Add tutorial on how to sniff zigbee traffic. #716

2024-11-17 02:48:31 -07:00 · 2018-12-28 14:02:03 +01:00 · 2018-12-28 14:02:03 +01:00 · 2a197a4ba8
commit 2a197a4ba8
parent 5e4e6d81de
5 changed files with 41 additions and 0 deletions
--- a/docs/how_tos/how_to_sniff_zigbee_traffic.md
+++ b/docs/how_tos/how_to_sniff_zigbee_traffic.md
@ -0,0 +1,40 @@
 # How to sniff Zigbee traffic
 Sniffing Zigbee traffic can be handy sometimes. E.g. when you want to analyze the commands used by a device.
 ## Prerequisites
 * Ubuntu machine (tested with 18.10)
 * CC2531 stick
 ## 1. Flashing the CC2531 stick
 The CC2531 needs to be flashed with a sniffer firmware. This firmware is included with [PACKET-SNIFFER](http://www.ti.com/tool/PACKET-SNIFFER) (not **PACKET-SNIFFER-2!**). Download and install PACKET-SNIFFER. The firmware can then be found here: `C:\Program Files (x86)\Texas Instruments\SmartRF Tools\Packet Sniffer\bin\general\firmware\sniffer_fw_cc2531.hex`. Flash the firmware using the instructions from [Flashing the CC2531](../getting_started/flashing_the_cc2531.md).
 ## 2. Installing required tools
 ```bash
 cd /opt
 sudo apt-get install -y libusb-1.0-0-dev wireshark
 curl -L https://github.com/homewsn/whsniff/archive/v1.1.tar.gz | tar zx
 cd whsniff-1.1
 make
 sudo make install
 ```
 ## 3. Sniffing traffic
 Start wireshark with `sudo whsniff -c ZIGBEE_CHANNEL_NUMBER | wireshark -k -i -`
 Wireshark will start and log the Zigbee messages. As these messages are encrypted we need to add 2 encryption keys. The first one is the Trust Center link key, which is the same for (almost) every Zigbee network. The second on is the network encryption key.
 Add the Trust Center link key by going to to Edit -> Preferences -> Protocols -> ZigBee. Set Security Level to *AES-128 Encryption, 32-bit Integrity Protection* and click on *Edit*. Click on *+* and add `5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39` with Byte Order Normal.
 *NOTE: The Hue bridge uses a [different Trust Center link key](https://peeveeone.com/?p=166)*
 ![Wireshark Trust Center link key](../images/wireshark_tclink_key.png)
 Next we need to figure out the network encryption key. The network encryption key is exposed when a device joins the network. Pair a new device to the network (or repair an existing one) and grab the message where the Info is *Device Announcement....*. Open the message and expand *ZigBee Network Layer Data* -> *ZigBee Security Header*.
 ![Wireshark network key](../images/wireshark_network_key.png)
 Copy the key value, as shown above and go to Edit -> Preferences -> Protocols -> ZigBee -> Edit and add the key with Byte Order Normal.
 Now Wireshark is able to decrypt the messages. When e.g. turning on a light you will see a message similar to:
 ![Wireshark packet](../images/wireshark_packet.png)
--- a/docs/images/wireshark_network_key.png
+++ b/docs/images/wireshark_network_key.png
--- a/docs/images/wireshark_packet.png
+++ b/docs/images/wireshark_packet.png
--- a/docs/images/wireshark_tclink_key.png
+++ b/docs/images/wireshark_tclink_key.png
--- a/docs/index.md
+++ b/docs/index.md
@ -25,6 +25,7 @@ Welcome to the Zigbee2mqtt documentation!
 * [How to support new devices](how_tos/how_to_support_new_devices.md)
 * [How to debug](how_tos/how_to_debug.md)
 * [How to support new devices on Hass.io](how_tos/how_to_support_new_devices_on_hassio.md)
 * [How to sniff Zigbee traffic](how_tos/how_to_sniff_zigbee_traffic.md)
 ### Information
 * [Supported devices](information/supported_devices.md)