Hello,
I stumbled over this question after receiving some devices. They all had the same AppKey. I don’t think its good design to share the same root key across devices. The main reason is that if the AppKey of one device gets known, brute-forcing the AppSKey and the NwkSKey shouldn’t be to hard - at least I think.
When each device has a different AppKey, only one device at a time is likely to be successfully “decoded”.
But back to the question: Having the AppKey and a packet of the device, how hard is it to get both AppSKey & NwkSKey? AFAIK I know, there is “only” the 2 byte AppNonce, the 3 byte DevNonce and the NwkID mixed into AppSKey and NwkSKey apart from the root AppKey, right? But neither AppNonce nor DevNonce seem truly random.
Best regards
Philipp