# Zigbee Sniffing from an Apple Mac I recently installed powered window blinds that use [Somfy](https://www.somfysystems.com/en-us/discover-somfy/power-technology/zigbee) motors. Having a dislike of proprietary bridges, I figured I would connect them up to my home automation using [Zigbee2MQTT](https://www.zigbee2mqtt.io) (the subject of a subsequent post). Unfortunately, the blinds were not yet supported by Zigbee2MQTT, so I needed to manually add them. Part of this required sniffing the Zigbee packets that the blinds were sending and receiving. Getting the packet sniffing working on a Mac took some trial and error. To save others the time, this post documents how I made it work. I started with a [Sonoff Zigbee dongle](https://sonoff.tech/product/gateway-and-sensors/sonoff-zigbee-3-0-usb-dongle-plus-e/) (available from [Amazon](https://www.amazon.com/gp/product/B0B6P22YJC/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1)) Plugging it into a spare USB port on the Mac showed it was recognized, but the dongle requires a kernel extension to convert to a virtual serial device. The driver for this is availble from [WCH](https://www.wch.cn/downloads/CH34XSER_MAC_ZIP.html). Once the driver is installed the dongle should show under /dev/tty : {{< highlight bash >}} % ls -l /dev/tty.* crw-rw-rw- 1 root wheel 0x9000004 Jul 29 20:51 /dev/tty.Bluetooth-Incoming-Port crw-rw-rw- 1 root wheel 0x9000002 Aug 5 14:01 /dev/tty.usbserial-202302202015061 crw-rw-rw- 1 root wheel 0x9000000 Aug 5 14:01 /dev/tty.wchusbserial202302202015061 {{< / highlight >}} The next step is to convert the serial comms to a loopback device that Wireshark can connect to. The [ZSmartSystems](https://github.com/zsmartsystems/com.zsmartsystems.zigbee.sniffer) Java app will do this. However, if you're running an ARM Mac and use the pre-compiled JAR, you'll get an InvocationTargetException: {{< highlight bash >}} Exception in thread "main" java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) {{< / highlight >}} This is because the Java Serial Comms [library](https://github.com/java-native/jssc) package hasn't been [updated](https://github.com/processing/processing4/issues/525) in the downstream Sniffer package. The quick fix is to switch out the JAR file. Download the latest [release](https://github.com/java-native/jssc/releases) of JSSC, rename it to the version in the precompiled sniffer: {{< highlight bash >}} cp jssc-2.9.4.jar jssc-2.8.0.jar {{< / highlight >}} Then update the Sniffer Jar: {{< highlight bash >}} jar uf ZigBeeSniffer.jar jssc-2.8.0.jar {{< / highlight >}} Once you've done this, the Sniffer should start up with a command similar to: {{< highlight bash >}} %java -jar ZigBeeSniffer.jar -port "/dev/tty.wchusbserial202302202015061" -baud 115200 -flow software {{< / highlight >}} Once you've installed Wireshark, point it at the loopback device and set a filter to lower the amount of traffic WireShark is dealing with: ![Loopback Connection](loopBack.png) Now WireShark is connected, follow the [instructions](https://www.zigbee2mqtt.io/advanced/zigbee/04_sniff_zigbee_traffic.html) in on the Zigbee2MQTT site to configure the encryption keys for Zigbee in WireShark. ![Packet Capture](packetCapture.png) In the screenshot above, I'm limiting the search to comms between my coordinator ZigBee2MQTT (0x0000) and a single Somfy Blind (0x544f) Futher information on the expected payloads can be found in the Zigbee [Spec](https://zigbeealliance.org/wp-content/uploads/2019/12/07-5123-06-zigbee-cluster-library-specification.pdf). WireShark does a pretty good job of teasing the packets apart. Once this was all working, I was able to figure out what commands the Somfy's respond to. Release [15.50](https://github.com/Koenkk/zigbee-herdsman-converters/tree/v15.50.0) of Zigbee-Herdsman-Converters includes my converters for these blinds. Kudos to [Koen Kanters](https://github.com/Koenkk) for such a well maintained and updated library.