Decoding Meshtastic URLs

Meshtastic

In a world increasingly reliant on interconnected networks, there is a quiet revolution happening in the realm of communication: Meshtastic. Meshtastic is an open-source project that empowers users to create their own off-grid communication networks using low-cost, easily accessible hardware.

At its core, Meshtastic utilises mesh networking technology, allowing devices to communicate directly with each other, bypassing the need for traditional infrastructure like cellular or Wi-Fi networks. This decentralized approach enables communication in remote areas, during natural disasters, or in any situation where conventional networks may be unavailable or unreliable.

But Meshtastic is more than just a communication tool; it’s a community-driven endeavor, with a vibrant ecosystem of developers, enthusiasts, and users collaborating to improve and expand its capabilities. With support for features like GPS tracking, text messaging, and even geofencing, Meshtastic offers a versatile platform that can be adapted to a wide range of use cases, from outdoor adventures to emergency preparedness.

MQTT

Meshtastic leverages Message Queuing Telemetry Transport (MQTT) to establish a bridge between individual mesh networks, creating a cohesive ecosystem where data can flow freely between nodes regardless of their location. By adopting MQTT as its communication protocol, Meshtastic ensures compatibility and interoperability, allowing users to extend the reach of their mesh networks beyond their immediate vicinity.

This integration of MQTT into Meshtastic not only enhances the scalability and resilience of private mesh networks but also opens up a myriad of possibilities for collaboration and data sharing. Whether deployed in remote wilderness areas, disaster-stricken regions, or even urban environments with limited connectivity, Meshtastic’s utilization of MQTT empowers users to stay connected and exchange vital information in real-time, fostering a sense of community and cooperation even in the most challenging conditions.

Delving into Meshtastic Code and Docs

As we start to play around with Meshtastic, we delve into the GitHub repositories containing the Open-Source code to learn more about the project.

• How secure is Meshtastic?
• Does it handle encryption correctly?
• Are keys handled correctly?
• etc

All in good fun…

From reading the documentation, we can establish

• Cryptography is AES 128-bit CTR by default
  • Also utlilising 192-bit or 256-bit if necessary
• Default Public Channel key = 0xd4f1bb3a20290759f0bcffabcf4e6901

GitHub Logged Issues

When viewing the GitHub repositories we came across this interesting issue:

• https://github.com/meshtastic/Meshtastic-Android/issues/126

Right now the URL format for the QR-shared channel details looks like this: https://www.meshtastic.org/c/CBciENTxuzogKQdZ8Lz_q89Oab8qB0RlZmF1bHQ= Which encodes the channel name, parameters, and key into the URL path. When shared, there’s a non-zero chance that this URL gets fetched. Someone taps the link (and admittedly gets a 404) but the URL path is being sent to meshtastic.org. Anyone with access to the hosting logs can potentially see the GET /c/CBciENTxuzogKQdZ8Lz_q89Oab8qB0RlZmF1bHQ= request and take the channel configuration including the key.

Now the crude example given in the github issue ticket denotes:

• Key: default channel key
• Channel name: Default

So, we decided to investigate whether these URLs are leaked in places on the internet, or even inside MQTT?

The MQTT is well documented in the README’s and Meshtastics documentation. We utilised MQTT Explorer to discover numerous topics. We then used Python to write our own MQTT client, to browse the various topics and collect URLs from subscribed messages.

It was not too long until we came across our first URL within a Direct-Message or DM:

• https://meshtastic.org/e/#CjMSIL_eLKhYYWjguqvQg5bGAHosTMbkwksdDKLMpGOKc3p0GgtJcmVsYW5kV2lkZSgBMAESDggBOANAA0gBUAxgAWgB

So we returned to the documentation and GitHub repositories to learn how to reverse these URLs into more meaningful text for humans.

Strictly speaking, this was not necessary, as we have already compromised the channel! The URL can be converted into a QR-Code and read through a phone/tablet, thus adding the channel and key into our own database.

Within 10 minutes we had our own decoding program to parse the meshtastic URLs!

One thing that struck us as odd, about this particular initial example, is that the first character is a vertical-tab (0x0b)?

Decoding Meshtastic URLs

python ./channel_Decoder.py 'https://meshtastic.org/e/#CjMSIL_eLKhYYWjguqvQg5bGAHosTMbkwksdDKLMpGOKc3p0GgtJcmVsYW5kV2lkZSgBMAESDggBOANAA0gBUAxgAWgB'

Length of key: 32
Key: bf de 2c a8 58 61 68 e0 ba ab d0 83 96 c6 00 7a 2c 4c c6 e4 c2 4b 1d 0c a2 cc a4 63 8a 73 7a 74
Re-encoded key: v94sqFhhaOC6q9CDlsYAeixMxuTCSx0MosykY4pzenQ=
Channel name:
              IrelandWide
Downlink enabled

References

• Meshtastic
• Meshtastic Docs

---

Share on: