Currently a simple tool to identify ZigBee packet types and extract some data from pcap files.
No particular purpose as yet, just part of my learning cycle.. It seems that ZBEE_ZCL leak network keys and ZBEE_APF packets leak security keys.. so next bit of dev will be to grab those and use them for eavedropping etc See Crypto section
python3 Uses pyshark and lxml.objectify You will need tshark install.
In Zigbee networks, there are two types of keys: Zigbee Security Keys and Network Keys:
Zigbee Security Keys are used for securing the application layer of Zigbee communication. They are primarily associated with Zigbee devices and are used to encrypt and decrypt application-level data payloads. The security keys ensure confidentiality, integrity, and authentication of data exchanged between devices within a Zigbee network. These keys are used to protect sensitive information and prevent unauthorized access and tampering of application data.
Application Link Key (0x05): A key shared between two Zigbee devices for secure communication between them.
Master Key (0x02): A key used for securely joining devices to a Zigbee network and for key establishment.
Trust Center Link Key (0x03): A key shared between a device and the Trust Center (a central authority in a Zigbee network) for secure communication and network management.
A Network Key, also known as a Network Encryption Key (NEK), is used for securing the network layer of Zigbee communication. It is shared among all devices in a Zigbee network and is used to encrypt and decrypt network-level data payloads. The network key ensures the confidentiality and integrity of network-related information, such as routing messages and network management frames.
Securing communication between devices in the network.
Establishing trust and authenticity within the network.
Maintaining network integrity and preventing unauthorized devices from joining.
python3 zigbuzz.py
Some sample ZigBee pcap file here: https://tshark.dev/search/pcaptable/ Search for "zbee"