Node Discovery with AES enabled


I have an application which requires a high amount of data security. Because of this I have enabled the AES encryption and flashed a key into each Xbee that will be in my network. Everything is running fine with all communication being correctly encrypted. I started doing some “malicious” testing by means of putting an Xbee on the network with all the same network credentials (PAN, channel). However, I flashed a different AES key to this “bad” Xbee. As expected the “bad” Xbee is unable to communicate with the network, even if I specifically send a packet to a known 64-bit addressed Xbee on the network. The data the “good” xbee receives is garbage because it have been encrypted via the "bad Xbees AES key, and is silently discarded.
So finally the the reason of the post… When I do a node discovery command from the “bad” Xbee I sometimes get a weird response. Most often I get the API packet, with the API ID of 0x88(AT Command Responce) with a 0x00 as the status byte, which signifies “No Nodes Found”. However, occasionally I will receive another packet. This packet will be an API ID of 0x80 (RX Packet 64 ADDR). It will contain the source address of the “good” Xbee and the RF data will be a single byte which appears to be encrypted(changes everytime).

Has anyone else seen something like this before?