8

I'm currently trying to decrypt the traffic in a IKEA Tradfri Network (some bulbs, a 5-button remote, a gateway). I use a CC2531 Sniffer with ZBOSS and Wireshark to sniff the traffic. This is working perfectly fine but I am having a hard time decrypting the packets.

I was expecting that I could sniff the process of adding a new bulb to the network where at some point the network_key encrypted with the pre-shared Trust Center link key (e.g. as mentioned here) will be exchanged between the remote and the bulb. I successfully tried this with a comparable Hue setup but struggle with Tradfri now.

I was able to capture the Network Join Router Requestand Network Join Router Response messages and was expecting the key transmission somewhere near that - but had no success.

Am I missing something? Is another pre-shared key used for Tradfri or their TouchLink implementation? Any feedback is highly appreciated.

Edit: I forgot to mention the keys I already tried:

  • The standard ZigBeeAlliance09 TC Link key
  • The supposed ZLL master key (e.g. as stated in the source I mentioned before)
  • This key which worked for my described Hue setup
ItsMarvolo
  • 81
  • 1
  • 3

1 Answers1

5

It's unclear from your post which link key you are using. If it is the standard ZigBeeAlliance09 TC link key referenced in the post, then it will likely not work since Tradfri uses ZigBee Light Link. ZLL uses a different link key to the ZigBee Home Automation / ZigBee 3.0 well known shared key and The ZLL master key is not publicly available (although there are some links on the page you referenced that do provide it).

cdjackson
  • 136
  • 1