Calculating values for CRC and missing xor key values

[plambrechtsen]

Currently with the decoded payload there is a check digit I don't know how it is calculated.
Also I am not sure what byte 3 and 5 are of the xor key for the message type and message length. Bytes 1 and 2 for the data type (01) and the sequence number are not xored but I think from byte 3 onwards it is xored.

Example Frame 1

XOR Key                                                                                     00000058006c5a71ba9633f8c7fc4eafce9ee203c3a89ee498822ba00d9bc7bde054d5dd4ab02ba61a01fa477aec124811273f59ee848b9303903b3acd74678f8305d5ef33df79d5d56e159656aff90055ae
Raw Frame including header:                       61ccd32134801f12fffee88dd9162e02c0f9d5b37001d02a58b56c4867baa633a846be4eafcfc5fbbac28d238498903da03c9b973ca254d5ddb0a992a78501fa4729f8e9
Raw Frame Decoded header:  src=70:b3:d5:f9:c0:02:2e:16 dst=d9:8d:e8:fe:ff:12:1f:80 Payload =01d02a58b56c4867baa633a846be4eafcfc5fbbac28d238498903da03c9b973ca254d5ddb0a992a78501fa4729
De-xored frame             src=70:b3:d5:f9:c0:02:2e:16 dst=d9:8d:e8:fe:ff:12:1f:80 Payload =01d02a00b50012160030005081420000015b19b90125bd60001216003100508142000000fa19b9019f000000
MQTT Message without spaces topic=surepetlocal/messages/162E02C0F9D5B370      message=6022cc65 07c0 126 12160030005081420000015b19b90125bd60001216003100508142000000fa19b9019f000000
MQTT Message topic=surepetlocal/messages/162E02C0F9D5B370                     message=6022cc65 07c0 126 12 16 00 30 00 50 81 42 00 00 01 5b 19 b9 01 25 bd 60 00 12 16 00 31 00 50 81 42 00 00 00 fa 19 b9 01 9f 00 00 00

1. CRC / Checksum = 29 (raw) or 53 (xored with 7a)
2. Message Type = 126 (MQTT) or 2A (Payload) or xx xored with yy
3. Message Length = B5 or xx xored with yy

Example Frame 2

XOR Key                                                                                     00000058006c5a71ba9633f8c7fc4eafce9ee203c3a89ee498822ba00d9bc7bde054d5dd4ab02ba61a01fa477aec124811273f59ee848b9303903b3acd74678f8305d5ef33df79d5d56e159656aff90055ae
Raw Frame including header:                       61ccd62134801f12fffee88dd9162e02c0f9d5b37001d32a58b16c7369baa433aa46be4eaecc9de606c5af9ae498801656f264c7bde0549736b54f2ba61a01fc4753ed124858f7e9
Raw Frame Decoded header:  src=70:b3:d5:f9:c0:02:2e:16 dst=d9:8d:e8:fe:ff:12:1f:80 Payload =01d32a58b16c7369baa433aa46be4eaecc9de606c5af9ae498801656f264c7bde0549736b54f2ba61a01fc4753ed124858
De-xored frame             src=70:b3:d5:f9:c0:02:2e:16 dst=d9:8d:e8:fe:ff:12:1f:80 Payload =01d32a00b10029180032005281420001020304050607040000023df6ffff0000000042ebffff00000000060029010000
MQTT Message without spaces topic=surepetlocal/messages/162E02C0F9D5B370      message=6022cc6a 07d0 126 29180032005281420001020304050607040000023df6ffff0000000042ebffff00000000060029010000
MQTT Message topic=surepetlocal/messages/162E02C0F9D5B370                     message=6022cc6a 07d0 126 29 18 00 32 00 52 81 42 00 01 02 03 04 05 06 07 04 00 00 02 3d f6 ff ff 00 00 00 00 42 eb ff ff 00 00 00 00 06 00 29 01 00 00

1. CRC / Checksum = 58 (raw) or 49 (xored with 11)
2. Message Type = 126 (MQTT) or 2A (Payload) or xx xored with yy
3. Length = B1 or xx xored with yy

[plambrechtsen]

Found #3 xor key at 0x04 for the frame length. It's 9e. And the length starts from offset 0x02 where the frame type is.

[plambrechtsen]

Xor key: docker/zigsniff/surepetpacket.xorkey