- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- Product Forums
- :
- Wireless Connectivity
- :
- bug report JN-AN-1217-zigbee30-base-device
bug report JN-AN-1217-zigbee30-base-device
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
bug report JN-AN-1217-zigbee30-base-device
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
operation steps:
1,flash coordinator with erase EEPROM
2.flash router with erase EEPROM
3.press SW3 on Coordinator to form a network,successful
4.Press SW2 to steering ,successful
5.press reset button on Router ,the Router join the network succefull
everything working well.but .. when do as below steps
1. flash router again with erase EEPROM .
2.Press SW2 on Coordinator to steering ,successful
3..press reset button on Router ,the Router join failed.
the Router log:
*********************************************** * ROUTER RESET * ***********************************************
APP: Entering APP_vInitResources()
APP: Entering APP_vSetUpHardware()
APP: Entering APP_vInitialise()
PDM: Capacity 41
PDM: Occupancy 22
Start Up Styae 0 On Network 0
APP: Entering BDB_vStart()
APP: BDB_EVENT_INIT_SUCCESS BDB Try Steering status 0
APP: Entering APP_vMainLoop()
APP-ZDO: Discovery Complete 00 MAC: 0000000000000000 Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Incoming FC: 0 Outgoing FC: 0 MAC: 0000000000000000 Key: 5a 69 67 42 65 65 41 6c 6c 69 61 6e 63 65 30 39 Incoming FC: 0 Outgoing FC: 0
APP-ZDO: Failed To Join ad Rejoin 0
APP-ZDO: Failed To Join ad Rejoin 0
APP-ZDO: Discovery Complete ea
COORDINATOR:
APP-BDB: NwkSteering Success
APP-EVT: Request Nwk Steering 00
BDB: APP_vGenCallback [0 2]
APP-EVT: Event 1, NodeState=1
BDB: APP_vGenCallback [0 9]
APP-ZDO: New Node 311d Has Joined
it's very confuse the Coordinator said the Router had join as new node .but on the router side ,it's get join fail log.
i enable the BDB debug and ZCL debug with CFLAGS += -DDEBUG_BDB ,CFLAGS += -DDEBUG_ZCL,and the Router ,then the Router show the logs:
APP: Entering BDB_vStart()
APP: BDB_EVENT_INIT_SUCCESS
BDB: Disc on Ch 11 from 0x02108800 BDB Try Steering status 0
APP: Entering APP_vMainLoop() BDB: APP_vGenCallback [0 10]
BDB: vNsTryNwkJoin - index 0 of 1 Nwks BDB: Try To join 00158d0001011240 on Ch 11
APP-ZDO: Discovery Complete 00 MAC: 0000000000000000 Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Incoming FC: 0 Outgoing FC: 0 MAC: 0000000000000000 Key: 5a 69 67 42 65 65 41 6c 6c 69 61 6e 63 65 30 39 Incoming FC: 0 Outgoing FC: 0
BDB: APP_vGenCallback [0 8] FailedToJoin sNwkJoinFailedEvent.u8Status=173 !!!
BDB: vNsTryNwkJoin - index 0 of 1 Nwks
BDB: Try To join 00158d0001011240 on Ch 11
APP-ZDO: Failed To Join ad Rejoin 0
BDB: APP_vGenCallback [0 8] FailedToJoin sNwkJoinFailedEvent.u8Status=173 !!!
BDB: vNsTryNwkJoin - index 0 of 1 Nwks
the Joni Failed Event u8Status 173 is 0xAD,
ZPS_APL_APS_E_SECURITY_FAIL 0xAD
An APSDE-DATA.request requesting security has resulted in an error during the corresponding security processing.
Please review
thanks
Bruce Liu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I have encountered the same problem, how do you solve it?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello there,
I have encountered the same problem as you said the way, but when i call ZPS_vAplSecSetInitialSecurityState (ZPS_ZDO_PRECONFIGURED_LINK_KEY, sBDB.pu8DefaultTCLinkKey, 0, ZPS_APS_GLOBAL_LINK_KEY); returns an error with the error code 0XA3, why?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I think you can change SET_SERCURITY by 0x0UL before Permit join that same as my code
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello there,
I have encountered the same problem as you said the way, but when i call ZPS_vAplSecSetInitialSecurityState (ZPS_ZDO_PRECONFIGURED_LINK_KEY, sBDB.pu8DefaultTCLinkKey, 0, ZPS_APS_GLOBAL_LINK_KEY); returns an error with the error code 0XA3, why?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Router: Context Data will erase to 0x0UL after FACTORY NEW that not pass security checking by Coordinator which changed KEY to new one.
if you want pair with KEY(0x0UL), you should change little code as below, FYR
OPEN project name: JN-AN-1216-Zigbee-3-0-IoT-ControlBridge and app_Znc_cmds.c or search string as APP_vConfigureDevice, change code to allow pair with zero key: remember change SET_TYPE to Router before JOIN active.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, for this step:
5.press reset button on Router ,the Router join the network succefull
everything working well.but .. when do as below steps
1. flash router again with erase EEPROM .
usually only happens during development I think.
For your case, since the coordinator already registered the Router in Address Map, then the same router's IEEE64 address request a new join, it looks like potential MITM or some hijack.
From the JN-AN-1217, it looks like for the Router during startup, it will check for "Am I already in a network ?", If yes then I will perform a "Device Announce (secured with NWK Key)" to rejoin my last network; else I will perform "Association Request (unsecured)" to beacons.
If I am not mistaken, usually the user should perform Factory Reset operation on Router or they may just physically remove Router.
Factory Reset procedure should announce a Device Leave before factory resetting.
Coordinator will pickup Leave Indication then clear from address map.
Router will then rejoin with new address after Factory Reset.
If the Coordinator is powered down or out of range, AND the Router sends the Leave then immediately factory default, then the Coordinator will have a problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lim
i capture the packets ,the CO have send the network key to the Router ,and the logs of CO also show the Node Join successful.
if CO refuse the Router to join ,i think it would not print out the Router Join successful and assign a new Network ID and will not send the network KEY to the Router Node.
but i’ very confuse is that the CO transport the network key to Router ,but the Router still print out the Join failed logs.
i attached the Join failed and Join successful for you reference.
Thanks for your support
Bruce Liu
在 2016年12月9日,09:14,limcb <admin@community.nxp.com> 写道:
NXP Community <https://community.freescale.com/resources/statics/1000/35400-NXP-Community-Email-banner-600x75.jpg>
Re: bug report JN-AN-1217-zigbee30-base-device
reply from Lim CB <https://community.nxp.com/people/limcb?et=watches.email.thread> in Wireless Connectivity - View the full discussion <https://community.nxp.com/message/858759?commentID=858759&et=watches.email.thread#comment-858759>
Hi, for this step:
5.press reset button on Router ,the Router join the network succefull
everything working well.but .. when do as below steps
1. flash router again with erase EEPROM .
usually only happens during development I think.
For your case, since the coordinator already registered the Router in Address Map, then the same router's IEEE64 address request a new join, it looks like potential MITM.
If I am not mistaken, usually user would perform Factory Reset operation on Router or just physically remove Router.
Factory Reset procedure should announce a Device Leave before factory resetting.
Coordinator will pickup Leave Indication then clear from address map.
Router will then rejoin with new address after Factory Reset.
Reply to this message by replying to this email, or go to the message on NXP Community <https://community.nxp.com/message/858759?commentID=858759&et=watches.email.thread#comment-858759>
Start a new discussion in Wireless Connectivity by email <mailto:discussions-community-wireless--connectivity@mail.freescale.jiveon.com> or at NXP Community <https://community.nxp.com/choose-container.jspa?contentType=1&containerType=14&container=11235&et=watches.email.thread>
Following Re: bug report JN-AN-1217-zigbee30-base-device <https://community.nxp.com/message/858759?commentID=858759&et=watches.email.thread#comment-858759> in these streams: Inbox
This email was sent by NXP Community because you are a registered user.
You may unsubscribe <https://community.nxp.com/unsubscribe.jspa?email=yslau%40163.com&token=942fc6d5e175c7ee0bcc1a5c15ed158b2949a1d0ae156e2505976caeba795637> instantly from NXP Community, or adjust email frequency in your email preferences <https://community.nxp.com/user-preferences!input.jspa>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, it looks like the Coordinator is using the new LNK(1) key after the first successful Router join.
After you erase Router EEPROM and rejoin, the Coordinator should be using the standard 5A:69:...:30:39 HA_KEY but it looks like the Coordinator is using (1) to encrypt the Transport Key.
Factory Reset Join > Coordinator uses 5A:69:...:30:39 HA_KEY to encrypt Transport Key > Verify Key > then assign new LNK Key(2) to Router on Confirm Key.
Flash EEPROM on Router.
Join #2 > Coordinator uses (2) to encrypt Transport Key. Router unable to decrypt Transport Key because it is expecting to use HA_KEY to decrypt and Router does not know (2) from Erase EEPROM.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition to this, if you take a look at JN-UG-3113 ZigBee 3.0 Stack User Guide v1.2, have a look at Appendix B.2, "Clearing Stack Context Data Before a Rejoin", it seems to also describes what was happening.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I have encountered the same problem, how do you solve it?
Thank you.
