manualshive.com logo in svg

Sunricher SR-SBP2801-BLE-E, Instructions Manual

The Sunricher SR-SBP2801-BLE-E user manual is available for free download from manualshive.com. This manual provides detailed instructions on how to use and set up the product, ensuring a seamless experience for all users. Get your manual today and unlock the full potential of your Sunricher device.

Share
Download
background image

C.2 Algorithm execution sequence

The algorithm uses the variable internal parameters A_0, B_0, B_1 together with the private key to generate 
the authentication vector T_0 using three AES-128 and two XOR operations. The algorithm execution 
sequence is shown in Figure 45 below. The first four bytes of T_0 are then used to authenticate SR-SBP2801-
BLE-E telegrams.

Figure 45 – Authentication algorithm sequence

C.3 Examples

The following four chapters give step by step examples based on one actual device and 0 /1 / 2 or 4 byte of 
optional data.

C.3.1 Data telegram without optional data

For this example, we consider the following telegram payload received from a SR-SBP2801-BLE-E
with the source address E2801000019B8 and security key 3DDA31AD44767AE3CE56DCE2B3CE2ABB:
0C FF DA 03 5D 04 00 00 11 B2 FA 88 FF

The last four bytes of this payload (B2 FA 88 FF) are the sender-provided signature which has to be 
authenticated (compared against the signature the receiver calculates based on its own security key).
The variable input parameters are therefore the following:

Parameter

Source Address

Input Data

Input Length

Sequence Counter

Security Key

In this example

B819000015E2 (little endian representation of E2801000019B8)

0CFFDA035D04000011

0x0009

5D040000

3DDA31AD44767AE3CE56DCE2B3CE2ABB

The constant internal parameters are always the same:

Parameter

A0_Flag

B0_Flag

i

In this example

0x01 (always)

0x49 (always)

0x0000 (always)

Based on variable input data and constant internal algorithm parameters, we can now derive the following 
variable internal parameters:

Parameter

Nonce

A0

B0

B1

In this example

B819000015E25D040000000000

01B819000015E25D0400000000000000

49B819000015E25D0400000000000000

00090CFFDA035D040000110000000000

We can now calculate the signature using AES128 and XOR operations.

At the time of writing, a suitable online AES calculator could be found here:
http://testprotect.com/appendix/AEScalc

Likewise, a suitable XOR calculator could be found here:
http://xor.pw/?

The execution sequence would then be as follows:

X_1 = AES128(B0, Key)
X_1 = AES128(49B819000015E25D0400000000000000, 3DDA31AD44767AE3CE56DCE2B3CE2ABB) X_1 = 
41ef09792ae152ae52c671435c1f247d

X_1A = XOR(X_1, B_1)
X_1A = XOR(41ef09792ae152ae52c671435c1f247d, 00090CFFDA035D040000110000000000) X_1A = 
41e60586f0e20faa52c660435c1f247d

X_2 = AES128(X1A, Key)
X_2 = AES128(41e60586f0e20faa52c660435c1f247d, 3DDA31AD44767AE3CE56DCE2B3CE2ABB)
X_2 = 8d89e733da516ae3e08f9e30184909fc

S_0 = AES128(A0, Key)
S_0 = AES128(01B819000015E25D0400000000000000, 3DDA31AD44767AE3CE56DCE2B3CE2ABB)
S_0 = 3f736fcc8bcaf2d4aabca0260fab7976

T_0 = XOR(X_2, S_0)
T_0 = XOR(8d89e733da516ae3e08f9e30184909fc, 3f736fcc8bcaf2d4aabca0260fab7976) T_0 = 
b2fa88ff519b98374a333e1617e2708a

The calculated signature is formed by the first four bytes of T_0, i.e. it is B2 FA 88 FF.

The calculated signature matches the signature that was transmitted as part of the payload. This proves that 
the telegram originates from a sender that possesses the same security key and the telegram content has not 
been modified.

C.3.2 Data telegram with 1 byte optional data

For this example, we consider the following telegram payload received from a SR-SBP2801-BLE-E
with the source address E2801000019B8 and security key 3DDA31AD44767AE3CE56DCE2B3CE2ABB:

0D FF DA 03 62 04 00 00 10 12 B9 FE AC C1

The last four bytes of this payload (B9 FE AC C1) are the sender-provided signature which has to be 
authenticated. The variable input parameters are therefore the following:

Parameter

Source Address

Input Data

Input Length

Sequence Counter

Security Key

In this example

B819000015E2 (little endian representation of E2801000019B8)

0DFFDA03620400001012

0x000A

62040000

3DDA31AD44767AE3CE56DCE2B3CE2ABB

Based on variable input data and constant internal algorithm parameters, we can now de- rive the following 
variable internal parameters:

Parameter

Nonce

A0

B0

B1

In this example

B819000015E262040000000000

01B819000015E2620400000000000000

49B819000015E2620400000000000000

000A0DFFDA0362040000101200000000

The execution sequence would then be as follows:

X_1 = AES128(B0, Key)

Summary of Contents for SR-SBP2801-BLE-E

Page 1: ...Wall Switches and US style rocker pads 1 2 Technical data Dimensions Weight Security Power Supply Button Inputs Communication Range guidance only Max transmit power measured Antenna Communication Sta...

Page 2: ...o channels Channel A and Channel B each containing two button contacts State O and State I The state of all four button contacts pressed or not pressed is transmitted together with a unique device ide...

Page 3: ...he two channel radio transmission sequence removes transmission on the third radio channel selected by TX_CHANNEL3 and instead repeats the transmission once more four times in total The SR SBP2801 BLE...

Page 4: ...key as identity resolution key This key can be modified if needed via the NFC configuration interface as described in chapter 6 7 5 For each data telegram transmitted by SR SBP2801 BLE E i e for every...

Page 5: ...lease Action then this is indicated by the according status bit set to 1 Note that all contacts that were pressed during Press Action will be released during Release Action The case of continuing to h...

Page 6: ...key as part of the NFC based commissioning process To do so follow the procedure outlined in chapter 6 7 5 For additional security NFC read out of the new security key can be disabled by setting the P...

Page 7: ...ssioning mode Button_X is pressed or released again 5 3 3 Exit from commissioning mode Pressing any key except the button used for entry into commissioning mode Button_X will cause SR SBP2801 BLE E to...

Page 8: ...e Any other data received by the NFC tag while in IDLE state is discarded and the NFC tag will remain in IDLE state 6 2 3 READY 1 state READY 1 is the first UID resolving state where the NFC tag resol...

Page 9: ...ID of such tag This should always be used as first operation ahead of any read write authenticate actions Example SearchTag 32 2 NTAG_PwdAuth 32 bit password as hex bytes 16 bit password_ack as hex b...

Page 10: ...FC Data SR SBP2801 BLE E reserves 64 byte for customer specific NFC data see chapter 6 7 11 specific security measures are used to restrict read access to this data The following items are located in...

Page 11: ...and release the button of SR SBP2801 BLE E SR SBP2801 BLE E will determine that it should modify the security key based on the setting of the Update Security Key flag and copy the value of the Securit...

Page 12: ...ngs 6 7 9 2 Interval selection Starting with version DC 06 it is possible to reduce the transmission interval from the default setting of 20 ms to 10 ms by setting bit 3 of the Variant register Settin...

Page 13: ...product label encodes key product parameter according to the ANSI MH10 8 2 2013 industry standard The QR code shown in Figure 32 above encodes the following string 30SE280101500100 Z0123456789ABCDEF0...

Page 14: ...estricting transmission range include Switch mounting on metal surfaces up to 30 loss of transmission range Hollow lightweight walls filled with insulating wool on metal foil False ceilings with panel...

Page 15: ...advertising intervals then the scan interval has to be less than the time between the end of the first advertising event and the begin of the third advertising event 2 10 ms 20 ms minus 0 5 ms telegra...

Page 16: ...ules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause...

Page 17: ...essage shown above can be parsed into the following components keep in mind the little endian byte order BLE Access Address 4 byte 0x8E89BED6 BLE Frame Control 2 byte 0x2442 Size of source address pay...

Page 18: ...rameter Comment Description Example Length Field Size Size in bytes of the field used to encode the input length 2 always minimum permissible size Desired size in byte of the signa ture generated by t...

Page 19: ...for a description of the commission telegram structure The location of the security key is for reference highlighted above This means that the security key of this red device is 3DDA31AD44767AE3CE56D...

Page 20: ...table XOR calculator could be found here http xor pw The execution sequence would then be as follows X_1 AES128 B0 Key X_1 AES128 49B819000015E25D0400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1...

Page 21: ...15E2630400000000000000 3DDA31AD44767AE3CE56DCE2B3CE2ABB X_1 ab5ec24beabc9ddeeb73751c7734cc64 X_1A XOR X_1 B_1 X_1A XOR ab5ec24beabc9ddeeb73751c7734cc64 000B0EFFDA0363040000111234000000 X_1A ab55ccb430...

Reviews:

No comments

Related manuals for SR-SBP2801-BLE-E

Pari Trio Instructions For Use Manual preview
Trio
Brand: Pari Pages: 12
laerdal SimPad PLUS Wi-Fi Setup preview
SimPad PLUS
Brand: laerdal Pages: 2
laerdal SimPad PLUS Important Product Information preview
SimPad PLUS
Brand: laerdal Pages: 104
laerdal SimPad User Manual preview
SimPad
Brand: laerdal Pages: 33
laguna POWER CLEAN Operation And Maintenance Manual preview
POWER CLEAN
Brand: laguna Pages: 16
Lafayette LL-15 User Manual preview
LL-15
Brand: Lafayette Pages: 2
Malekko QUAD ENVELOPE Quick Start Manual preview
QUAD ENVELOPE
Brand: Malekko Pages: 2
Major MJ2000 Operator'S Manual preview
MJ2000
Brand: Major Pages: 26
MÄDLER FS Mounting And Operating Instructions preview
FS
Brand: MÄDLER Pages: 4
JBM 52489 Instruction Manual preview
52489
Brand: JBM Pages: 12
Daekyung DTR-300N Operation Manual preview
DTR-300N
Brand: Daekyung Pages: 15
Wacker Neuson RS 800A Operator'S Manual preview
RS 800A
Brand: Wacker Neuson Pages: 42
KERR 815-1655 Instructions For Use Manual preview
815-1655
Brand: KERR Pages: 32
ultraMEDIC ultraBRIDLES Operating Manual preview
ultraBRIDLES
Brand: ultraMEDIC Pages: 28
Evermed xPRO User Instruction preview
xPRO
Brand: Evermed Pages: 16
Enerpac ECH-202 Instruction Sheet preview
ECH-202
Brand: Enerpac Pages: 36
Pottinger NOVACAT X8 COLL Operator'S Manual preview
NOVACAT X8 COLL
Brand: Pottinger Pages: 91
Kettler CTR 1 7858-600 Assembly Manual preview
CTR 1 7858-600
Brand: Kettler Pages: 20

Brands by name

Popular brands

Load more brands