EnOcean GmbH PTM535Z Manual De Usuario

USER MANUAL V1.0

F-710-017, V1.0

PTM 535Z User Manual | v1.0 | March 2016 | Page 38/38

PTM 535Z – 2.4 GHZ PUSHBUTTON TRANSMITTER MODULE

A.4.4 Command payload
The command payload identifies the action performed on the switch (i.e. which buttons
have been pressed). In the case of a secure data telegram, the command is located at byte

10 of the MAC payload as highlighted below:

8C 30 57 21 71 30 04 CD BB AA

84 D1 99 78

In this case it is 0x22 meaning that button A0 has been pressed. Refer to chapter Fehler!

erweisquelle konnte nicht gefunden werden. for the description of commands sup-
ported by PTM 535Z.

A.4.5 Telegram Signature

PTM 535Z secure data telegrams can be authenticated via a signature.
This signature is 4 byte long and only present if PTM 535Z operates in secure mode. It is

calculated based on the private key (unique for each device), the data payload and a 4 byte
sequence counter (which is incremented for each transmitted radio telegram).
This approach prevents unauthorized senders from sending commands. Note that the con-

tent of the telegram itself is not encrypted, i.e. the switch command is sent as plain text.
In the case of a secure data telegram, the telegram signature is located at the last 4 bytes

of the telegram payload:

8C 30 57 21 71 30 04 CD BB AA 22

84 D1 99 78

Note that the signature changes with each transmission even if the remainder of the MAC

payload remains the same.
This is due to the inclusion of the rolling code into the MIC calculation which prevents mes-
sage replay attacks (capture and reuse of a previous message).