Skip to content
IoTsec edited this page Jul 4, 2017 · 13 revisions

What Radios are supported?

Z3sec is tested with following radio transceivers:

  • Ettus USRP B200
  • Tmote Sky

What Products are affected by the touchlink vulnerabilities?

We successfully tested following ZigBee-certified products:

  • GE Link hub and bulbs
  • IKEA Tradfri bulbs
  • Philips Hue bridge and bulbs
  • Osram Lightify gateway and bulbs

What operating systems are supported by Z3sec?

Currently, the install script is tailored for Ubuntu 16.04/16.10.

What if I do not receive scan responses?

If you cannot find touchlink-enabled devices, try the following:

  • Check if the touchlink-enabled device is supplied with power
  • Move the radio transceiver closer (less than a meter) to the target
  • Experiment with different TX gain and antenna settings
  • Repeat the scan multiple times

Do I need the ZLL Master Key?

The ZLL Master Key (in ZigBee 3.0 denoted as 'preconfigured touchlink link key') is used to encrypt the network key. This functionality is relevant for z3sec_touchlink (only join), z3sec_key_extract and z3sec_control.

The ZLL Master Key was leaked on Twitter in 2015 and can be found online. In order to use the full functionality of the Z3sec tools, please enter the key in ~/.config/z3sec/touchlink_crypt.ini in the format 9F55....

What if I overwrote the touchlink_crypt.ini?

Please delete touchlink_crypt.ini and restart an arbitrary tool of Z3sec. Then, the file will be restored with an empty ZLL Master Key field.