What steps will reproduce the problem?
1. OpenBSD 4.8
2. Try running sudo zbid or equivalent functionality

What is the expected output? What do you see instead?
kbutils is not properly enumerating at least TelosB devices. This is likely 
based on the glob regex not matching the USB devices in /dev/. Consider 
handling these as proper USB devices, or fixing the glob expression.

$ sudo usbdevs -dv    
...
Controller /dev/usb5:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), 
Intel(0x8086), rev 1.00
  uhub5
 port 1 powered
 port 2 addr 2: full speed, power 100 mA, config 1, tmote sky(0x6001), Moteiv(0x0403), rev 4.00, iSerialNumber M4A6H5T7
   uftdi0
...

$ sudo zbid
Dev     Product String  Serial Number
Found 0 devices.

What steps will reproduce the problem?
1. Program exit reports responses received.
2. No output to screen or CSV if using -w flag.

Reported by warezjoe and mstelloh.

Initial and related triage by rmspeers:

Based on the devices I have here, it looks like zbstumbler may be
experiencing a timing issue. Aka, it uses RZUSBSTICK to transmit a
beacon request, and then immediately changes to sniffing mode and tries
to get the response. My initial results show that with some hardware,
positioned close especially, it may be missing the response.

To debug, I suggest the following for you:
- add a line of debugging code to zbstumbler on line 72:
print "Received Pkt with FCF=",pktdecode[0].encode('hex'),"- a beacon
response would be 0080"
- reinstall killerbee (python setup.py install)
- start one RZUSBSTICK in zbdump mode (ex sudo zbdump -f 16 -w
zbstumbler.pcap -i 006:003)
- start another RZUSBSTICK in zbstumbler (ex sudo zbstumbler -i 006:005)
- compare zbstumbler output to the pcap, for example, mine prints out:
"Received Pkt with FCF= 4188 - a beacon response would be 0080"
I then see that a frame with FCF 4188 follows the beacon responses, and
with some more debugging, you may be able to verify this is indeed the
specific frame it is seeing, and see what percentage of the time it sees
it after beaconing on that channel, etc.

What steps will be needed?
1. compile firmware and move
2. update BSL if needed (exact copy from GoodFET trunk)
3. update GoodFET.py and GoodFETCCSPI.py (goal is exact copies)
4. update dev_tmote.py if needed

What steps will reproduce the problem?

0. Install killerbee and scapy-com (used by other tools)
1. Capture encrypted zigbee communications.
2. Display a packet. (the following is modified slightly) Notice that the 
reference for 'ext_src' is used because of scapy-com installation.

>>> p
<Dot15d4FCS  fcf_reserved_1=0 fcf_panidcompress=True fcf_ackreq=False 
fcf_pending=False fcf_security=False fcf_frametype=Data fcf_srcaddrmode=Short 
fcf_framever=0 fcf_destaddrmode=Short fcf_reserved_2=0 seqnum=162 |<Dot15d4Data 
 dest_panid=0x092d dest_addr=0xffff src_addr=0x0 |<ZigbeeNWK  discover_route=0 
proto_version=2 frametype=command flags=security+extended_src 
destination=0xfffc source=0x00 radius=1 seqnum=97 ext_src=xx:xx:xx:xx:xx:xx 
|<ZigbeeSecurityHeader  reserved1= extended_nonce=1 key_type=network_key 
nwk_seclevel=None fc=0x015186 source=xx:xx:xx:xx:xx:xx key_seqnum=95 
data='\x65\x32\xa8\xea\xec\xc0' |>>>>

3. Process the packets and search the packet for 'ext_source' using 
packet.getfield_and_val('ext_source').

>>> cap = PcapReader('join_ch15.pcap')
>>> while 1:
...    try:
...       p = cap.next()
...    except:
...       print "done"
...       break
...    try:
...       p.getfield_and_val('ext_source')
...    except:
...       print str(cnt) + ' ext_source error'
...    cnt += 1
... 
0 ext_source error
1 ext_source error
WARNING: FCS on this packet is invalid or is not present in provided bytes.
2 ext_source error
WARNING: FCS on this packet is invalid or is not present in provided bytes.
3 ext_source error
WARNING: more FCS on this packet is invalid or is not present in provided bytes.
4 ext_source error
5 ext_source error
6 ext_source error

3. Find where 'ext_source' is called in scapy_extensions.py code. Replace 
'ext_source' with 'ext_src' as shown in packet display and within 

Line 421: #nonce = struct.pack('L',f['ext_source'])+struct.pack('I',f['fc']) + 
sec_ctrl_byte
Line 422: nonce = struct.pack('L',f['ext_src'])+struct.pack('I',f['fc']) + 
sec_ctrl_byte

4. Run again but modify 'ext_source' to 'ext_src'.

>>> cap = PcapReader('join_ch15.pcap')
>>> while 1:
...    try:
...       p = cap.next()
...    except:
...       print "done"
...       break
...    try:
...       p.getfield_and_val('ext_src')
...    except:
...       print str(cnt) + 'ext_src error'
...    cnt += 1
... 
(<Field (ZigbeeNWK).ext_src>, xxxxxxxxxxxxxxxx)
(<Field (ZigbeeNWK).ext_src>, xxxxxxxxxxxxxxxx)
WARNING: FCS on this packet is invalid or is not present in provided bytes.
(<Field (ZigbeeNWK).ext_src>, 0)
WARNING: FCS on this packet is invalid or is not present in provided bytes.
(<Field (ZigbeeNWK).ext_src>, 0)
WARNING: more FCS on this packet is invalid or is not present in provided bytes.
(<Field (ZigbeeNWK).ext_src>, 0)
(<Field (ZigbeeNWK).ext_src>, 0)


What is the expected output? What do you see instead?

Not sure if the update should be performed here or in scapy-com code.

https://bitbucket.org/secdev/scapy-com

I figured I would start here.


What version of the product are you using?

Last Changed Rev: 92
Last Changed Date: 2014-07-01 09:30:21 -0500 (Tue, 01 Jul 2014)

On what operating system?

Linux kubuntu_rules 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

With what Python version? (python -V)

Python 2.7.5+ 

Is scapy-com installed?

Yes, yes it is.

Please provide any additional information below.

What steps will reproduce the problem?

When parsing Pcap files using zbscapy the kbrdpcap function fails because it is 
using the scapy.utils.PcapReader instead of the killerbee.pcapdump.PcapReader. 
This is noted below because Scapy's PcapReader has a next() function rather 
than the pnext() function from killerbee.pcapdump's PcapReader.

================================
cutaway> zbscapy
In [1]: cap = kbrdpcap('/tmp/zb_test.pcap')
WARNING: PcapReader: unknown LL type [195]/[0xc3]. Using Raw packets
AttributeError  Traceback
---> cap = kbrdpcap('/tmp/zb_test.pcap')
/usr/local/lib/python2.7/dist-packages/killerbee-2.5.0-py2.7-linux-x86_64.egg/ki
llerbee/scapy_extensions.py
in kbrdpcap(filename, count, skip, nofcs)
   222
   223  while 1:
>>> 224     packet = cap.pnext()
AttributeError: PcapReader instance has no attribute 'pnext'

In [2]:
================================

The issue here is that the zbscapy script imports everything properly. However, 
when the scapy_extensions.py module is loaded it imports scapy.all again. This 
clobbers the killerbee.pcapdump.PcapReader.  

One fix would be to remove the "from scapy.all import *" line from 
scapy_extensions.py.  However, I believe this will break anybody scripting with 
scapy_extensions.py (scripting use seems pretty obvious from the change logs 
for this file).  

Thus, I recommend removing the "from killerbee import *" from zbscapy and 
putting it after the scapy.all import in scapy_extensions.py. This should fix 
this issue and also make it so anybody scripting with scapy_extensions.py only 
has to import this as a module and not also import killerbee. This fix will 
most likely also not break older scripts using the scapy_extensions module.

What is the expected output? What do you see instead?

The Pcap file should be imported and parsed without error

What version of the product are you using?

KillerBee beta (from SVN checkout) Revision # 93

On what operating system?

Linux kubuntu_rules 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

With what Python version? (python -V)

Python 2.7.5+

Is scapy-com installed?

Yes, yes it is

Please provide any additional information below.

Proposed Enhancement

Running zbdump does not provide any feedback to the user. The attached patch 
and tool files will, by default, display information about the packet. This 
functionality can be turned on and off using the "-q" option. 

Normal display mode uses the Dot154PacketParser pktchop function and displays 
the resulting list of information. If the user has scapy-com installed the user 
can use the "-s" option to use the Dot15d4 layer to parse the packet and 
display the results. Some logic has been used to test for scapy-com if selected 
and avoid using it if it is not installed

The capturing functionality has also been updated. Now users can capture to 
both PCAP and Daintree formats at the same time by specifying both as usual. 

No testing has been done to determine if any of this new functionality 
negatively impacts packet capture and writing.


What is the expected output? What do you see instead?

Usage example:

===================================

cutaway> sudo python ./zbdump_display2 -c 25 -w /tmp/t.pcap -i 2:51 -s
Warning: You are using pyUSB 1.x, support is in beta.
zbdump: listening on '2:51', link-type DLT_IEEE802_15_4, capture size 127 bytes

<bound method Dot15d4.mysummary of <Dot15d4  fcf_reserved_1=0 
fcf_panidcompress=False fcf_ackreq=False fcf_pending=False fcf_security=False 
fcf_frametype=Command fcf_srcaddrmode=None fcf_framever=0 
fcf_destaddrmode=Short fcf_reserved_2=0 seqnum=172 |<Dot15d4Cmd  
dest_panid=0xffff dest_addr=0xffff cmd_id=BeaconReq |<Raw  load='\x0e\x98' |>>>>
^C1 packets captured


cutaway> sudo python ./zbdump_display2 -c 25 -w /tmp/t.pcap -i 2:51
Warning: You are using pyUSB 1.x, support is in beta.
zbdump: listening on '2:51', link-type DLT_IEEE802_15_4, capture size 127 bytes

Packet: FCF | Seq# | DPAN | DA | SPAN | SA | [Beacon Data] | PHY Payload
Beacon: Superframe Spec | GTS Fields | Pending Addr Counts | Proto ID | Stack 
Profile/Profile Version | Device Capabilities | Ext PAN ID | TX Offset | Update 
ID

Packet: ['\x03\x08', '\xd9', '\xff\xff', '\xff\xff', '\x07\x88', 'I', [], '']
Packet: ['\x03\x08', '\xec', '\xff\xff', '\xff\xff', '\x07\xdf', '\x9a', [], '']
^C2 packets captured

===================================
What version of the product are you using?

KillerBee beta (from SVN checkout) Revision # 92

On what operating system?

Linux kubuntu_rules 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

With what Python version? (python -V)

Python 2.7.5+

Is scapy-com installed?

Yes, yes it is

Please provide any additional information below.

What steps will reproduce the problem?
Hello, I'm attempting to run KillerBee on Kali Linux but get an error when I 
run zbstumbler.  I'm using Atmel RZUSBSTICKs.

xyz@kaliLinux:~$ sudo zbstumbler
Traceback (most recent call last):
  File "/usr/bin/zbstumbler", line 154, in <module>
    kb = KillerBee(device=arg_devstring)
  File "/usr/lib/pymodules/python2.7/killerbee/__init__.py", line 148, in __init__
    self.__handle_open()
  File "/usr/lib/pymodules/python2.7/killerbee/__init__.py", line 449, in __handle_open
    raise Exception("Unable to open device.  Ensure the device is free and plugged-in.")
Exception: Unable to open device.  Ensure the device is free and plugged-in.

It's like the OS doesn't see the Raven.  With that in mind I did a dmesg and 
the OS can see the device connected. 

[ 1736.578368] usb 2-1.4: USB disconnect, device number 7
[ 1811.399225] usb 2-1.2: USB disconnect, device number 8
[ 1813.383250] usb 2-1.2: new full-speed USB device number 9 using ehci_hcd
[ 1813.478021] usb 2-1.2: New USB device found, idVendor=03eb, idProduct=210a
[ 1813.478028] usb 2-1.2: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
[ 1813.478033] usb 2-1.2: Product: KILLERB001
[ 1813.478038] usb 2-1.2: Manufacturer: ATMEL
[ 1813.478042] usb 2-1.2: SerialNumber: 0004251CA001

Any advice or thoughts on what I might have done wrong?

What is the expected output? What do you see instead?


What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[ ] KillerBee beta (from SVN checkout) Revision # ___
[X] Other: Killerbee-1.0-1kali2 (32-bit)

On what operating system?
Kali Linux

With what Python version? (python -V)
2.7
Is scapy-com installed?

Please provide any additional information below.

What steps will reproduce the problem?
1. Installed latest killerbee version on ubuntu 11.10 virtual machine on Mac OS 
X

2. Ran with default atmel firmware, and with killerbee firmware


user@machine:~/killerbee-1.0$ sudo zbdump -f 20 -w test
Traceback (most recent call last):
  File "/usr/local/bin/zbdump", line 87, in <module>
    kb.set_channel(arg_channel)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 348, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 264, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, RZ_CMD_MODE_AC])
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 222, in __usb_write
    response = self.handle.bulkRead(RZ_USB_RESPONSE_EP, 1)[0]
IndexError: tuple index out of range


It seems the bulkRead is returning an empty tuple.
Also, unrelated but is the killerbee LED supposed to be blue like the default 
firmware?

Hello all,

I'm trying to flash the killerbee firmware on two RZRAVEN sticks I recently 
purchases (hardware rev. E) using the mkii jtag programmer. Unfortunately I'm 
having some difficultly. AVR studio claims it programs successfully, however, 
when it powers back up the LED is solid red and the USB device is not 
recognized. Even lsusb does not show the device.  This issue is present for 
both of the sticks I recently purchased. However, I have an older stick (rev A) 
which programs and works fine.  Has anyone experienced anything like this with 
newer sticks? Also, is the firmware binary in svn a recent build? I have not 
attempted to build from source yet but that will likely be the next step.  
Thanks in advance!

What steps will reproduce the problem?
1. Program RZRAVEN USB stick with firmware binary from SVN using mkii jtag 
programmer.
2. Power on USB stick, LED solid red

What version of the product are you using?
KillerBee beta (from SVN checkout) Revision # 99

On what operating system? Windows 7 on Virtualbox (Ubuntu host OS).

What steps will reproduce the problem?
1. zbdump is not working with Atmel RZUSB


What is the expected output? What do you see instead?
root@ubuntu:/home/kevin/killerbee-read-only/killerbee# zbid 
Dev Product String  Serial Number
002:002 KILLERB001  CBA117FFFF25
Found 1 devices.
root@ubuntu:/home/kevin/killerbee-read-only/killerbee# zbdump -i 002:002 -f 20 
-w test.pcap
Traceback (most recent call last):
  File "/usr/local/bin/zbdump", line 94, in <module>
    kb.set_channel(arg_channel)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 235, in set_channel
    self.driver.set_channel(channel)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 328, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 244, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, RZ_CMD_MODE_AC])
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 202, in __usb_write
    response = self.handle.bulkRead(RZ_USB_RESPONSE_EP, 1)[0]
IndexError: tuple index out of range


root@bt:~/killerbee-read-only/killerbee# zbid
Dev Product String  Serial Number
002:002 KILLERB001  CBA117FFFF25
Found 1 devices.
root@bt:~/killerbee-read-only/killerbee# ./zbdump -i 002:002 -f 15 -w test.dump
bash: ./zbdump: No such file or directory
root@bt:~/killerbee-read-only/killerbee# zbdump -i 002:002 -f 15 -w test.dump
Traceback (most recent call last):
  File "/usr/local/bin/zbdump", line 94, in <module>
    kb.set_channel(arg_channel)
  File "/usr/local/lib/python2.6/dist-packages/killerbee/__init__.py", line 235, in set_channel
    self.driver.set_channel(channel)
  File "/usr/local/lib/python2.6/dist-packages/killerbee/dev_rzusbstick.py", line 328, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/local/lib/python2.6/dist-packages/killerbee/dev_rzusbstick.py", line 244, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, RZ_CMD_MODE_AC])
  File "/usr/local/lib/python2.6/dist-packages/killerbee/dev_rzusbstick.py", line 202, in __usb_write
    response = self.handle.bulkRead(RZ_USB_RESPONSE_EP, 1)[0]
IndexError: tuple index out of range


What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[ X] KillerBee beta (from SVN checkout) Revision # ___
[ ] Other:

On what operating system?  Ubuntu 12.04 & Backtrack 5R3

With what Python version? (python -V)
root@ubuntu:/home/kevin/killerbee-read-only/killerbee# python -V
Python 2.7.3

Is scapy-com installed? Not that I know of

Please provide any additional information below.

The TypeError: readline() argument is one I know of.

It is because of a Python Serial version issue, where they changed the 
definition for the function.

The error is in dev_freakduino.py, line 92 ( print "Line:", 
self.handle.readline(eol='&')). It is used for device detection of the 
Freakduino, and needs to be rewritten to just use the standard read() until it 
finds an '&' char, instead of trying to use the readline with eol keyword.

A temporary fix is that you can comment out the call to this function (or you 
can make that simple fix by adding a while loop). The comment out would be a 
few lines in __init__.py, starting at line 52 (elif 
kbutils.isfreakduino(self.dev)).

What steps will reproduce the problem?
1. Install killerbee and all dependencies (with apt-get as indicated in 
readme).  Run 'sudo zbid' which returns the expected number of devices and a 
device id of, say "002:005"

2.Install ubertooth one, an as part of the ubertooth one install process for 
dependencies, install pyusb as follows:
 wget http://sourceforge.net/projects/pyusb/files/PyUSB%201.0/1.0.0-alpha-2/pyusb-1.0.0a2.tar.gz/download -O pyusb-1.0.0a2.tar.gz
  tar xvf pyusb-1.0.0a2.tar.gz
  cd pyusb-1.0.0a2
  sudo python setup.py install
3. Scream, as zbid now still detects devices, but returns their ID as ":" (no 
numbers)

What is the expected output? What do you see instead?
nstead of the output from zbid indicating device number, no device numbers are 
present.

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[X] KillerBee beta (from SVN checkout) Revision # 50_
[ ] Other:

On what operating system? Ubuntu 12.04

With what Python version? (python -V) 2.7.3

Is scapy-com installed? no

Please provide any additional information below.

Using zbsend it is possible to transmit a single packet.  Subsequent packet 
transmission returns a USB timeout error.

What steps will reproduce the problem?
$ sudo zbscapy
>>> p = Dot15d4()
>>> kbsendp(p) # OK
>>> kbsendp(p) # NOT OK


What is the expected output? What do you see instead?
>>> mypkt
<Dot15d4  fcf_frametype=Command |<Dot15d4Cmd  cmd_id=AssocReq |>>
>>> kbsendp(mypkt)
.
Sent 1 packets.
>>> kbsendp(mypkt)
DEBUG: Received operation timed out error ...attempting to continue.
Exception usb.core.USBError: USBError(19, 'No such device (it may have been 
disconnected)') in <bound method Device.__del__ of <usb.core.Device object at 
0xa4400ac>> ignored
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/killerbee/scapy_extensions.py", line 119, in kbsendp
    kb.set_channel(channel)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 249, in set_channel
    self.driver.set_channel(channel)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 375, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 291, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, mode])
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 276, in __usb_write
    if response != RZ_RESP_SUCCESS:
UnboundLocalError: local variable 'response' referenced before assignment
>>> 

What steps will reproduce the problem?
1. Apply zbreplay

What is the expected output? What do you see instead?
The firmware of the RZUSBStick adds an additional FCS field despite the fact 
that a pcap file already includes the FCS field. Therefore the injected packet 
has two FCS fields

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[X] KillerBee beta (from SVN checkout) Revision # 99
[ ] Other:

On what operating system?
Ubuntu 14.04

With what Python version? (python -V)
2.7.6

Is scapy-com installed?
yes

Please provide any additional information below.
The last two bytes (FCS) of packets read by PcapReader should be removed before 
the packets will be injected.

This is not a bug, I've created a patch to support integration of killerbee 
into Scapy via an extension (tools/zbscapy) and a couple of other features.  
The patch is for an older version of killerbee. If this patch seems useful, I 
would not mind doing the work to merge it with the current version and resubmit 
it.

Thanks.

Need to add documentation parameters to the functions in the code, and 
regenerate documentation.

{{{
epydoc --html -o doc/ -v --name KillerBee --url 
"http://code.google.com/p/killerbee/" killerbee/
}}}

What steps will reproduce the problem?
1. Connecting an api-mote base
2. Best reproduced with a TelosB/Tmote also connected
3. Run 'sudo zbid'

What is the expected output? What do you see instead?
$ lsusb
...
Bus 005 Device 020: ID 0403:6001 Future Technology Devices International, Ltd 
FT232 USB-Serial (UART) IC
Bus 005 Device 025: ID 0403:6015 Future Technology Devices International, Ltd 
Bus 006 Device 002: ID 03eb:210a Atmel Corp. 

Sometimes it works correctly:
$ sudo zbid
Dev Product String  Serial Number
006:002 KILLERB001  A60400A01C25
/dev/ttyUSB1    GoodFET Api-Mote    
/dev/ttyUSB0    GoodFET TelosB/Tmote    
Found 3 devices.

However, the issue is that about 50% of the time, we don't get apimote 
detection:
$ sudo zbid
Dev Product String  Serial Number
006:002 KILLERB001  A60400A01C25
/dev/ttyUSB0    GoodFET TelosB/Tmote    
Found 2 devices.

What steps will reproduce the problem?
1. Call pnext from a RZUSBSTICK KillerBee instance.
2. Running on Ubuntu 12.04 LTS.

What is the expected output? What do you see instead?
The goal is to sniff for packets. Instead...

$ sudo ./listen.py -f 15
listen: listening on '002:018'
Traceback (most recent call last):
  File "./listen.py", line 84, in <module>
    packet = kb.pnext()
  File "/usr/local/lib/python2.7/dist-packages/killerbee/__init__.py", line 256, in pnext
    return self.driver.pnext(timeout)
  File "/usr/local/lib/python2.7/dist-packages/killerbee/dev_rzusbstick.py", line 392, in pnext
    raise e
usb.USBError: Connection timed out

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[X] KillerBee beta (from SVN checkout) Revision # 36
[ ] Other:

On what operating system?
The timeout occurs only on Ubuntu 12.04 LTS. It does not occur on Mint 12.

With what Python version? (python -V)
2.7.3

Is scapy-com installed?
yes

On OSX Lion, I got to the point where python and other required modules were 
installed through macports.  Upon execution of zbid, I received the following 
error:

Traceback (most recent call last):
  File "./tools/zbid", line 2, in <module>
    from killerbee import kbutils
  File "/opt/local/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/site-packages/killerbee/__init__.py", line 2, in <module>
    import serial
ImportError: No module named serial

After doing a "sudo port install py26-serial" zbid works perfectly.  Based on 
this, I suggest putting this module as a prerequisite within setup.py.

What steps will reproduce the problem?

Running zbscapy on a system without scapy-com will produce errors when trying 
to parse Dot15d4 layers of the ZigBee packets. 

=======================================
cutaway> zbscapy
In [1]: cap = kbrdpcap('/tmp/zb_test.pcap')
WARNING: PcapReader: unknown LL type [195]/[0xc3]. Using Raw packets
AttributeError  Traceback
---> cap = kbrdpcap('/tmp/zb_test.pcap')
/usr/local/lib/python2.7/dist-packages/killerbee-2.5.0-py2.7-linux-x86_64.egg/ki
llerbee/scapy_extensions.py
in kbrdpcap(filename, count, skip, nofcs)
   229    continue
   230  if nofcs: packet = Dot15d4(packet[1])
>>>231  else: packet = Dot15d4FCS(packet[1])
   224  lst.append(packet)
AttributeError: global name 'Dot15d4FCS' is not defined

In [2]:
=======================================

Therefore, scapy-com is a requirement to use scapy-extensions.py and should be 
listed as such. This could be tested using the following (which might require 
the loading of the sys module as well) after all of the imports:

=======================================
try:
    scapy.layers.dot15d4
except:
    print "Scapy-com required to use scapy-extensions.py"
    print "Scapy-com can be found at http://bb.secdev.org/scapy-com"
    sys.exit()
=======================================

What is the expected output? What do you see instead?

Packets should parse properly without error.

What version of the product are you using?

KillerBee beta (from SVN checkout) Revision # 93

On what operating system?

Linux kubuntu_rules 3.11.0-26-generic #45-Ubuntu SMP Tue Jul 15 04:02:06 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

With what Python version? (python -V)

Python 2.7.5+

Is scapy-com installed?

No, not on this system

Please provide any additional information below.

Just checked out the code from svn today (12 Feb 2011). I'm getting the 
following error message on a Ubuntu 10.4 All the dependencies are up-to-date as 
of 12 Feb 2011.  I also have a simple fix below.

$ zbdump  -f 20 -w out.dump

Traceback (most recent call last):
  File "/usr/local/bin/zbdump", line 87, in <module>
    kb.set_channel(arg_channel)
  File "/usr/local/lib/python2.6/dist-packages/killerbee/__init__.py", line 345, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/local/lib/python2.6/dist-packages/killerbee/__init__.py", line 261, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, RZ_CMD_MODE_AC])
  File "/usr/local/lib/python2.6/dist-packages/killerbee/__init__.py", line 224, in __usb_write
    if response != RZ_RESP_SUCCESS:
UnboundLocalError: local variable 'response' referenced before assignment


Cause: it seems that 'response' is not defined when it is used at line 224 of 
file killerbee/__init__.py. This is because of the bogus 'No error' exception ( 
http://bugs.debian.org/476796 )

Solution: if a 'No error' exception is thrown, assume response is 
RZ_RESP_SUCCESS. Add the following two lines in killerbee/__init__.py at line 
222:

else:
  response = RZ_RESP_SUCCESS # assume success on 'No error' exception

What steps will reproduce the problem?
1. Install prerequisites, install from KB source, plug in RZUSBSTICK
2. Run "sudo zbid", returns "007:002 RZUSBSTICK 00DEADBEEF00"
3.Run "sudo zbdump -c 25 -w test.pcap", returns a USB timeout

What is the expected output? What do you see instead?
Not sure what to expect, it's never ran successfully, but here is what I get:

---
Traceback (most recent call last):
  File "/usr/local/bin/zbdump", line 5, in <module>
    pkg_resources.run_script('killerbee==2.5.0', 'zbdump')
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 528, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1401, in run_script
    exec(script_code, namespace, namespace)
  File "/usr/local/lib/python2.7/dist-packages/killerbee-2.5.0-py2.7-linux-x86_64.egg/EGG-INFO/scripts/zbdump", line 71, in <module>

  File "build/bdist.linux-x86_64/egg/killerbee/__init__.py", line 249, in set_channel
  File "build/bdist.linux-x86_64/egg/killerbee/dev_rzusbstick.py", line 383, in set_channel
  File "build/bdist.linux-x86_64/egg/killerbee/dev_rzusbstick.py", line 299, in _set_mode
  File "build/bdist.linux-x86_64/egg/killerbee/dev_rzusbstick.py", line 263, in __usb_write
usb.USBError: Connection timed out

---

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[X] KillerBee beta (from SVN checkout) Revision # ? (used the latest version as 
of 2014-11-09 via svn using the command line listed in the "Source" web page)
[ ] Other:

On what operating system?
Ubuntu 14.04 LTS, 64 bit
With what Python version? (python -V)
2.7.6

Is scapy-com installed?
Yes

Please provide any additional information below.
Tried this on two different systems, the 2nd being a "clean" install on a fresh 
machine.  Have tried using different versions of pyusb, error messages are 
slightly different but the end result is the smae (it's not working).

What steps will reproduce the problem?
0. Import a pcap: data = kbrdpcap(file.pcap)
1. Select a packet and print packet: str(data[76]).encode('hex')
2. Decrypt packet: print kbdecrypt(data[76],'nwk_key'.decode('hex'))
3. Print packet again and note difference in last two bytes: 
str(data[76]).encode('hex')

What is the expected output? What do you see instead?

Packet should be exactly the same. Instead I see the following:

----------------------------

In [1]: inf = 'iris_gateway_pair_doorsensor_20141103.pcap'

In [2]: data = kbrdpcap(inf)
WARNING: FCS on this packet is invalid or is not present in provided bytes.
WARNING: FCS on this packet is invalid or is not present in provided bytes.
WARNING: more FCS on this packet is invalid or is not present in provided bytes.

In [3]: data[76]
Out[3]: <Dot15d4FCS  fcf_reserved_1=0 fcf_panidcompress=True fcf_ackreq=True 
fcf_pending=False fcf_security=False fcf_frametype=Data fcf_srcaddrmode=Short 
fcf_framever=0 fcf_destaddrmode=Short fcf_reserved_2=0 seqnum=35 |<Dot15d4Data  
dest_panid=0x588a dest_addr=0x0 src_addr=0x333 |<ZigbeeNWK  discover_route=0 
proto_version=2 frametype=data flags=security destination=0xfffd source=0x0333 
radius=30 seqnum=248 |<ZigbeeSecurityHeader  reserved1= extended_nonce=1 
key_type=network_key nwk_seclevel=None fc=0x02 source=00:0d:6f:00:02:54:84:0a 
key_seqnum=1 
data='\xb1\xd5ZK\xebd\x13\xd7\xc6\xbf\xa8\x0c\xb6\r\xd4\x06MA{\x05\x14' |>>>>

In [4]: str(data[76]).encode('hex')
Out[4]: 
'6188238a58000033030802fdff33031ef828020000000a845402006f0d0001b1d55a4beb6413d7c
6bfa80cb60dd4064d417b0514cead'

In [5]: print kbdecrypt(data[76],nwk_key.decode('hex'))
ͺd�0    %�����a� �S

In [6]: str(data[76]).encode('hex')
Out[6]: 
'6188238a58000033030802fdff33031ef828020000000a845402006f0d0001b1d55a4beb6413d7c
6bfa80cb60dd4064d417b05141394'

----------------------------

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[x] KillerBee beta (from SVN checkout) Revision # 95
[ ] Other:

On what operating system?

Kubuntu (duh!!)

With what Python version? (python -V)

Python 2.7.5+

Is scapy-com installed?

Yes (of course)

Please provide any additional information below.

The solution is to edit the kbencrypt function and add the following before the 
"pkt.nwk_seclevel=5" line (included for reference).

    # This function destroys the packet, therefore work on a copy - @cutaway
    pkt = pkt.copy()
    pkt.nwk_seclevel=5

Also, I'm not sure what this is doing. So, please comment the line with 
"pkt.nwk_seclevel=5" so we know why this is being done.

What steps will reproduce the problem?
1. run zbstumbler against certain products which may use hardware or low-level 
802.15.4 beacon response implementations
2. short physical distances to test device seem to raise this issue
3. pcap from zbdump of zbstumbler session will show the real beacon responses, 
but these are not caught by zbstumbler fast enough

What is the expected output? What do you see instead?
zbstumbler sometimes does not report the discovered network even when a beacon 
responses was elicited.

This could be addressed in two ways:
1. push a function to the firmware to send a given frame and receive the next 
frame and return it (also should measure time delta)
2. make a version of zbstumbler that uses two devices, one to send and another 
to listen for the beacon responses -- they need to follow eachother across 
channels when receiving/transmitting.

What steps will reproduce the problem?
Hi I am using TelosB (TPR2420CA) usb stick, and I want to install killerbee 
firmware on it. I have been trying many user guides, but none of them worked. I 
installed killerbee on my OS. Also,I installed tinyos on both the usb and the 
OS, but when I try to use killerbee tools such as zbid, zbdump. it gives me an 
error. For Example, for zbid:

acl@acl-laptop:~$ zbid
Traceback (most recent call last):
  File "/usr/local/bin/zbid", line 11, in <module>
    show_dev()
  File "/usr/local/bin/zbid", line 5, in show_dev
    kb = KillerBee()
NameError: global name 'KillerBee' is not defined

Tinyos can see the usb, but for some reason killerbee cannot. I am afraid that 
I installed it wrongly, so please if anybody can give me a full user guide 
about the installation.


What is the expected output? What do you see instead?


What version of the product are you using?
[ yes] KillerBee 1.0 (from TAR file)
[ ] KillerBee beta (from SVN checkout) Revision # ___
[ ] Other:

On what operating system?
linux 10.04
With what Python version? (python -V)

Is scapy-com installed?

Please provide any additional information below.

Greetings,

Where can I DL the KB FW source?

Thanks,
Komp

pkt = pkt.copy()   #this is hack to fix the below line
pkt.nwk_seclevel=5 #the issue appears to be when this is set

#mic = struct.unpack(">I", f['mic'])
mic = pkt.mic

def util_mic_len(pkt):
    ''' Calculate the length of the attribute value field '''
    if ( pkt.nwk_seclevel == 0 ): # no encryption, no mic
        return 0
    elif ( pkt.nwk_seclevel == 1 ): # MIC-32
        return 4
    elif ( pkt.nwk_seclevel == 2 ): # MIC-64
        return 8
    elif ( pkt.nwk_seclevel == 3 ): # MIC-128
        return 16
    elif ( pkt.nwk_seclevel == 4 ): # ENC
        return 0
    elif ( pkt.nwk_seclevel == 5 ): # ENC-MIC-32
        return 4
    elif ( pkt.nwk_seclevel == 6 ): # ENC-MIC-64
        return 8
    elif ( pkt.nwk_seclevel == 7 ): # ENC-MIC-128
        return 16
    else:
        return 0

Items like refrssi, etc should be defined per-board/interface and pulled into 
these tools.

What steps will reproduce the problem?
1. Calling function pnext() of file dev_rzusbstick.py
2. Receiving more than 100 byte

What is the expected output? What do you see instead?
Only 100 byte of a packet (> 100 byte) are received

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[X] KillerBee beta (from SVN checkout) Revision # 99
[ ] Other:

On what operating system?
Ubuntu 14.04

With what Python version? (python -V)
2.7.6

Is scapy-com installed?
yes

Please provide any additional information below.
In line 445 in the source file dev_rzusbstick.py the reading command of pyUSB 
is called as folows (here: timeout = 100):

pdata = self.handle.bulkRead(RZ_USB_PACKET_EP, timeout)

The function definition of bulkRead() is defined at 
(https://github.com/walac/pyusb/blob/master/usb/legacy.py):

bulkRead(self, endpoint, size, timeout = 100):

Because of the default value for the timeout argument the call of bulkRead() in 
dev_rzusbstick.py is

bulkRead(RZ_USB_PACKET_EP, 100, 100)

So, the maximum buffer is 100 byte

While trying to update killerbee to the latest SVN version I had troubles 
having it work under my system.

Here is the patch I made to the setup.py file:

----8<------
Index: setup.py
===================================================================
--- setup.py    (révision 86)
+++ setup.py    (copie de travail)
@@ -1,7 +1,7 @@
 #NOTE: See the README file for a list of dependencies to install.

 try:
-    from setuptools import setup
+    from setuptools import setup, Extension
 except ImportError:
     print("No setuptools found, attempting to use distutils instead.")
     from distutils.core import setup, Extension
@@ -71,7 +71,7 @@
                    'tools/zbconvert', 'tools/zbdsniff', 'tools/zbstumbler', 'tools/zbassocflood', 
                    'tools/zbfind', 'tools/zbscapy', 'tools/zbwireshark', 'tools/zbkey', 
                     'tools/zbwardrive', 'tools/zbopenear'],
-        install_requires=['serial', 'usb', 'crypto'],
+        install_requires=['pyserial', 'pyusb', 'crypto'],
         ext_modules = [ zigbee_crypt ],
         )
----8<------

What version of the product are you using?
[ ] KillerBee 1.0 (from TAR file)
[x] KillerBee beta (from SVN checkout) Revision # ___
[ ] Other:

On what operating system?
Ubuntu 13.10 (64 bits)

With what Python version? (python -V)
Python 2.7.5+

Is scapy-com installed?
Yes

Please provide any additional information below.

Consider adding support to capture to a PCAP (zbdump) or to wireshark 
(zbwireshark) with ZEP encapsulation of packets? Need to review format more, 
figure out implementation, etc. Does not appear to have good GeoTag support 
like PPI. Maybe make a ZEP like plugin for PPI?

http://www.wireshark.org/docs/dfref/z/zep.html

Feedback from users?

For which tools is the KillerBee firmware required? And for which can I use the 
RZUSB firmware? 
The only tool that is working with the original firmware is zbid. zbfind and 
zbdump fail. zbfind fails when assigning the channel number and zbdump fails as 
reported in issue 1, which seems also to be related to setting the channel.

According to the slides passive operations should work with the original 
firmware: "Default RZUSB firmware accommodates 802.15.4 sniffing, End Device, 
PAN Coordinator"

Thanks,
Markus

           Dev Product String       Serial Number
Traceback (most recent call last):
  File "zbid", line 23, in <module>
    show_dev(gps=arg_gpsdev, include=args.include)
  File "build/bdist.linux-armv7l/egg/killerbee/__init__.py", line 45, in show_dev
  File "build/bdist.linux-armv7l/egg/killerbee/kbutils.py", line 223, in devlist
  File "build/bdist.linux-armv7l/egg/killerbee/kbutils.py", line 289, in isgoodfetccspi
AttributeError: 'module' object has no attribute 'serialutil'

What steps will reproduce the problem?
1. wrote the firmware to RZUSBSTICK
2. tried to execute zbstumbler but I get "tuple index out of range" error

What is the expected output? What do you see instead?

Listing the available devices with zbid works just fine - 
Dev Product String  Serial Number
002:007 KILLERB001  0004251CA000

When I execute zbstumbler I get this - 

zbstumbler: Transmitting and receiving on interface '002:007'
ERROR: Failed to set channel to 11
tuple index out of range


When I try a different channel I get this - 

zbstumbler: Transmitting and receiving on interface '002:007'
Traceback (most recent call last):
  File "/usr/local/bin/zbstumbler", line 163, in <module>
    kb.set_channel(channel)
  File "/usr/lib/python2.6/dist-packages/killerbee/__init__.py", line 345, in set_channel
    self._set_mode(RZ_CMD_MODE_AC)
  File "/usr/lib/python2.6/dist-packages/killerbee/__init__.py", line 261, in _set_mode
    self.__usb_write(RZ_USB_COMMAND_EP, [RZ_CMD_SET_MODE, RZ_CMD_MODE_AC])
  File "/usr/lib/python2.6/dist-packages/killerbee/__init__.py", line 219, in __usb_write
    response = self.handle.bulkRead(RZ_USB_RESPONSE_EP, 1)[0]
IndexError: tuple index out of range


What version of the product are you using? On what operating system?

I am using the firmware provided in the tar file

Please provide any additional information below.

A similar requested was posted in December but I did not see a resolution. As I 
mentioned I installed the new killberbee firmware from the tar file on a 
RZUSBSTICK and when I run zbstumbler I get the error"tuple index out of range". 

I am working under backtrack 5.0. Also, like Nick, I am curious to know if the 
LED is suppose to be blue or amber/yellow? I've written the firmware to 4 
sticks and none of them light up the blue led. According to the ATMEL docs 
amber/yellow indicates buffer overflow in either the zigbee coordinator more or 
Aircapture mode. 

Also, is stick suppose to show up as an available network device for use with 
wireshark? If so, its not showing up as such. It does show up as usb0 if I 
write the 6lowpan firmware to it though; so I know the stick is working and the 
header is soldered on correctly.

What steps will reproduce the problem?
1._Within killerbee/firmware, run:_
 * ./goodfet.bsl --telosb -e -p gf-telosb-001.hex
2.
3.

What is the expected output? What do you see instead?
IOError: [Errno 2] No such file or directory: 'gf-telosb-001.hex'

What version of the product are you using?
[x ] KillerBee 1.0 (from TAR file)
[ ] KillerBee beta (from SVN checkout) Revision # ___
[ ] Other:

On what operating system?
ubuntu 12.04
With what Python version? (python -V)
2.7
Is scapy-com installed?
no
Please provide any additional information below.
Actually i am new to killerbee, and i am trying to use it with telosb on ubuntu 
12.04, but i failed. I will be very glad if someone can provide me with a 
complete guide for installing killerbee and goodfet because right now i am just 
grabbing couple of software and install them, and i do not know if they are the 
correct ones.