Hello. I am having trouble generating a matching app session key when joining using otaa with loraserver and a 1.0.3 endpoint. I am generating the correct matching network session key but my appskey does not match what loraserver is displaying in the activation tab. I must be missing something because it appears the appskey is generated the same way as the nwkskey but with a 2 instead of 1.
I’ve taken my join request packet(devnonce) and the join accept response(appnonce, devid) packet from loraserver and put it in a python script to generate the session keys. Can anyone tell me my my nwkskey matches loraserver but my appskey does not?
appkey=bytearray(b'CD0D7B3BCB116F5B6A05E48E78CC949B')
# join accept message send from loraserver to endpoint
msg=base64.b64decode('ipxY0zD5Q33Xfh7phRmI8krzDxLU5u/fCQPL6A==')
mic=bytearray(b'cea32dc0')
data = aesEncrypt(binascii.unhexlify(appkey), msg+binascii.unhexlify(mic))
print('Plain Text join accept:',binascii.hexlify(data))
appnonce=0x0011
netid=0x000000
devnonce=36580
data = struct.pack('B', 1) + \
intPackBytes(appnonce, 3, endian='little') + \
intPackBytes(netid, 3, endian='little') + \
struct.pack('<H', devnonce) + intPackBytes(0, 7)
print('Data to encrypt for nwkskey:', binascii.hexlify(data))
cipher = AES.new(binascii.unhexlify(appkey),AES.MODE_ECB)
nwkskey = cipher.encrypt(data)
print('nwkskey',binascii.hexlify(nwkskey))
data = struct.pack('B', 2) + \
intPackBytes(appnonce, 3, endian='little') + \
intPackBytes(netid, 3, endian='little') + \
struct.pack('<H', devnonce) + intPackBytes(0, 7)
print('Data to encrypt for appskey:', binascii.hexlify(data))
cipher = AES.new(binascii.unhexlify(appkey),AES.MODE_ECB)
appskey = cipher.encrypt(data)
print('appskey',binascii.hexlify(appskey))
OUTPUT:
Plain Text join accept: b'11000000000048bd94000801ffffffffffffffffff000000000000011ff26a3d'
Data to encrypt for nwkskey: b'01110000000000e48e00000000000000'
nwkskey b'1d92cad7377a58646061c11bafd4d5bf'
Data to encrypt for appskey: b'02110000000000e48e00000000000000'
appskey b'b9af585d7d83f3349f73d66fcf54ed75'
Can someone tell me what I’m doing wrong? If the nwkskey is correct shouldn’t the appskey also be correct?
BTW here is a handy lorawan decoder:
https://lorawan-packet-decoder-0ta6puiniaut.runkit.sh/