Skip to content
/ rf4ce-tools Public
forked from courk/rf4ce-tools

SDR tools that can be used to experiment with the Zigbee RF4CE protocol

License

MIT license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

meecash/rf4ce-tools

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
rf4ce
rf4ce
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
injector.py
injector.py
 
 
pairing_sniffer.py
pairing_sniffer.py
 
 
sniffer.py
sniffer.py
 
 

Repository files navigation

Note: Frok from https://github.com/courk/rf4ce-tools Changes on branch maint-3.7 verified with Python2, GNU Radio 3.7

Introduction

This is a small and simple set of SDR tools that can be used to experiment with the Zigbee RF4CE protocol.

The following features are supported:

They do have the following features:

  • RF4CE packets parsing and crafting. This includes support for the AES-128-CCM cryptographic algorithm used by RF4CE devices after the pairing process.
  • RF4CE packets sniffing. This includes deciphering packets in case the ciphering key is known. This key can be computed in case the pairing process can be sniffed.
  • RF4CE packets injection.

Requirements

My code is based on:

  • GNU Radio GNU Radio
  • The IEEE 802.15.4 MAC and PHY layers are provided by the gr-ieee802-15-4 project
  • The GNU Radio Eventstream Out-of-Tree Synchronous Stream-Event Scheduler gr-eventstream

I've successfully tested these tools with both a HackRF and a newer PlutoSDR.

Please note that a device like the PlutoSDR supports full-duplex communication. That's why after it has send a packet, it can immediately wait for a ACK from the receiver and try to switch frequency if this packet is not acknowledged.

The HackRF on the other side is only half-duplex and cannot do that. I haven't find a way to switch between RX and TX modes fast enough to handle ACK packets.

In other word, only the PlutoSDR can handle the frequency agility feature of the RF4CE protocol.

Usage

Packet Sniffer

$ ./sniffer.py -h
usage: sniffer.py [-h] [-l LINK] [-c {15,20,25}] [-s {hackrf,pluto-sdr}]

optional arguments:
  -h, --help            show this help message and exit
  -l LINK, --link LINK  JSON file containing link information
  -c {15,20,25}, --channel {15,20,25}
                        RF4CE channel (default: 15)
  -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
                        SDR Device to use (default: pluto-sdr)

Pairing Sniffer

This "pairing sniffer" can be used to generate the optional JSON file containing a link information.

$ ./pairing_sniffer.py -h
usage: pairing_sniffer.py [-h] [-c {15,20,25}] [-s {hackrf,pluto-sdr}]
                          output_file

positional arguments:
  output_file           output JSON file storing link information

optional arguments:
  -h, --help            show this help message and exit
  -c {15,20,25}, --channel {15,20,25}
                        RF4CE channel (default: 15)
  -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
                        SDR Device to use (default: pluto-sdr)

Packet Injection

$ ./injector.py -h
usage: injector.py [-h] [-c {15,20,25}] [-s {hackrf,pluto-sdr}] config_file

positional arguments:
  config_file           JSON file containing link information

optional arguments:
  -h, --help            show this help message and exit
  -c {15,20,25}, --channel {15,20,25}
                        RF4CE channel (default: 15)
  -s {hackrf,pluto-sdr}, --sdr {hackrf,pluto-sdr}
                        SDR Device to use (default: pluto-sdr)

About

SDR tools that can be used to experiment with the Zigbee RF4CE protocol

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%