[aprssig] Digipeater solutions (rambling)

Scott Miller scott at opentrac.org
Tue Nov 2 18:51:58 EST 2004

> fast.  Does anyone know what they charge per hour?  I wonder if the cost
of a
> firmware mod for the kpc3plus were in the range of 500 to 800 (I really
have NO
> idea how many hours this would take, heck I still don't know EXACTLY what
> like them to do), if any of us would be willing to pool enough money to
> them for the project?  I certainly do NOT expect them to make a firmware
> for free.  Of course this still leaves us with the problem of the
> kpc3 units out there.

At that price, I wouldn't expect them to just hand over the finished code
for free redistribution.  Remember, they want $60 for the latest firmware
version now.  Back when I was doing programming for commercial customers, a
change taking a few hours of my time might cost the customer $3000.  These
days I'm mostly doing work for the Air Force and the costs are buried in
contracting, so who knows what it costs them.

Save your money and buy a TNC-X digi add-on, or better yet one of my digis
when they come out (hopefully) some time next year.

> Short of someone writing a new EPROM for the KPC3, or creating some sort
of a
> clip on daughter board, I think the easiest is going to be a kiss mode
> digipeater module that plugs into the serial port.

I'd take this on, but I don't like being stuck with a $186 piece of hardware
that I've got to treat as a brainless KISS interface, and add MORE hardware
to make it do what I want.  Again, you'd be better off designing for the

> generate a 16 bit checksum that was XOR'ed and initialized with a seed
> only the digi owner would know.  You could send a command to the digi as
> APRS message with the checksum at the end.  Others would see the checksum,
> without knowing the seed, they wouldn't be able to generate any NEW

With XOR it'd be trivial to break.  Just calculate the checksum yourself and
XOR it with the on-air checksum, and the result is your seed.

> I'm sure that Scott will tell us about TEA and other encryption methods
> for an 8 bit microprocessor... the important thing here is that we'd be
able to
> securely control the digipeater with an APRS message.

TEA's my favorite.  You can use it in a CBC-MAC mode for this sort of thing.
Just don't use it in modes like Davis-Meyer - TEA has equivalent keys that
render it weak if used wrong.  Microsoft found that out the hard way when
the checksum algorithm on the Xbox was cracked.

It gets a little more tricky if you want to avoid replay attacks.  Someone
might capture a shutdown command, for example, and replay it later and the
MAC would still be valid.  You can avoid that with a sequence number or
challenge-response of some type.

I was thinking about a lightweight protocol along the lines of TFTP for
transferring config files and even firmware images, but optimized for
high-latency links and point-to-multipoint so you could update multiple
devices at once.  Authentication really gets tricky then...

Anyway, I've got to go vote.  73...

Scott, N1VG

More information about the aprssig mailing list