Packet sniffing with KillerBee and a CC2530 / CC2531 Dongle

Previously I have blogged about the TI CC2530 and CC2531 ZigBee USB dongles, and getting packet sniffing working with the CC2530 (which I received from a Chinese vendor when I thought I was getting a CC2531).

Well, today I received a CC2531 dongle (again, from a Chinese supplier because they are a quarter of the price), which turned out to actually be a CC2531 dongle!

So this prompted me to complete some work I started on porting CC2530 support to the KillerBee utilities.  This was quite straight forward, given the reverse engineering of the CC2530/CC2531 packet sniffing protocol that has been done in the open source projects I previously identified, and the experience of the KillerBee drivers that I previously gained when fixing a packet truncation issue in the KillerBee RZUSBstick driver.

The result is a KillerBee driver for the CC2530 and CC2531 dongles that supports packet sniffing (so tools like zbdump and zbwireshark work).  This will be a great help for sniffing ZigBee traffic when one of my CC253x dongles while I'm simultaneously using my RZUSBstick to inject traffic.

This work can be found both in a branch on my KillerBee fork, as well as in a pull request that I've submitted back to the KillerBee project:

• My branch: https://github.com/Scytmo/killerbee/tree/enhance/cc253x-support
• KillerBee pull request: https://github.com/riverloopsec/killerbee/pull/94

So it's up to the KillerBee project admins whether they want to integrate that with the KillerBee main branch.

Admittedly, it would have been easier if I'd simply have bought several RZUSBstick dongles... but that wouldn't have been anything like as interesting!