Lately a youtuber whose been doing a lot of videos about meshtastic just announced he's launching his own meshtastic replacement targeting the same hardware.
I watched a lot of Andy Kirby's videos and he seems to have an eye for the same sorts of problems I've mentioned with meshtastic so I'm very curious to see how his project goes.
They haven't released their code yet so we'll have to wait and see.
I wish I had less complaints for meshtastic, comments reminded me of others.
0. Has routing table, doesn't use it
1. Static MAC is used and expected over lora
2. The static MAC is the same or similar to the device ble/wifi mac
3. Location data leaks in unexpected ways
4. MQTT arch is messy af
5. Their simulator is buggy & bad. But is how they make technical decisions
6. Security is an after thought (and finally ok-ish)
7. History of non-sane defaults + many users are slow or never upgrade = bad
And if you've seen my defcon talk.... you probably can figure out what I can do with #1, #2 #11 and #12 🤔
#13 No conversation privacy in default scalable configuration. Anyone can see your to/from fields and bc #1 it's great metadata.
Need to verify how bad #13 is, I think you can mitigate but most people use a public channel. The header I think its technically encrypted BUT with a known public key so everyone can see whose talking to whom. I think you can get encrypted headers on the public channel but docs aren't clear and probably limits your hops.
Finally I suspect that IF meshtastic ever does fix their routing algo they will suffer from MITM exploits due to issues around #1, #6, #8, and #9.
Bc when you have MAC as the root of trust I can respond to your MAC and poison the routing table.
There might even by a solid security downgrade attack here too bc they have backwards compatibility for insecure DMs. So once I clone your MAC I can also downgrade security and ppl are trained to accept downgrades.
MeshCore has released their code today.
I've read most of the code and this is fairly early, limited docs, no mobile app and limited hardware testing.
That being said the over the air protocol+routing looks excellent. The code is well designed and fairly slim. The security posture is good and designed in from the start.
They get so much right in so little code. I even think I could make this messtastic compatible faster than they can improve.
Rapidly moving my meshtastic nodes over to meshcore 🤘🏿
Going very smoothly so far. Meshcore is notably very fast at message delivery and delivery confirmations back to the sender.
Thinking I'll leave my primary meshtastic infrastructure nodes up and build meshcore nodes to deploy next to them so as the network matures I can do head to head comparisons.
#lora #meshtastic #meshcore #lilygo #tdeck #wisblock #seeedstudio #esp32
Writing my first meshcore PR 🤘🏿
It's still a work-in progress, but having a lot of fun learning this code base!
https://github.com/ripplebiz/MeshCore/pull/96
#lora #meshcore #meshtastic #privacy #networking #esp32 #offgrid
A space for Bonfire maintainers and contributors to communicate
