Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

Obtaining Keys in Zigbee Standard Security Network

Building Automation Knowledge Base

Schneider Electric Building Automation Knowledge Base is a self-service resource to answer all your questions about EcoStruxure Building suite, Andover Continuum, Satchwell, TAC…

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • Knowledge Center
  • Building Automation Knowledge Base
  • Obtaining Keys in Zigbee Standard Security Network
Options
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close

Related Forums

  • Intelligent Devices Forum

Previous Next
Contributors
  • David_Purser
    David_Purser

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Back to Building Automation Knowledge Base
Options
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
0 Likes
2115 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?
Select your language from the translate dropdown in the upper right. arrow
Translate to: English
  • (Français) French
  • (Deutsche) German
  • (Italiano) Italian
  • (Português) Portuguese
  • (Русский) Russian
  • (Español) Spanish

Obtaining Keys in Zigbee Standard Security Network

Picard David_Purser Picard
‎2023-03-08 10:46 AM

on ‎2023-03-08 10:46 AM

Issue

Capturing packets from Zigbee Standard Security Network shows packets marked Bad FCS or Encrypted Payload

Product Line

EcoStruxure Building Operation

Environment

  • Building Operation Automation Server
  • Building Operation Room Controller

Cause

Zigbee Standard Security Networks implement multiple keys to encrypt data for the Zigbee Network and each device

Resolution

This resolution assumes you have a Zigbee adapter that can capture packets in Wireshark.

 

Ensure zigbee_pc_keys are available in each profile you are going to use to analyze the Zigbee packets. The file location is generally: %AppData%\Roaming\Wireshark\profiles\<Profile Name>\zigbee_pc_keys

 

  1. Open Wireshark and configure the Zigbee adapter
    1. NOTE: Please substitute your adapter name if not using the TI CC2531 adapter.
    2. Open Wireshark
    3. Click the gear next to the 'TI CC2531 802.15.4 packet sniffer'
    4. Select the known channel (11-26) and click Save
    5. Click on 'TI CC2531 802.15.4 packet sniffer' to start capturing
  2. Update formatting to resolve Bad FCS packets
    1. Go to Edit -> Preferences -> Protocols
    2. Select IEEE 802.15.4
      1. Depending on your Wireshark version,
      2. check or "TI CC24XX FCS Format"
      3. or set FCS format = "TI CC24xx metadata"
  3. Add default link key for Zigbee Alliance
    1. Go to Edit -> Preferences -> Protocols
    2. Select ZigBee
      1. Set Security Level = AES-128 Encryption, 32-bit Integrity Protection
      2. Click Edit next to Pre-configured Keys
        1. Click + and Enter Wireshark Key from below, Byte Order = Normal, and Label
    3. Enter the Zigbee Alliance Default Link Key
      1. Key = 5A:69:67:42:65:65:41:6C:6C:69:61:6E:63:65:30:39
      2. Key Value = 5A6967426565416C6C69616E63653039
        1. Remove colons (:) for entry into Wireshark
      3. ByteOrder = Normal
      4. Label = ZigbeeAlliance09
  4. Find and add Standard Network Key
    1. Ensure you have configured the default transport key (above).
    2. Use this display filter to find the request Key exchange: zbee.sec.decryption_key
    3. Find Standard Network Key
      1. Look in the Info column for the Transport Key and select it
      2. Expand Zigbee Application Support Layer Command
      3. Expand Command Frame: Transport Key to see Key Type: Standard Network Key and Key: shows the value
      4. Right-click on the key -> Copy -> Value
      5. Right-click on the Zigbee Network Layer Data -> Protocol Preferences -> Open Zigbee Network Layer Preferences
      6. Click Edit next to Pre-configured Keys
      7. Click + and paste under Key, leave Byte Order = Normal, and add Label.
        1. RECOMMENDED: Use Descriptive label because you will have Network Key per Zigbee Network, so includes Device, PAN ID, and NetworkKey, ie ASP087_12345_NetworkKey
  5. Find and add Trust Center Link Key PER device
    1. Ensure the following are configured: formatting, transport key, and Standard Network Key (above).
    2. Use this display filter to find the request Key exchange: zbee.sec.decryption_key
    3. Since this is per device, one can include the Network Address for the device. Example: If the network address of the device is 0x2074, the display filter would be: zbee.sec.decryption_key and zbee_nwk.addr == 0x2074
    4. Find Trust Center Link Key per device
      1. Using the Info field, find the pair of Request Key and Transport Key. The Request Key will have Source = Device Network Address, and the Transport Key will have the Destination = Device Network Address.
      2. Click on the Transport Key packet
      3. Expand Zigbee Application Support Layer Command
      4. Expand Command Frame: Transport Key to see Key Type: Trust Center Link Key and Key: shows the value
      5. Right-click on the key -> Copy -> Value
      6. Right-click on the Zigbee Network Layer Data -> Protocol Preferences -> Open Zigbee Network Layer Preferences
      7. Click Edit next to Pre-configured Keys
      8. Click + and paste under Key, leave Byte Order = Normal, and add Label.
        1. RECOMMENDED: Use a Descriptive label because you will have a Key per device, so includes Device, Network Address, and Trust Center Link Key, ie TH907-01_0x2074_TCLK
Labels (1)
Labels:
  • EcoStruxure Building Operation
Tags (1)
  • Find more articles tagged with:
  • DavidPurser23
Was this article helpful? Yes No
No ratings

Link copied. Please paste this link to share this article on your social media post.

To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of