Zigbee protocol

Mirage includes components allowing to manipulate and communicate with Zigbee interfaces, along with other components implementing some attacks on the Zigbee stack. This page presents some of those components, and provides some usage examples.

Warning

Please note the fact that this protocol stack is partially implemented. It’s mainly included as a proof of concept for now.

Zigbee modules

Mirage includes many modules allowing to analyse the security of Zigbee communications. The available modules and the links to the corresponding documentation pages are listed in the following table :

Name	Description	Documentation
zigbee_info	This module displays useful informations on a given interface.	here
zigbee_deauth	This module performs a deauthentication attack.	here
zigbee_floodassoc	This module performs an association flooding attack.	here
zigbee_inject	This module allows to inject some Zigbee frames.	here
zigbee_scan	This module scans for Zigbee devices on all channels.	here
zigbee_sniff	This module sniffs Zigbee communications on a given channel.	here

Importing the Zigbee software components

Every software component described in this page can be easily imported from a module or a scenario environment using the following statement :

from mirage.libs import zigbee

Then, every component is available using the zigbee namespace:

packet = zigbee.ZigbeeXBeeData(sequenceNumber=200,data="Hello World")

Interacting with the protocol

Mirage provides drivers supporting Raven RZUSBSTICK. You can also read or write a PCAP file containing Link Layer packets using the PCAP Device. Each device can be used to send and/or receive Zigbee packets, and possibly provide some specific features by providing shared methods. The supported Devices are listed here.

To manipulate a device, you need to use the corresponding Emitter and/or Receiver with an interface related to you device. The following page explains how to use these software components.

Zigbee packets

Mirage manipulates Zigbee packets as child classes of ZigbeePacket (mirage.libs.zigbee_utils.packets.ZigbeePacket), which is itself a child class of Packet (mirage.libs.wireless_utils.packets.Packet. The following list describes the available packets and provides some links to the corresponding documentation pages :

• ZigbeeBeacon

• ZigbeeBeaconRequest

• ZigbeeAssociationRequest

• ZigbeeDisassociationNotification

• ZigbeeAssociationResponse

• ZigbeeDataRequest

• ZigbeeAcknowledgement

• ZigbeeXBeeData

• ZigbeeApplicationData

• ZigbeeApplicationEncryptedData

If you use a sniffer such as Raven RZUSBSTICK, some additional informations provided by the sniffer can be included in the packet using the additionalInformations attribute. The additional informations are stored as instance of the class ZigbeeSniffingParameters (mirage.libs.zigbee_utils.packets.ZigbeeSniffingParameters).