Z-Force: Z-Wave packet interception and injection tool

Z-Force is a radio modem that can intercept and inject raw Z-Wave frames including encrypted packets to arbitrary destinations and Z-Wave Home IDs. It was developed during our research project on Z-Wave home automation systems which was presented in BlackHat 2013 USA conference. Z-Force toolkit consists of the following hardware and software componetns:

Setting up Z-Force hardware is straightforward: upload the RX and TX firmwares to receiver and transmitter CC1110 boards using Texas Instruments SmartRF flash programmer and connect them to your PC or laptop via USB to UART bridge. The following picture shows USB-UART bridge connections to CC1110 I/O pins:

connections to CC1110 I/O pins

After configuring the virtual COM port numbers associated with the receiver and transmitter boards in the GUI program, the kit is ready to intercept and send Z-Wave packets.

Z-Force GUI