How can I decrypt S2 frames using the Z-Wave Zniffer?
The Zniffer can decrypt S2 frames, by following a few steps.
First configure the PC Controller to save the network keys. Click on the small Shield icon in the upper right corner to open the ‘Security Settings’ menu.
You can either copy a key to the clipboard and paste it into the Zniffer, or you can by default save the keys to a storage folder, where the Zniffer can load them.
In the Zniffer, click on a S2 encrypted frame and notice that it cannot be decrypted just yet.
Click on either ‘Decrypt’ or ‘Load Key’ depending on if you want to copy the key from clipboard or load from a folder. The frame can now be decrypted.
Finally, it is required that the Zniffer knows the S2 singlecast nonce, which are shared during inclusion. If the trace does not include the frames from the inclusion, it is necessary to force a resynchronization between the nodes. To resynchronize, select the node in the PC controller and click "Reset SPAN". This will result in an exchange of new nonces which, in combination with the network keys, enables the Zniffer to decrypt the payload.