Cannot decrypt payload data
Closed this issue · 2 comments
Hi. My goal is to capture Babyware - IP150 communication, so I found your tool with whose help I wanted to decrypt my payloads. While installing, I didn't use these steps:
https://github.com/deonvdw/paradoxip-dissector#building
Instead, I installed Wireshark version 3.4.2. and I only copied paradoxip.dll into plugins\3.4\epan folder:
https://github.com/deonvdw/paradoxip-dissector/releases/tag/0.1.0
I was hoping that I will receive similar output as yours:
but I got the following:
-
in the most right column Info you have Serial -> (or <-) and more text, I have only Serial -> (or <-), without additional text
-
In your screenshot example you have "Paradox Alarm IP message" and "Paradox alarm serial message" sections. I only have "Paradox Alarm IP message". Inside that section in your example there are Header, Command and Payload bytes subsections. In my response, instead Payload bytes I have Encrypted payload bytes, with warning "cannot decrypt payload data":
Am I doing something wrong? How can I resolve these issues and got properly decrypted payloads? Thanks in advance! All the best!
Hi,
Your screenshot shows that the message payload could be decrypted. There are two requirements for decryption:
- Your capture must contain the login request and response. This contains the session key used to encrypt the rest of the session traffic.
- You must set the password for your IP150 module in the wireshark protocol preferences. You can either set a default password to use for all IP150 modules, or set per module passwords in the password file. The password file format is plain text with an IP address, whitespace, and password per line. You can also specify a wildcard address of 0.0.0.0 to provide a default passwords for any modules without a specific entry.
Yes, when we recorder traffic once again, this time capture contained the login request and response and we got a better and more descriptive wireshark capture. Thanks!