Meshtastic: A Tale Of Two Cities

If I’m honest with myself, I don’t really need access to an off-grid, fault-tolerant, mesh network like Meshtastic. The weather here in New Jersey isn’t quite so dynamic that there’s any great chance the local infrastructure will be knocked offline, and while I do value my privacy as much as any other self-respecting hacker, there’s nothing in my chats that’s sensitive enough that it needs to be done off the Internet.

But damn it, do I want it. The idea that everyday citizens of all walks of life are organizing and building out their own communications network with DIY hardware and open source software is incredibly exciting to me. It’s like the best parts of a cyberpunk novel, without all the cybernetic implants, pollution, and over-reaching megacorps. Well, we’ve got those last two, but you know what I mean.

Meshtastic maps are never exhaustive, but this gives an idea of node density in Philly versus surrounding area.

Even though I found the Meshtastic concept appealing, my seemingly infinite backlog of projects kept me from getting involved until relatively recently. It wasn’t until I got my hands on the Hacker Pager that my passing interest turned into a full blown obsession. But it’s perhaps not for the reason you might think. Traveling around to different East Coast events with the device in my bag, it would happily chirp away when within range of Philadelphia or New York, but then fall silent again once I got home. While I’d get the occasional notification of a nearby node, my area had nothing like the robust and active mesh networks found in those cities.

Well, they say you should be the change you want to see in the world, so I decided to do something about it. Obviously I wouldn’t be able to build up an entire network by myself, but I figured that if I started standing up some nodes, others might notice and follow suit. It was around this time that Seeed Studio introduced the SenseCAP Solar node, which looked like a good way to get started. So I bought two of them with the idea of putting one on my house and the other on my parent’s place down the shore.

The results weren’t quite what I expected, but it’s certainly been an interesting experience so far, and today I’m even more eager to build up the mesh than I was in the beginning.

Continue reading “Meshtastic: A Tale Of Two Cities”

The Practicality Of Solar Powered Meshtastic

A Meshtastic node has been one of the toys of the moment over the last year, and since they are popular with radio amateurs there’s a chance you’ll already live within range of at least one. They can typically run from a lithium-ion or li-po battery, so it’s probable that like us you’ve toyed with the idea of running one from a solar panel. It’s something we have in common with [saveitforparts], whose experiments with a range of different solar panels form the subject of a recent video.

He has three different models: one based around a commercial solar charger, another using an off-the-shelf panel, and a final one using the panel from a solar garden light. As expected the garden light panel can’t keep an ESP32 with a radio going all day, but the other two manage even in the relatively northern climes of Alaska.

As a final stunt he puts one of the nodes out on a rocky piece of the southern Alaskan coastline, for any passing hacker to find. It’s fairly obviously in a remote place, but it seems passing cruise ships will be within its range. We just know someone will take up his challenge and find it.

Continue reading “The Practicality Of Solar Powered Meshtastic”

Two For The Price Of One: BornHack 2024 And 2025 Badges

BornHack is a week-long summer hacker camp in a forest on the Danish island of Fyn, that consistently delivers a very pleasant experience for those prepared to make the journey. This year’s version was the tenth iteration of the camp and it finished a week ago, and having returned exhausted and dried my camping gear after a Biblical rainstorm on the last day, it’s time to take a look at the badges. In case you are surprised by the plural, indeed, this event had not one badge but two. Last year’s badge suffered some logistical issues and arrived too late for the camp, so as a special treat it was there alongside the 2025 badge for holders of BornHack 2024 tickets. So without further ado, it’s time to open the pack for Hackaday and see what fun awaits us. Continue reading “Two For The Price Of One: BornHack 2024 And 2025 Badges”

Hands On: The Hacker Pager

It should come as no surprise that the hacker community has embraced the Meshtastic project. It’s got a little bit of everything we hold dear: high quality open source software, fantastic documentation, a roll-your-own hardware ethos, and just a dash of counterculture. An off-grid communications network cobbled together from cheap parts, some of which being strategically hidden within the urban sprawl by rogue operators, certainly sounds like the sort of thing you’d read about it in a William Gibson novel.

But while the DIY nature of Meshtastic is one of its most endearing features for folks like us, it can also be seen as one of its weak spots. Right now, the guidance for those looking to get started is to pick a compatible microcontroller development board, 3D print a case for it, screw on an antenna from AliExpress, flash your creation with the latest firmware, and then spend some quality time with the documentation and configuration tools to actually get it on the air. No great challenge for the average Hackaday reader, but a big ask for the weekend adventurer that’s just looking for a way to keep in touch with their friends while camping.

Quality hardware that offers a turn-key experience will be critical to elevating Meshtastic from a hobbyist’s pastime to something that could actually be fielded for applications such as search and rescue. Plus, let’s be honest, even those of us who like to put together our own gadgets can appreciate a more consumer-oriented piece of hardware from time to time. Especially if that hardware happens to be open source and designed to empower the user rather than hold them back.

Enter the Hacker Pager from exploitee.rs. As the name implies, it’s still very much a device intended for hackers — a piece of hardware designed for the halls of DEF CON rather than trekking through the wilderness. But it’s also an important step towards a new generation of Meshtastic hardware that meets the high standard of quality set by the software itself.

Continue reading “Hands On: The Hacker Pager”

This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down

Meshtastic just released an eye-watering 9.5 CVSS CVE, warning about public/private keys being re-used among devices. And I’m the one that wrote the code. Not to mention, I triaged and fixed it. And I’m part of Meshtastic Solutions, the company associated with the project. This is is the story of how we got here, and a bit of perspective.

First things first, what kind of keys are we talking about, and what does Meshtastic use them for? These are X25519 keys, used specifically for encrypting and authenticating Direct Messages (DMs), as well as optionally for authorizing remote administration actions. It is, by the way, this remote administration scenario using a compromised key, that leads to such a high CVSS rating. Before version 2.5 of Meshtastic, the only cryptography in place was simple AES-CTR encryption using shared symmetric keys, still in use for multi-user channels. The problem was that DMs were also encrypted with this channel key, and just sent with the “to” field populated. Anyone with the channel key could read the DM.

I re-worked an old pull request that generated X25519 keys on boot, using the rweather/crypto library. This sentence highlights two separate problems, that both can lead to unintentional key re-use. First, the keys are generated at first boot. I was made painfully aware that this was a weakness, when a user sent an email to the project warning us that he had purchased two devices, and they had matching keys out of the box. When the vendor had manufactured this device, they flashed Meshtastic on one device, let it boot up once, and then use a debugger to copy off a “golden image” of the flash. Then every other device in that particular manufacturing run was flashed with this golden image — containing same private key. sigh

Continue reading “This Week In Security: That Time I Caused A 9.5 CVE, IOS Spyware, And The Day The Internet Went Down”

Meshtastic Adds Wireless Connectivity To Possum Trap

Perhaps every gardener to attempt to grow a tomato, lettuce, or bean has had to contend with animals trying to enjoy the food before the gardener themselves can, whether it’s a groundhog, rabbit, mouse, crow, or even iguana. There are numerous ways to discourage these mischievous animals from foraging the garden beds including traps, but these devices have their downsides as well. False alarms can be a problem as well as trapping animals that will be overly aggravated to be inside the trap (like skunks) and while the latter problem can’t easily be solved by technology, the former can with the help of Meshtastic.

[Norman Jester]’s problem was an errant possum, but these nocturnal animals generally come out while humans are asleep, and other nighttime animals like rats can activate the trap and then escape. To help with this, a Meshtastic node was added to the San Diego mesh using a 3.5mm audio jack as a detector. When the trap is activated, the closing door yanks a plug out of the jack, alerting the node that the trap has been closed. If it’s a false alarm the trap can be easily and quickly reset, and if a possum has found its way in then it can be transported to a more suitable home the next day.

It’s worth noting that American possums (distinct from the Australian animals of the same name) are an often-misunderstood animal that generally do more good than harm. They help to control Lyme disease, eat a lot of waste that other animals won’t, don’t spread rabies, and don’t cause nearly as much disruption to human life as other animals like feral cats or raccoons. But if one is upsetting a garden or another type of animal is causing a disturbance, this Meshtastic solution does help solve some of the problems with live traps. For smaller animals, though, take a look at this Arudino-powered trap instead.

Thanks to [Dadsrcworkbench] for the tip!

Continue reading “Meshtastic Adds Wireless Connectivity To Possum Trap”