Wireshark · Wireshark-dev: Re: [Wireshark-dev] LoRaWAN: Correct decryption of downlink traffic

[Erik de Jong <erikdejong@xxxxxxxxx>]

On Mon, Sep 30, 2019 at 7:57 PM Pascal Quantin <pascal@xxxxxxxxxxxxx> wrote:

Hi Achuthan,

Le lun. 30 sept. 2019 à 19:53, Achuthan Paramanathan <ACP@xxxxxxxxxxxx> a écrit :

Dear wireshark,

 

I recently noticed that decryption of downlink traffic in wireshark  - Version 3.0.3 is not done properly.  Even though it is marked as correct decoded in wireshark view. The uplink traffic is decrypted correctly.

 

I then had a look in the code (master branch) “../dissectors/packet-lorawan.c” line 795

Here, the function decrypt_lorawan_frame_payload() which takes in an argument dir, in this case it is statically set to 0 indicating uplink traffic. This will work as long as the traffic is uplink, however in downlink this will result in an wrong decryption.

 

My suggestion is to use the flag “uplink” which is set to FALSE in line 753 when mac_mtype is of type downlink, as dir argument in function call  decrypt_lorawan_frame_payload()

Could you please fill a bug on https://bugs.wireshark.org with a pcap containing a bit of UL and DL traffic? It would allow to verify your fix proposal.

Thanks for the help,

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

It would be great to have a pcap, please don't forget to include the keys to decrypt it.

I will be happy to update the dissector.

Regards,

Erik