Using Network Analyzer Tool to Monitor Bluetooth Mesh Traffic

Similar documents
Energy profiler and Network analyzer Training Lab manual for

UG366: Bluetooth Mesh Node Configuration User s Guide

QSG107: SLWSTK6101A/B Quick-Start Guide

QSG155: Using the Silicon Labs Dynamic Multiprotocol Demonstration Applications

QSG107: SLWSTK6101A/B Quick-Start Guide

BLE Mesh Application Level Overview

QSG139: Getting Started with Bluetooth Software Development

AN888: EZR32 Simple TRX Application Quick Start Guide

Bluetooth Mesh. Johan Hedberg

Si117x Static HRM/SpO2

QSG139: Bluetooth Development with Simplicity Studio

UM2361. Getting started with the ST BlueNRG-Mesh ios application. User manual. Introduction

QSG107: SLWSTK6101A Quick-Start Guide

AN888: EZR32 Quick Start Guide

KST3300 Firmware Specification

SAMSUNG ELECTRONICS RESERVES THE RIGHT TO CHANGE PRODUCTS, INFORMATION AND SPECIFICATIONS WITHOUT NOTICE. Products and specifications discussed

How to Deploy BlueZ v5.50 on Raspberry Pi 3 and Use It Part 2 Provisioning

Interpretype Bluetooth Setup Procedure

Wireless LAN USB Stick AWL400. User Manual. Version 1.1 June BENQ Corporation

Ember Desktop User Guide. Version 3.3 Build 1985

QSG106: Getting Started with EmberZNet PRO

QSG126: Bluetooth Developer Studio Quick-Start Guide

QSG119: Wizard Gecko WSTK Quick-Start Guide

Bluetooth LE 4.0 and 4.1 (BLE)

UG160: Wizard Gecko BGTool User's Guide

AN1137: Bluetooth Mesh Network Performance

iconnect625w Copyright Disclaimer Enabling Basic Wireless Security

AN1144: Using Device Management Service with Zigbee Gateways

ZICM357P2 - Evaluation Kit User s Guide

Trimble Recon Handheld: Using the Socket Bluetooth CompactFlash Card

Lab Exercise Protocol Layers

AN1200: Bluetooth Mesh for ios and Android ADK

Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.

Wireless-G Router User s Guide

QSG108: Getting Started with Silicon Labs Bluetooth Software

QSG153: Micrium s μc/probe Tool Quick- Start Guide

ZFSM-201-KIT-1 Wireless UART Application User Guide

AN1160: Project Collaboration with Simplicity Studio

802.11a g Dual Band Wireless Access Point. User s Manual

APC-100. IEEE g Wireless USB Adapter. User s Guide v1.0

Introduction to Z-Wave SmartStart. Whitepaper

mmwave Sensor Raw Data Capture Using the DCA1000 Board and mmwave Studio

ACR1255U-J1. Secure Bluetooth NFC Reader. User Manual V1.02. Subject to change without prior notice.

Advanced Help Guide. Wireless Signature Pads. Copyright 2018 Topaz Systems Inc. All rights reserved.

AWUS036NHR Long-Range Indoor IEEE n USB Adapter User Manual

Sirindhorn International Institute of Technology Thammasat University

AIRNET 54Mb b/g High Power USB Adapter. User s Manual

QSG113: Getting Started with Silicon Labs Thread

DBT-120 Bluetooth USB Adapter

User s Guide AIR-USB112NH November, VRTL8191SU

UG369: Wireless Xpress BGX13P SLEXP8027A Kit User's Guide

Using Diagnostic Tools

Software Design Specification

APSCN VPN Settings for Windows 7 2. APSCN VPN Settings for Windows XP 8. APSCN VPN Settings for MAC OS 15

Outdoor Wireless USB Adapter User Guide

The BlueNRG-1, BlueNRG-2 BLE OTA (over-the-air) firmware upgrade

Configuring the WT-4 for ftp (Infrastructure Mode)

kcenergy User Guide Introduction Hardware

AN1086: Using the Gecko Bootloader with the Silicon Labs Bluetooth Applications

Bluetooth Low Energy Protocol Stack

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

EFM32 EFM32GG11 Giant Gecko Family QSG149: EFM32GG11-SLSTK3701A Quick-Start Guide

QSG166: WF200 Wi-Fi Development Kit Quick Start Guide

nrf Connect Bluetooth low energy

AN1045: Bluetooth Over-the-Air Device Firmware Update for EFR32xG1 and BGM11x Series Products

9. Wireshark I: Protocol Stack and Ethernet

user guide January 2006 CSR Cambridge Science Park Milton Road Cambridge CB4 0WH United Kingdom Registered in England

Distributed Device Synchronization

Wireless LAN PC Card AWL-100. User Manual. Version 1.1 June BENQ Corporation

AN4869 Application note

Introducing Class-Level Decoding Video See a video demonstration of the new real-time class-level decoding feature of the Data Center Software.

ACR3901U-S1. Secure Bluetooth Contact Card Reader. User Manual V1.01. Subject to change without prior notice.

Link-OS & Printer Portfolio Overview

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Chapter 4. TCP / UDP Transport Protocol Overview

Primex Device Configuration Software Advanced User Guide

pinremote Manual Version 4.0

King Fahd University of Petroleum & Minerals. Data Traffic Capture and Protocols Analysis using Sniffer Tool

Wireless Print Server with 3G Mobile Video. Wireless G USB 2.0 Adapter

EFM32 Pearl Gecko Family QSG118: EFM32PG1 SLSTK3401A Quick- Start Guide

Managing SonicWall Gateway Anti Virus Service

Riverbed AirPcap software AirPcapReplay

DataHub: FAQs/Troubleshooting

Figure 1. Simplicity Studio

AN1114: Integrating Silicon Labs Bluetooth Applications with the Micrium RTOS

BLE Command Line Interface Document

UG365: GATT Configurator User s Guide

PMS 138 C Moto Black spine width spine width 100% 100%

HyperBlade Bluetooth Serial Port Setup Guide For use with Scimitar Software and USB Bluetooth adapter Hyperdyne Labs 2006

ice40 UltraPlus Image Sensor Elliptical Crypto Engine (ECC) Demo - Radiant Software User Guide

EFM8 Laser Bee Family QSG110: EFM8LB1-SLSTK2030A Quick Start Guide

MBMimic for the Bluetooth Smart Mountbatten

EFM8 Universal Bee Family EFM8UB2 Errata

UG119: Blue Gecko Bluetooth Smart Device Configuration Guide

UG103.11: Thread Fundamentals

kcenergy User Guide DRAFT EDITION Introduction Serial Data Communications Hardware Supported Bluetooth Profiles

BT740 Development Kit Quick Start Guide v1.2

DASH7 ALLIANCE PROTOCOL - WHERE RFID MEETS WSN. public

UG103.6: Bootloading Fundamentals

PM0257. BlueNRG-1, BlueNRG-2 BLE stack v2.x programming guidelines. Programming manual. Introduction

Transcription:

Using Network Analyzer Tool to Monitor Bluetooth Mesh Traffic KEY FEATURES This training demonstrates the usage of the Network Analyzer tool provided by Silicon Labs, and applies it to monitor Bluetooth Mesh traffic. Demonstration of Network Analyzer Monitoring Bluetooth Mesh traffic silabs.com Smart. Connected. Energy-friendly Rev. 0.1

Introduction 1 Introduction EFR32 parts have a so called Packet Trace Interface (PTI), which provides the possibility to monitor all packets received and transmitted by the radio externally. If PTI is enabled, the content of each radio packets are sent out via SPI or UART interface (depending on the configuration) as soon as the packet is received/transmitted by the radio. Hence all radio traffic can be monitored externally. Silicon Labs Wireless Starter Kit (WSTK) captures PTI data from radio boards and after timestamping forwards the packets to the PC via USB (J-Link EMU-COM channel 15) or Ethernet (TCP port 4905). The received packets can be decoded and visualized by Silicon Labs Network Analyzer tool coming with Simplicity Studio 4. The Network Analyzer tool is prepared to decode different standards including Bluetooth and Bluetooth Mesh. Since the communication is often encrypted, the tool is also prepared to decrypt encrypted messages, provided that it knows the keys used for encryption. Bluetooth Mesh packets are sent via advertisements flooding the network. This means that all packets can be captured with any devices in the area of the network. I.e. by using the PTI on any of your Bluetooth Mesh devices you can monitor the whole traffic of the Mesh network. silabs.com Smart. Connected. Energy-friendly Rev. 0.1 1

Bluetooth Mesh Demos for Monitoring 2 Bluetooth Mesh Demos for Monitoring In the followings we will monitor the traffic of the BT Mesh Light Example demo application. This simulates a lightbulb that can be switched on/off with the help of a Bluetooth Mesh network. We will also need at least one BT Mesh Switch Example demo running on another device for testing purposes. 1. Open Simplicity Studio 2. Select your first device in the Devices tab 3. Check the Preferred SDK, it has to be Bluetooth Mesh 4. Click on the BT Mesh Light Example demo 5. Click Start in the dialog window 6. Select your second device in the Devices tab 7. Check the Preferred SDK again, it has to be Bluetooth Mesh 8. Click on the BT Mesh Switch Example demo 9. Click Start in the dialog window 10. You may repeat this for multiple lightbulbs and switches If you already have demo devices set up and provisioned, do a Factory reset on them. On the WSTK 1. Keep PB0 or PB1 pressed 2. Click reset 3. Wait until the screen shows *Factory reset* 4. Release PB0 or PB1 On your smartphone open Bluetooth Mesh app, go to Network view, long click on the Demo Network and click the X icon to flush network and group configuration. silabs.com Smart. Connected. Energy-friendly Rev. 0.1 2

Start Network Analyzer 3 Start Network Analyzer 1. To open Network Analyzer perspective click on Network Analyzer in the upper right corner of Simplicity Studio or if it is not available go to Window > Perspective > Network Analyzer 2. To enable decoding of Bluetooth packets select File > Preferences, browse for Network Analyzer > Decoding > Stack Versions, and make sure Bluetooth Smart is your default stack profile. Press OK. This would ensure, that the packets are parsed as Bluetooth packets. 3. Right click on your device and choose Connect then choose Start capture. This will open up a new window and start capturing your packets. 4. Right click on your device and chose Stop capture to stop monitoring silabs.com Smart. Connected. Energy-friendly Rev. 0.1 3

Start Network Analyzer silabs.com Smart. Connected. Energy-friendly Rev. 0.1 4

Provisioning 4 Provisioning The first step to connect a device to a mesh network is provisioning. An unprovisioned device has to advertise itself to be discoverable for the Provisioner. This can be done by the Unprovisioned Device Beacon and by advertising the Mesh Provisioning Service. To observe these: 1. Start capturing packets while your device is unprovisioned. Stop capturing after 30-40 seconds. 2. In the events window of the Network Analyzer you can find both Unprovisioned Device Beacons and Mesh Provisioning Service advertisements: 3. Find and select an Adv Indication packet where the MAC Src matches the MAC address of your device. (Note: the last 2 bytes of your MAC address is shown on the LCD of the WSTK). The content of this Mesh Provisioning Service advertisement is defined by the Bluetooth Mesh specification as You should observe the same packet format in the Event Details window: You can see the Mesh Provisioning Service advertised (UUID 0x1827) along with the Device UUID which is SilabsDev-XXXXXX, where XXXXXX is the MAC address of the device. 4. Now find and select an Unprovisioned Device Beacon packet (Note: these are much rarer then service advertisements). You can see its content decoded in the Event Details window: silabs.com Smart. Connected. Energy-friendly Rev. 0.1 5

Provisioning Next step is to provision the device. This can be done via ADV packets or via GATT connection. In this demo the provisioning is done via GATT connection. The provisioner (smartphone) connects to the device, builds up an authenticated channel via the Provisioning Service, and shares the secret Network Key with the device. 1. Open Silicon Labs Bluetooth Mesh Application on your smartphone 2. Select the Provision tab, click scan and find your device 3. Start capturing packets in Network Analyzer 4. Click on the mesh icon next to your device to provision it. 5. Stop capturing when provisioning is done. 6. Now you can see in the event log the smartphone and your device establishing a connection. After establishment, the smartphone and the device communicate via the Unprovisioned Device Service: the smartphone send write commands to the Mesh Provisioning Data In characteristic, and the device sends notifications via the Mesh Provisioning Data Out characteristic. 7. Click on any Attribute: Write Request or Attribute: Handle Value Notification packet. In the Event details you can see the data sent: The Provisioning data is currently not decoded. But you can easily find the Provisioning PDU Type (second octet), which can be one of the followings: silabs.com Smart. Connected. Energy-friendly Rev. 0.1 6

Provisioning The Network Key is shared in the Provisioning Data packet. However, the content of this packet is already encrypted, so you cannot observe the Network Key directly. To find the Network Key (and the Device Key): 1. Open Bluetooth Mesh app on your smartphone 2. Click on your Demo Network 3. Select Devices tab 4. Wait until the mesh icon in the upper right corner gets green 5. Long click on your device 6. Click on the settings icon 7. Select INFO tab From now on every communication with the device is encrypted with the Network Key and the Device Key. To be able to decrypt these messages you have to add the Network Key and the Device Key to the encryption keys of the Network Analyzer: 1. In Simplicity Studio select Window > Preferences > Network Analyzer > Decoding > Security Keys 2. Click New 3. Change the name to Mesh Network Key 4. Change the key value to the Net Key observed in the app 5. Click New 6. Change the name to Device Key 7. Change the key value to the Dev Key observed in the app 8. Click OK Now, before moving on, provision all of your other devices (lights and switches) in the demo network and add their device keys to the security keys of Network Analyzer! silabs.com Smart. Connected. Energy-friendly Rev. 0.1 7

Configuring the model 5 Configuring the model After all your devices are added to the network (provisioned), they have to be configured. This means assigning an application (e.g. light switching) and a model (e.g. on/off control or on/off device) to the device. Unlike provisioning, which was done on a point-to-point connection, configuration is done via the mesh network. The smartphone connects to one of the devices on the network that will serve as a proxy device: it forwards the messages of the smartphone to the mesh network. The message then floods the whole network via relayed advertisements. To find the proxy device: 1. Open Bluetooth Mesh app 2. Select Demo Network 3. Go to the Devices tab 4. Find the device with the red radio signal icon Now let s configure a device which is not the proxy. (If you configure the proxy, the messages are not necessarily forwarded on the mesh network, so you cannot observe mesh traffic!) 1. Start capturing packets on any of your devices 2. Open Bluetooth Mesh app on your smartphone 3. Select your network 4. Go to Devices tab 5. Long click on one of your devices which is not the proxy 6. Click the configuration icon 7. Select a functionality 8. Select a group 9. Click Apply 10. Stop capturing packet after some second silabs.com Smart. Connected. Energy-friendly Rev. 0.1 8

Configuring the model During the configuration process you can observe the following messages: BT Mesh Access Message: Config AppKey Add BT Mesh Access Message: Config AppKey Status BT Mesh Access Message: Config Model App Bind BT Mesh Access Message: Config Model App Status When the device is assigned to an application, the first step is providing them with the Application Key. This ensures that devices assigned to different application will not interfere (e.g. a light switch cannot open the door). Find the following packets: Clicking on any of the first two packets will reveal the content including the Application Key: You can find the same Application Key in the smartphone app at the same place where you can find the Network Key and Device Key (see previous section). Now add the Application Key to the security keys of Network Analyzer 1. In Simplicity Studio select Window > Preferences > Network Analyzer > Decoding > Security Keys 2. Click New 3. Change the name to Application Key 4. Change the key value to the Application Key 5. Click OK From now on you will be able to decrypt messages that are encrypted with the Application Key. Now, before moving on, configure all of your other devices (lights and switches) in the demo network! silabs.com Smart. Connected. Energy-friendly Rev. 0.1 9

Segmented Mesh Messages 6 Segmented Mesh Messages The BT Mesh Access Message: Config AppKey Add message is also a good example for segmented messages. Since the size of the advertisement packet is limited, messages often have to be split into segments. In this case the access message is: 1. Encrypted on the application level 2. Split into segments 3. Segments are encrypted on the network level Network Analyzer automatically groups up packets that are segments of the same message and decodes them as one message. The whole process is: 1. Decrypting the packets on the network level 2. Reassembling segments belonging to the same message 3. Decrypting the message on the application level 4. Decoding (parsing) the message The Events window shows each segments marking them with the segment number (e.g. [1/2]). The Event Detail window always shows the content of the reassembled message. The Hex Dump window shows the decrypted and reassembled message by default, however the raw captured data can also be observed for each segments: silabs.com Smart. Connected. Energy-friendly Rev. 0.1 10

Filtering Mesh Traffic 7 Filtering Mesh Traffic While capturing packets you may see a number of undesired advertisements originating from other Bluetooth devices around you, e.g. from smartphones advertising themselves. This often makes it hard to observe mesh traffic only. Unfortunately, these advertisement cannot be filtered out, but you can apply highlighting for Mesh traffic to find mesh packets easily. 1. Click on the Filter Manager icon in the toolbar or find Window > Show View > Expression Manager 2. In the Expression Manager window click on New 3. Change the name of the New Filter to Mesh filter 4. Type in the following expression: bleadv.adv_type_0 == 0x2a this will find advertisement packets with Mesh content 5. Tick the Color checkbox 6. Click on the box under Bg (background) or Fg (foreground) 7. Choose a color after clicking on Now all the Mesh traffic (events and transactions) will be highlighted with the chosen color. If there are multiple mesh networks in your vicinity (e.g. on a training) you may also want to filter for your own mesh network: 1. Find any mesh packet that could be decrypted by the Network Analyzer. (Since you know the Network Key of your own network only, packets from other mesh networks will show an error message: BT Mesh NWK level decryption failed) 2. Find the Network ID in the Event Details: 3. In the Expression Manager window click on New 4. Change the name of the New Filter to My Mesh Network 5. Type in the following expression: btmeshnw.nid == 0x14 Replace the number with your own Network ID! 6. Tick the Color checkbox and choose a color silabs.com Smart. Connected. Energy-friendly Rev. 0.1 11

Communication on the Mesh Network 8 Communication on the Mesh Network On a Bluetooth Mesh network devices are communicating via advertisements flooding the whole network. Consequently you can see all messages with any device on the network. However you can only decrypt messages that are encrypted with: o Network Key only o Network Key + your Device Key o Network Key + Application Key of the application you are involved in Network Analyzer will automatically try to decrypt the messages with the provided security keys. If succeeded the Mesh content is parsed. 1. Start capturing packets 2. Press PB0 or PB1 on a Switch Node in your demo network 3. Check if the light (LEDs) was turned on/off on the Light Nodes in your demo network 4. Stop capturing Find the following message and select it: This message was encrypted with the already known Network and Application Keys, hence it is automatically decrypted by the Network Analyzer and its content is parsed: silabs.com Smart. Connected. Energy-friendly Rev. 0.1 12

Saving Sessions The parsed data is organized into the standard Bluetooth Mesh layers: Network Layer Lower Transport Layer Upper Transport Layer Access Layer The Upper Transport layer is covered by the App Encryption MIC (message integrity check). 9 Saving Sessions You can easily save capture sessions into log files (.isd format) by simply selecting File > Save. However, you have to be aware, that security keys are not saved by default. Hence if someone other opens the log file on their own computer they will not be able to decrypt messages. To save security keys into the log file: 1. Go to Window > Preferences > Network Analyzer > Decoding > Security Keys 2. Tick the checkbox: Save decryption keys in ISD files. 3. Click OK silabs.com Smart. Connected. Energy-friendly Rev. 0.1 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback