Wednesday, 20 July 2016

Hacking Wireshark for fun and profit

We've been working on some low-power Zigbee sensors recently, based on CC2538 / ZStack 1.2.2 and running Zigbee HA 1.2.1 ; whilst we were doing this it occurred to us that Wireshark could usefully decode a few more of the IAS Zigbee messages into something useful.

So we did that.

It also turns out that some of our clients (and compliance test houses) use the very nice Ubiqua protocol analyser tool

However, we are a Wireshark shop.

Step up Vadim , who contributed a bunch of patches in Wireshark bug 7426. Those had rotted a bit, so I resurrected them and the upshot is that the repository now contains a bunch of things that Zigbee hackers might find fun:

  • Better decoding for Zigbee IAS messages - from Rhodri James.
  • Support for CUBX, TI SmartRF Studio and Ember Insight Desktop file formats as per Vadim's patch.
  • Support for more recent Ubiqua 3 file formats (at least, on the traces I have here).
  • A nasty backdoor mechanism so that you can decode Ubiqua traces which don't contain the TC key transport packet in the trace (Ubiqua stashes this in a separate table, and we pass it round the back to the Zigbee packet dissector).

One day I will get around to trying to push this lot upstream, but I suspect we will want a better way to do the backdoor key transport than the ugly hack I have in there at the moment.

Anyway, if you feel minded, grab it, enjoy and do report any bugs you come across (and I will do another post on power measurement for low-power radio, honest).

No comments:

Post a Comment