Decrypt LoRaWan packet in C++


(Univ Smb Eset) #1

Hi all,

I am a university student, and our project is to manage a LoRaWan Gateway.
We use the single packet forwarder and a RPI3 with the Dragino GPS/Hat. At this point, we can receive the encrypted packets from our nodes (RN2483).

For example, i get the AES payload: QCUTASYAtAcB7p5Suxnuu5OKLBlbx5rcBYmUJP37ijg=
(I send ABF16545614365432654362543265432654365)
My question is how to decrypt this AES payload in C++ ?
( I try crypto++ but this seems very cryptic)

Thanks in advance,


(Arjan) #2

What you're seeing is a Base64-encoded binary message.

You're sending 19 bytes (ABF16545614365432654362543265432654365) but are receiving 32 bytes (QCUTASYAtAcB7p5Suxnuu5OKLBlbx5rcBYmUJP37ijg= as Base64, which when decoded to hexadecimal bytes is 402513012600B40701EE9E52BB19EEBB938A2C195BC79ADC05899424FDFB8A38). As the latter is much longer than you're sending, that Base64-encoded message is not the encrypted payload, but is the full LoRaWAN message.

A full LoRaWAN message is not fully encrypted; it has LoRaWAN headers that anyone can decode (and these headers tell you your example is an unconfirmed uplink from device 26011325 with frame counter 1972). Only the actual payload is encrypted (in your example that is EE9E52BB19EEBB938A2C195BC79ADC05899424, 19 bytes, matching the length of what you're sending, but then encrypted).

I guess there are C++ libraries available. But until you find one, see, e.g., https://github.com/anthonykirby/lora-packet for a JavaScript version.

(Note that when using TTN Console, and defining an application there, TTN can do all decrypting for you. But then you trust TTN with the secrets of your application.)


(Univ Smb Eset) #3

Thanks for your help!
I will try to translate the JavaScript code in C++.


(Arjan) #4

Maybe node implementations such as https://github.com/matthijskooijman/arduino-lmic help too.

(Note that nodes can only encrypt; to be able to decrypt an OTAA Join Accept message, the server actually reverses the encryption when creating a message for the node, so the node can use its AES encryption algorithm to decrypt that message.)


(Gsethi2409) #5

@arjanvanb, is there a way to get raw data (the exact string we're sending) from a payload like:

402513012600B40701EE9E52BB19EEBB938A2C195BC79ADC05899424FDFB8A38

that logs onto the gateway?


(Arjan) #6

You can only see the payload contents when you know the secrets.

The online LoRaWAN packet decoder will only show the public parts (it also accepts Hex). As this does not know the secret keys, that online version can only show the public data. But the great library from https://github.com/anthonykirby/lora-packet can also validate the MIC and decode the payload if you provide the secrets.

(The online version was working a minute ago, but is showing Error: Cannot find module 'lora-packet@0.6.0' right now. This has happened before and will resolve itself...)


(Kramer92) #9

Is it possible through an RPI gateway, decrypt the received message to LoRa and transmits it to the MQTT, without needing an online connection and a cloud server? Making an Offline Application


(Lobaro) #10

Based on the work of JiapengLi we made a ‘strip off’ version just for lorawan packet en/decoding. You could look inside this code to integrate it as ‘extern c’ lib into you C++ project…