eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

199
active users

#meshtastic

18 posts16 participants7 posts today
rxtx2<p><span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> &amp; <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span> Ihr hattet doch erst eine große Strecke zu <a href="https://mastodon.social/tags/meshtastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meshtastic</span></a> da habt Ihr den Aspekt vergessen...</p>
Replied to Julian Oliver

@JulianOliver It's network effect in action... I'm 60km away from the big city and I can reach it via #Meshtastic, but both meshcore and reticulum are just quiet here. Also, while reticulum looks way better than the other two regarding network design, it's not only the prebuilt hardware availability -- flashing it to one of my boards was rather easy, but the documentation in general is sparse and intimidating and not suited to the layperson.

IMO Reticulum/LXMF/Sideband is superior to any other mesh txting solution atm. I'm really impressed by the maturity and flexibility of this design & approach.

However, without an off-the-shelf scan & go hw market, as #Meshtastic has (even if only for LoRa), public will never get in on the action, resulting in thin or nonexistent infrastructure to lean on in a blackout. A mesh needs surface to be useful.

I hope they solve this. Sometimes the best ideas and implementations alone are not enough

Continued thread

So to hopefully make it more clear, I wrote a CLI tool which can recover the decryption parameters for DM conversations.

It basically does everything but the final AES-CCM decryption. Turns out there's something funky with the meshtastic AES-CCM implementation and I can't seem to fully decrypt using an openssl based library.

This does not mean DMs are any safer, just that I haven't taken the time to crosscompile the MT/arduino AES routines to x86 yet.

github.com/datapartyjs/meshmar

LoRa mesh radio pentesting tool. Contribute to datapartyjs/meshmarauder development by creating an account on GitHub.
GitHubmeshmarauder/bin/mitm-dm at main · datapartyjs/meshmarauderLoRa mesh radio pentesting tool. Contribute to datapartyjs/meshmarauder development by creating an account on GitHub.
Continued thread

This segment of meshtastic's DEFCON post are sadly not correct.

I can't tell you why how exactly the firmware and phone app work but I can tell you that if you are near someone PKI spoofing it absolutely does replace the users private key on BOTH the app and the firmware.

The only pub keys that are pinned are your favorites list.

It doesn't matter what -type- of AES is used after the public key is replaced you're already MITMd.

meshtastic.org/blog/that-one-t

Continued thread

So I'm not sure how to say it in a more concise way but YES meshtastic direct messages are at risk of MITM (man-in-the-middle) if your public key can be replaced by an attacker who spoofs the PKI.

Due to the way DMs and adverts work I believe this risk likely exists for any device on meshtastic regardless of whether they are on public channels or not.

My #Meshtastic node is ready for the rooftop, I think!

  • Made a waterproof case for the higher gain antenna
  • Made a case for the ESP32 running it
  • Added a 10m active USB2.0 cable for power and serial
  • Added a 10m SMA for WiFi
  • Bundled it all together neatly
  • Can connect to the node via WiFi using contact
  • Found a long enough ladder

Now just need to climb said ladder. 🦾

Aha, kaum hat‘s die externe Antenne, findet das #Lilygo T-Deck Plus auch endlich mal #Meshtastic Nodes! 👍 Jetzt muss ich „nur noch“ dieses steinzeitliche Kartensystem bedienen und haufenweise fixe Grafikdateien für Zoomstufen auf die SD-Karte packen – und vorher erstmal finden bzw. erzeugen! Mit einem Tool, was man erstmal bauen muss! 🙄 Oder geht das irgendwie einfacher? 😳

Replied in thread

@KrissyKat "I bought a Meshtastic compatible device, a Heltec V3 LoRa transceiver, to do some experimenting with the DIY messaging system. It can be used off-grid to communicate in situations where cell phones are not available, for example. I'm still learning how to use it. I have connected it to the MQTT server run by Chicagoland Mesh and have been checking out the group chat channel by replying to people sending test messages to let them know I saw them. I did see a message sent from an airplane passing through the Chicago area skies this morning which was pretty great."

This is awesome!

[Got what I needed, thanks – PLEASE DO NOT boost this further.] This is an open call for insight and help: I’m looking for guidance from folks who are familiar with #Meshtastic to help me understand what would be involved in setting up and maintaining a national-scale #mutualaid and disaster-response (relief/recovery/“resilience”) network in the UK.