DragonOS FocalX Sniff and Transmit ZigBee w/ HackRF + B205 (GNURadio, SDRAngel)

Here's a way to sniff/capture ZigBee packets w/ a hackRF + GNU Radio while viewing the packets in WireShark. DragonOS FocalX has pretty much everything you need included, with the exception of a flow graph I grabbed that adds the use of GR-RFTap. There's one thing in the video that can be done differently that I learned about after recording (Thanks viperbjk). You do not need to link the LQI to qual block directly to the RFtap Encapsulation. Instead, just open up the PDU Set that I disabled and change the Key to this pmt.to_pmt("value"). Leave the block enabled. This should then get the link quality indicator working.

I used this fork of GR-RFtap for DragonOS
https://github.com/bkerler/gr-rftap
You can read more about RFTap and the LQI block in the ZigBee example (bottom of the page)
https://rftap.github.io

Along with this updated flow graph
https://github.com/bkerler/GnuRadio-W...

SDRAngel is used later on in the video to modulate and transmit a 802.15.4 packet with a B205mini that's captured by the hackRF.
https://github.com/f4exb/sdrangel

More on GR-ieee802-15-4
https://github.com/bastibl/gr-ieee802...

If you're wondering about the Bad FCS like I was, here's an old discussion that seems to be on the topic.
https://github.com/riverloopsec/kille...

If you find this video helpful, please consider the following
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @   / cemaxecuter