Extracting encryption keys in order to trouble shoot Z-wave network using SiLabs Zniffer-tool

kodarn · August 29, 2020, 3:51pm

Hi!

I’m troubleshooting devices on my VeraPlus-network using the SiLab’s Z-Wave sniffer “Zniffer” (model ACC-UZB3-S). The tool supports decoding encrypted packets if the correct encryption key is provided. Are there any official/unofficial ways of extracting them from the VeraPlus?

I looked at the following tools on the VeraPlus:

/usr/bin/nvram
/usr/bin/zwave_uart_prog
/usr/bin/zwaveserial

…but didn’t find quite what I was looking for. Are there any Z-wave serial API commands which enables retrieval of the key, or should I attempt to parse the Z-wave network backup file?

therealdb · August 29, 2020, 6:19pm

Open a support request, they will send instructions.

mcv.bogdanf · August 31, 2020, 1:23pm

Look after Network Key Set in the zniffer software.

.

kodarn · August 31, 2020, 1:47pm

Yes, as it turns out, the keys are stored on the Vera in the file /etc/cmh/keys which contains three binary keys, 16-bytes each. Simply executing hexdump -C /etc/cmh/keys and then enter the first 16 bytes into SiLab’s Zniffer solved my problem