Two For The Price Of One: BornHack 2024 And 2025 Badges

BornHack is a week-long summer hacker camp in a forest on the Danish island of Fyn, that consistently delivers a very pleasant experience for those prepared to make the journey. This year’s version was the tenth iteration of the camp and it finished a week ago, and having returned exhausted and dried my camping gear after a Biblical rainstorm on the last day, it’s time to take a look at the badges. In case you are surprised by the plural, indeed, this event had not one badge but two. Last year’s badge suffered some logistical issues and arrived too late for the camp, so as a special treat it was there alongside the 2025 badge for holders of BornHack 2024 tickets. So without further ado, it’s time to open the pack for Hackaday and see what fun awaits us. Continue reading “Two For The Price Of One: BornHack 2024 And 2025 Badges”

Hands On: The Hacker Pager

It should come as no surprise that the hacker community has embraced the Meshtastic project. It’s got a little bit of everything we hold dear: high quality open source software, fantastic documentation, a roll-your-own hardware ethos, and just a dash of counterculture. An off-grid communications network cobbled together from cheap parts, some of which being strategically hidden within the urban sprawl by rogue operators, certainly sounds like the sort of thing you’d read about it in a William Gibson novel.

But while the DIY nature of Meshtastic is one of its most endearing features for folks like us, it can also be seen as one of its weak spots. Right now, the guidance for those looking to get started is to pick a compatible microcontroller development board, 3D print a case for it, screw on an antenna from AliExpress, flash your creation with the latest firmware, and then spend some quality time with the documentation and configuration tools to actually get it on the air. No great challenge for the average Hackaday reader, but a big ask for the weekend adventurer that’s just looking for a way to keep in touch with their friends while camping.

Quality hardware that offers a turn-key experience will be critical to elevating Meshtastic from a hobbyist’s pastime to something that could actually be fielded for applications such as search and rescue. Plus, let’s be honest, even those of us who like to put together our own gadgets can appreciate a more consumer-oriented piece of hardware from time to time. Especially if that hardware happens to be open source and designed to empower the user rather than hold them back.

Enter the Hacker Pager from exploitee.rs. As the name implies, it’s still very much a device intended for hackers — a piece of hardware designed for the halls of DEF CON rather than trekking through the wilderness. But it’s also an important step towards a new generation of Meshtastic hardware that meets the high standard of quality set by the software itself.

Continue reading “Hands On: The Hacker Pager”

This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down

Meshtastic just released an eye-watering 9.5 CVSS CVE, warning about public/private keys being re-used among devices. And I’m the one that wrote the code. Not to mention, I triaged and fixed it. And I’m part of Meshtastic Solutions, the company associated with the project. This is is the story of how we got here, and a bit of perspective.

First things first, what kind of keys are we talking about, and what does Meshtastic use them for? These are X25519 keys, used specifically for encrypting and authenticating Direct Messages (DMs), as well as optionally for authorizing remote administration actions. It is, by the way, this remote administration scenario using a compromised key, that leads to such a high CVSS rating. Before version 2.5 of Meshtastic, the only cryptography in place was simple AES-CTR encryption using shared symmetric keys, still in use for multi-user channels. The problem was that DMs were also encrypted with this channel key, and just sent with the “to” field populated. Anyone with the channel key could read the DM.

I re-worked an old pull request that generated X25519 keys on boot, using the rweather/crypto library. This sentence highlights two separate problems, that both can lead to unintentional key re-use. First, the keys are generated at first boot. I was made painfully aware that this was a weakness, when a user sent an email to the project warning us that he had purchased two devices, and they had matching keys out of the box. When the vendor had manufactured this device, they flashed Meshtastic on one device, let it boot up once, and then use a debugger to copy off a “golden image” of the flash. Then every other device in that particular manufacturing run was flashed with this golden image — containing same private key. sigh

Continue reading “This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down”

Meshtastic Adds Wireless Connectivity To Possum Trap

Perhaps every gardener to attempt to grow a tomato, lettuce, or bean has had to contend with animals trying to enjoy the food before the gardener themselves can, whether it’s a groundhog, rabbit, mouse, crow, or even iguana. There are numerous ways to discourage these mischievous animals from foraging the garden beds including traps, but these devices have their downsides as well. False alarms can be a problem as well as trapping animals that will be overly aggravated to be inside the trap (like skunks) and while the latter problem can’t easily be solved by technology, the former can with the help of Meshtastic.

[Norman Jester]’s problem was an errant possum, but these nocturnal animals generally come out while humans are asleep, and other nighttime animals like rats can activate the trap and then escape. To help with this, a Meshtastic node was added to the San Diego mesh using a 3.5mm audio jack as a detector. When the trap is activated, the closing door yanks a plug out of the jack, alerting the node that the trap has been closed. If it’s a false alarm the trap can be easily and quickly reset, and if a possum has found its way in then it can be transported to a more suitable home the next day.

It’s worth noting that American possums (distinct from the Australian animals of the same name) are an often-misunderstood animal that generally do more good than harm. They help to control Lyme disease, eat a lot of waste that other animals won’t, don’t spread rabies, and don’t cause nearly as much disruption to human life as other animals like feral cats or raccoons. But if one is upsetting a garden or another type of animal is causing a disturbance, this Meshtastic solution does help solve some of the problems with live traps. For smaller animals, though, take a look at this Arudino-powered trap instead.

Thanks to [Dadsrcworkbench] for the tip!

Continue reading “Meshtastic Adds Wireless Connectivity To Possum Trap”

Get Into Meshtastic On The Cheap With This Tiny Node Kit

There’s been a lot of buzz about Meshtastic lately, and with good reason. The low-power LoRa-based network has a ton of interesting use cases, and as with any mesh network, the more nodes there are, the better it works for everyone. That’s why we’re excited by this super-affordable Meshtastic kit that lets you get a node on the air for about ten bucks.

The diminutive kit, which consists of a microcontroller and a LoRa module, has actually been available from the usual outlets for a while. But [concretedog] has been deep in the Meshtastic weeds lately, and decided to review its pros and cons. Setup starts with flashing Meshtastic to the XIAO ESP32-S3 microcontroller and connecting the included BLE antenna. After that, the Wio-SX1262 LoRa module is snapped to the microcontroller board via surface-mount connectors, and a separate LoRa antenna is connected. Flash the firmware (this combo is supported by the official web flasher), and you’re good to go.

What do you do with your new node? That’s largely up to you, of course. Most Meshtastic users seem content to send encrypted text messages back and forth, but as our own [Jonathan Bennett] notes, a Meshtastic network could be extremely useful for emergency preparedness. Build a few of these nodes, slap them in a 3D printed box, distribute them to willing neighbors, and suddenly you’ve got a way to keep connected in an emergency, no license required.

What The Well-Dressed Radio Hacker Is Wearing This Season

We’ve seen a lot of interest in Meshtastic, the license-free mesh network for small amounts of data over the airwaves. [Ham Radio Rookie] was disappointed with his Meshtastic node’s small and inefficient antennas. So he decided to make what we suspect is the world’s first Meshtastic necktie.

We assume the power is low enough that having it across your thorax is probably not terrible. Probably. The tie is a product of a Cricut, Faraday cloth, and tiny hardware (the Xiao ESP32S3 and the WIO SX1262 board). The biggest problem was the RF connector, which needed something smaller than the normal BNC connector.

Continue reading “What The Well-Dressed Radio Hacker Is Wearing This Season”