AnsweredAssumed Answered

MKW41z NXP Thread stack socket decryption

Question asked by Ben Hefner on Mar 12, 2017
Latest reply on Jul 18, 2017 by Jason Chiang



I've got a couple of custom boards which I've set up to control the KW41z over SPI, with a k64 as the host device. I'm able to create a network and join it, and discover other devices on the network. I can also create/bind/connect sockets and establish a connection between the two devices. Everything looks good between the two with a couple of major exceptions:

  • The length of the data received by the recv call in THCI_BSDSockReqRecv matches the data I'm sending, but the data is never what I sent. I have verified that the data looks good at the 'send' call in THCI_BSDSockReqSend.
  • After receiving some number of messages (correct length, incorrect data, as described above), the recv call in THC_BSDSockReqRecv returns 0. This seems odd, given that there continue to be ACKs to the transmitted data in my Wireshark trace. Those ACKs aren't present when I haven't joined a second device and set up a socket on that port, so it seems like the stack is receiving the data, but not delivering it.


I haven't seen many mentions of encryption/decryption in the documentation (and nothing that pertains to the sockets), and I've been operating under the assumption that Socket-Receive.Request/recv would return cleartext, but maybe I'm wrong about that. I haven't been able to find any other calls to recv in the demo I'm looking at, either. What is the correct way to retrieve that data? Any idea what's causing the stack/THCI to stop returning data, even though the KW41Z is still ACKing incoming transmissions?


The setup for the sender:

  1. create network
  2. add expected joiner
  3. sync steering data
  4. find child (and create/store LL address)
  5. create socket (domain:0x0A, type:0x00, protocol:0x11) (index is stored and used in 6/7/8)
  6. bind to local address (socket domain:0x0A, local ip retrieved from KW41z)
  7. connect to child from 4 (socket domain:0x0A)
  8. send 'send' message to kw41z periodically (~2s period, have tried with 10 and 42 byte payloads, same behavior.)


Setup for the receiver:

  1. join network
  2. find a neighbor
  3. create socket (same options as sender) index is stored and used in 4/5/6)
  4. bind to local address (same options as sender)
  5. connect to neighbor address from 2 (same options as sender)
  6. send 'receive' message to kw41z (length 100) and output responses to a serial port.



I've also been trying to use the CoAP FSCI commands from the test tool, but it's not clear to me what success looks like there. I created an instance, registered a URI with the CoapRegister command, and then sent from another board (client and server are both FRDM-kw41z running hybrid_ble_thread_host_controlled_device demo). I can see the traffic in Wireshark, but nothing happens on the destination node, as far as I can tell.


I haven't been able to verify the data in flight, as I haven't yet figured out how to decrypt it in Wireshark. I found this post about setting that up: Decrypting ZigBee packets with Wireshark.  I tried putting in the network master key (retrieved via GetAttr) in that field and wasn't able to decrypt the message. I tried the default key listed in that link as well, and that didn't work either. I've also tried setting the key in the IEEE 802.15.4 dissector, to no avail. What key(s) do I need to set up in Wireshark to decrypt traffic from my Thread network, and how do I need to request that information from the module? 





Previous post

KW41Z host-controlled example THCI