I'm attempting to sniff and decrypt packets in home automation
equipment which is supposed to be setup with encryption key
"ZigBeeAlliance09".
I've entered ZigBeeAlliance09 as a string in the "Network Key" field
in Edit -> Preferences -> Protocols -> Zigbee NWK
however the UI does not seem to be acting on it.
In the packet view under Zigbee Security Header I have a collapsible node:
[Expert Info (Warn/Undecoded): Encrypted Payload]
[Message: Encrypted Payload]
[Severity level: warn]
[Group: Undecoded]
Then the Data node just lists the data from the packet verbatim (no decryption).
What must I do to decrypt this payload? I've tried other random
strings for the key and it makes no difference. It doesn't seem to be
trying to decrypt.
To reproduce my problem see the pcap capture file here:
http://www.mail-archive.com/wireshark-bugs@xxxxxxxxxxxxx/msg24773.html
(file bug5331_test.pcap). The text of the bug implies it uses the same
key (ZigBeeAlliance09). Look at the first packet. The payload is two
bytes 0xb9 0x06 (encrypted). I cannot find any way view the decrypted
packet.
I'm using the standard Ubuntu package (version 1.2.7) and I also tried
the latest version 1.4.3.
Any pointers or suggestions would be greatly appreciated.
Thanks in advance,
Joe.
