After my last post (here) I kind of gave up on my project of creating a custom ZLL device to control with the Hue. It was to time consuming and there was no real progress. Until yesterday.
I knew I needed a certain master key to get the NXP ZLL sample code to connect to my Hue. Some unsuccessful-fiddling with this key later, I compared my binary with the dump from the last post and noticed the keys were in a very different place. With a few searches through the sources I found the field sMasterKey. With the key defined here, it was pretty much in the same place as in the dump. Et voila! The Mesh Bee with custom firmware connects to my Hue.
This proves my project is viable, so this morning I ordered the Beyond Debug Key to make my life a little more easy!
To be continued!
Update (oct-22-2016)
I’ve been receiving some questions regarding the keys I used, here is some explanation:
There are two keys used in the Zigbee protocol, one for the Home Automation- and one for the Light Link Profile. The HA (trust center link key) key is used for classical Zigbee commissioning and allows the device to join non Light Link networks. The other key is the light link master key, this key is used to decrypt the network key during the touchlink phase and allows the device to connect to the network.
The Default Trust Center Link Key is public: ZigBeeAlliance09 (5A 69 67 42 65 65 41 6C 6C 69 61 6E 63 65 30 39)
The other one, the Light Link master Key is easily found : source 1, source 2, many other sources
The complete use of these keys is explained in full detail in the ZigBee Light Link Standard.
My project has been on hold for some time and I’ve been having trouble with my Mesh Bee’s. The Bee’s are showing inconsistent behavior, and I believe it is hardware related. So, last week I got some JN5168 modules and now I’m waiting for the breakout boards. I hope to update the blog with some actual working examples soon!
Update (nov-21-2016)
Last week I succeeded in creating a custom ZLL device (2 actually, RGB and Monochrome). Read all about how you can connect your Mesh Bee to your Hue here: Custom firmware Hue lights.
Hi Peter,
I’ve just read your ZigBee articles. I am currently trying to find a way to control my Hue devices using a third party ZigBee controller. I’ve already managed to pair newer Hue bulbs to a Texas Instruments CC2531EMK usb dongle, but I cannot pair older lights like the Philipps LivingColor lights because they don’t support the network join. This is why I am looking for a way to take control over the current Hue ZigBee network. But to to this I have to find out the individual network encryption key my bridge is using.
I found some articles describing a ZigBee network key exchange, but on the Hue bridge this exchange also seams to be encrypted using a key that is embedded in the firmware of the lamps.
I found a master key but I wasn’t able to decrypt any of the packets using this key. I believe there must be another key the Hue bridge is using during pairing of new devices to exchange the individual network key and I think this could be the key you found in the firmware of the Innr lamp.
Is there any chance that you could send me the key you found so that I can test if I am able to decrypt the network key exchange of my Hue bridge with it?
Regards
David
Hi david,
The ZLL network key is encrypted using the ZLL master key, I’ve update the post to include some info on the keys. For a full understanding, I suggest reading the specification document. What kind of firmware are you running on the dongle? As far as I can see from this video: Living Colors these lights are using touchlink commissioning with a weak signal. This means that the the lights need to be within a short range of the commissioning server. If your dongle is acting as a commissioning server is should be close to the devices for them to connect.
Peter
Hi Peter,
thanks for the reply. I already read a lot of those documents, but Hue doesn’t transmit the network key as plain text. I also tried to decrypt the network key during pairing using those two keys from your post, but none of those two keys worked. (I also tried the keys in reverse)
I flashed the TI Z-Stack-Home to my dongle (http://www.ti.com/tool/z-stack) and I am using the zigbee4java library to control it.
I tried to pair the old LivingColor lamps by putting the dongle very near the lamp, but that doesn’t seam to work. Even with the Hue bridge it only works using one of the old remotes. Basically you need to pair every lamp to the remote and then overwrite the network from the bridge with the one from the remote. (By long pressing “on” and “scene1”, and after that long press “on” on the remote) But I cannot to that with my dongle because I don’t know the key that is used between the remote and the Hue bridge.
I think the Hue bridge only uses one of those two keys from your post when pairing third party lamps. I also ordered one of those Innr lamps (Arrives on Monday) and maybe I will be able to decrypt the network key when pairing the Hue bridge to this lamp. I only hope the bridge doesn’t create a separate network with a separate network key to communicate with 3rd party lamps.
Regards
David
I’ve just received the Innr Lamp and I was able to add the lamp to my Hue network. But sadly I wasn’t able to decrypt a network key using the two keys you provided. Are you sure this is the only key in the firmware?
It is the only key I know of. Did you use the correct decrypt method? The Light Link specs describes the decoding of the network key in detail. Your project is the opposite of what I am trying to do, you are trying to be the hub for the Hue lights and I am trying to connect a generic Light Link device to a Hue hub. It could be, the Hue devices do not support the Home Automation commissioning, if so, you need to host a Light Link hub.
I don’t know for sure about a special Hue network, but I think you might be right on that one. I’ve noticed the Philips lights are recognized in a different pattern than other non Hue lights. I can’t tell you the exact difference, as I’ve made no effort to try and decode the communication. Also, the Home Kit compatibility requires certified devices to implement certain encryption methods, this way devices can be regulated. I have no doubt Philips is using the same system for their Hue, as they have banned and re-allowed third-party Light Link devices with software updates.
Maybe this can be useful: ti zll q&a there is some Hue specific info at the bottom.
Hi David, I did find another key, see this post
Thanks for your input, hope this helps you!
Peter
Dear David Masshardt,
I hope you can read this comment. I just order a Hue bulb (exactly Hue Starter kit with 3 bulbs), and I try to connect a hue bulb to CC23531EMK usb dongle, but it is failed. Here what I was doing. I flash ZNP firmware (in Z-Stack HA 1.2). I use a guideline on internet to LampStealer (factory reset a bulb). I already put USB dongle very near the bulb (10cm), but after factory reset, the bulb joined again to the bridge, not USB dongle network. I don’t know how to make Hue bulb connect to CC2531 usb, can you help clear what did you do ? And I already use channel 15 for usb dongle (same channel with the bulb and bridge use).
Thank you
Linh An
Pingback: Breakout breakthrough |
Hi Peter,
I am currently trying to connect a JN5168 to a hue bridge. I´m programming in beyondstudio for NXP but I can´t find where to put the keys. Could you give a tip?
groeten,
Dirk
Hi I’m working around a I K E A lamp bulb my attempt will be to drive directly the lamp without the standard gateway or the remote control, I know that the Master key for Hue is know, do you know if there are also some for I K E A?
Regards!