[aprssig] Why Not "Gate in Vicinity" (phones)

Wed Dec 28 06:27:28 EST 2011

On Dec 28, 2011, at 12:11 AM, KA7O wrote:

> There is no way I would allow arbitrary internet users - essentially - 'open' access to my I-gate just because they also appear to have a call sign.

This illusion of security one of my pet peeves about the APRS IS. A little history lesson - 

When first created the APRS IS was receive only. The protocol for third party packets allowing internet to RF messaging came two years later. At that point it was necessary to provide some sort of authentication to meet US regulations. The model at the time was the TCP/IP ham software (sorry forget the name and I think Phil Karn was the author), which verified that one was a ham by asking what was the standard 2 meter split (600 kHz). Answer that question correctly and you could log into a TCP/IP server remotely and access the RF side.

I wanted something automatic, so I came up with a simple 15 bit hash on the callsign. It was NEVER meant to be something secure, just to verify ham radio status. This worked because the only APRS client programs were sold. The software authors verified ham radio status, once the ham paid the registration fee their software automatically generated the 15 bit number.

Easy, and since only 4 people knew the algorithm, it did provide some security. But then Dale Heatherington wrote a clone of APRServ, aprsd. He needed a way to provide the algorithm to open source users. Initially he did this by supplying an object module to check algorithms, and users asked him for their code. This was not really secure, because you could run a brute force attack to guess your code by checking at most 32k numbers against the object module, and because you could recompile the source code of aprsd to remove the checks completely.

So to keep the APRS IS somewhat secure I took on the task of checking each aprsd site to be sure the testing for the callsign worked as designed. As APRS IS grew this was obviously untenable. At that point there was really no choice other than to make the algorithm public, which happened about 10 years ago.

From that moment on there should have been no illusion of security in the APRS IS, yet it persists. Just to make it perfectly clear, every iGate operator is absolutely allowing "arbitrary internet users 'open' access to (their) I-gate just because they also appear to have a call sign." 

The code for K4HG is 28817 in case you want to steal my "identity", and here is the full algorithm (it has been 5 years since last I published it here so it is about due). If you aren't a programmer, just grab any copy of aprsd and compile it, there will be a program called callpass that will give you the code for any callsign.

Steve K4HG

#define kKey 0x73e2		// This is the key for the data

short doHash(char *theCall)
{
	char 			rootCall[10];			// need to copy call to remove ssid from parse and make upper case
	char 			*p1 = rootCall;

	while ((*theCall != '-') && (*theCall != 0)) *p1++ = toupper(*theCall++);
	*p1 = 0;

	short hash = kKey;			// Initialize with the key value
	short i = 0;
	short len = strlen(rootCall);
	char *ptr = rootCall;
	while (i<len)				// Loop through the string two bytes at a time
	{
		hash ^= (*ptr++)<<8;	// xor high byte with accumulated hash
		hash ^= (*ptr++);		// xor low byte with accumulated hash
		i += 2;
	}
	return hash & 0x7fff;		// mask off the high bit so number is always positive
}