I'm working to communicate with some PIR sensors using an XStick dongle. The sensors are made to work with a 'base station' from the same company but their methods are a bit too restrictive for what I need to do.
I've been using the TI packet sniffer to look at the communications process between the sensors and base and am wondering about how the encryption of the 'NWK Payload' occurs. I've watched the whole cycle of the sensors negotiating with the base and haven't seen anything that looks like an encryption key getting passed around. Am I thinking about this the wrong way? Is the encryption something built into the devices rather than a by product of the connection negotiation?