[aprssig] Universal APRS messaging

Steve Dimse steve at dimse.com
Sun Oct 19 20:47:45 EDT 2008 

On Oct 19, 2008, at 7:42 PM, Lynn W. Deffenbaugh (Mr) wrote:

> It was my understanding that most IGate software by default only gates
> Internet to RF for those stations "recently" heard "local" to the  
> gate?

It doesn't matter who the message is to, the responsibility for the  
content of the message goes to the IGate operator.

> If the IGate operator doesn't gate anything but the defaults, are  
> there
> risks I've not thought of?

I think so. Person xyz (ham or not, doesn't matter) doesn't like me,  
I'm an IGate operator, and W4zzz is a nearby digi. xyz has a linux or  
mac system, or a Windows telnet program.

telnet rotate.aprs.net

then he types in

user K4HG passwd 28817 vers telnet

(28817 is really my password, like I say it is public anyway so why  
not make the example real) - this gives him a validated connection  
under my call.

then he types in a message with profanity, sends it to the local digi,  
which means my IGate will transmit it

K4HG>APRS,TCPIP::W4zzz    :Insert your favorite profane text here

What has happened?

The message appears on the APRS IS. It is addressed to a digi my IGate  
considers local, so it is transmitted by me on RF. xyz did not violate  
Part 97, but I sure did. Maybe you can make a case xyz is guilty of  
identity theft, because K4HG is a unique piece of personal ID. So  
instead of the above he sends his first name as a login and call

user XYZ passwd 29115 vers anything

then the message is

XYZ>APRS,TCPIP::W4zzz    :Insert your favorite profane text here

Now he has done ABSOLUTELY nothing wrong, but I have violated Part 97.  
I am responsible for EVERYTHING my IGate transmits, and anyone can  
make it transmit anything anonymously. That is the risk that every  
Igate operator needs to understand.


I've had 5 emails already from people who could not find the  
algorithm, here is a perl program to figure the password for any call

#!/usr/bin/perl

$call = uc("$ARGV[0]".chr(0));

$hash = 0x73e2;
$i = 0;
$len = length($call);

while ($i<$len)
{
	$hash ^= ord(substr($call,$i++,1)) * 256;
	$hash ^= ord(substr($call,$i++,1));
}
print ($hash & 0x7fff);
print "\n";

Anyone that thinks this compromises the security of the APRS IS  
already has their head in the sand!

Steve K4HG

More information about the aprssig mailing list