[aprssig] Digipeater solutions (rambling)
Scott Miller
scott at opentrac.org
Tue Nov 2 18:51:58 EST 2004
> fast. Does anyone know what they charge per hour? I wonder if the cost
of a
> firmware mod for the kpc3plus were in the range of 500 to 800 (I really
have NO
> idea how many hours this would take, heck I still don't know EXACTLY what
I'd
> like them to do), if any of us would be willing to pool enough money to
pay
> them for the project? I certainly do NOT expect them to make a firmware
change
> for free. Of course this still leaves us with the problem of the
unsupported
> kpc3 units out there.
At that price, I wouldn't expect them to just hand over the finished code
for free redistribution. Remember, they want $60 for the latest firmware
version now. Back when I was doing programming for commercial customers, a
change taking a few hours of my time might cost the customer $3000. These
days I'm mostly doing work for the Air Force and the costs are buried in
contracting, so who knows what it costs them.
Save your money and buy a TNC-X digi add-on, or better yet one of my digis
when they come out (hopefully) some time next year.
> Short of someone writing a new EPROM for the KPC3, or creating some sort
of a
> clip on daughter board, I think the easiest is going to be a kiss mode
> digipeater module that plugs into the serial port.
I'd take this on, but I don't like being stuck with a $186 piece of hardware
that I've got to treat as a brainless KISS interface, and add MORE hardware
to make it do what I want. Again, you'd be better off designing for the
TNC-X.
> generate a 16 bit checksum that was XOR'ed and initialized with a seed
that
> only the digi owner would know. You could send a command to the digi as
an
> APRS message with the checksum at the end. Others would see the checksum,
but
> without knowing the seed, they wouldn't be able to generate any NEW
commands.
With XOR it'd be trivial to break. Just calculate the checksum yourself and
XOR it with the on-air checksum, and the result is your seed.
> I'm sure that Scott will tell us about TEA and other encryption methods
easy
> for an 8 bit microprocessor... the important thing here is that we'd be
able to
> securely control the digipeater with an APRS message.
TEA's my favorite. You can use it in a CBC-MAC mode for this sort of thing.
Just don't use it in modes like Davis-Meyer - TEA has equivalent keys that
render it weak if used wrong. Microsoft found that out the hard way when
the checksum algorithm on the Xbox was cracked.
It gets a little more tricky if you want to avoid replay attacks. Someone
might capture a shutdown command, for example, and replay it later and the
MAC would still be valid. You can avoid that with a sequence number or
challenge-response of some type.
I was thinking about a lightweight protocol along the lines of TFTP for
transferring config files and even firmware images, but optimized for
high-latency links and point-to-multipoint so you could update multiple
devices at once. Authentication really gets tricky then...
Anyway, I've got to go vote. 73...
Scott, N1VG
http://n1vg.net/opentracker
More information about the aprssig
mailing list