Achuthan Paramanathan <ACP@xxxxxxxxxxxx>
Date: Fri, 27 Sep 2019 08:13:08 +0000

Dear wireshark,

 

I recently noticed that decryption of downlink traffic in wireshark  - Version 3.0.3 is not done properly.  Even though it is marked as correct decoded in wireshark view. The uplink traffic is decrypted correctly.

 

I then had a look in the code (master branch) “../dissectors/packet-lorawan.c” line 795

Here, the function decrypt_lorawan_frame_payload() which takes in an argument dir, in this case it is statically set to 0 indicating uplink traffic. This will work as long as the traffic is uplink, however in downlink this will result in an wrong decryption.

 

My suggestion is to use the flag “uplink” which is set to FALSE in line 753 when mac_mtype is of type downlink, as dir argument in function call  decrypt_lorawan_frame_payload()

 

 

Venlig hilsen / Best regards
Kamstrup A/S
Achuthan Paramanathan
Development Engineer, Ph.D., Technology
Technology

Kamstrup A/S
Industrivej 28
DK-8660 Skanderborg
T: +45 89 93 10 00

acp@xxxxxxxxxxxx
kamstrup.com