[aprssig] Digipeater solutions (rambling)
scott at opentrac.org
Tue Nov 2 17:51:58 CST 2004
> fast. Does anyone know what they charge per hour? I wonder if the cost
> firmware mod for the kpc3plus were in the range of 500 to 800 (I really
> idea how many hours this would take, heck I still don't know EXACTLY what
> like them to do), if any of us would be willing to pool enough money to
> them for the project? I certainly do NOT expect them to make a firmware
> for free. Of course this still leaves us with the problem of the
> kpc3 units out there.
At that price, I wouldn't expect them to just hand over the finished code
for free redistribution. Remember, they want $60 for the latest firmware
version now. Back when I was doing programming for commercial customers, a
change taking a few hours of my time might cost the customer $3000. These
days I'm mostly doing work for the Air Force and the costs are buried in
contracting, so who knows what it costs them.
Save your money and buy a TNC-X digi add-on, or better yet one of my digis
when they come out (hopefully) some time next year.
> Short of someone writing a new EPROM for the KPC3, or creating some sort
> clip on daughter board, I think the easiest is going to be a kiss mode
> digipeater module that plugs into the serial port.
I'd take this on, but I don't like being stuck with a $186 piece of hardware
that I've got to treat as a brainless KISS interface, and add MORE hardware
to make it do what I want. Again, you'd be better off designing for the
> generate a 16 bit checksum that was XOR'ed and initialized with a seed
> only the digi owner would know. You could send a command to the digi as
> APRS message with the checksum at the end. Others would see the checksum,
> without knowing the seed, they wouldn't be able to generate any NEW
With XOR it'd be trivial to break. Just calculate the checksum yourself and
XOR it with the on-air checksum, and the result is your seed.
> I'm sure that Scott will tell us about TEA and other encryption methods
> for an 8 bit microprocessor... the important thing here is that we'd be
> securely control the digipeater with an APRS message.
TEA's my favorite. You can use it in a CBC-MAC mode for this sort of thing.
Just don't use it in modes like Davis-Meyer - TEA has equivalent keys that
render it weak if used wrong. Microsoft found that out the hard way when
the checksum algorithm on the Xbox was cracked.
It gets a little more tricky if you want to avoid replay attacks. Someone
might capture a shutdown command, for example, and replay it later and the
MAC would still be valid. You can avoid that with a sequence number or
challenge-response of some type.
I was thinking about a lightweight protocol along the lines of TFTP for
transferring config files and even firmware images, but optimized for
high-latency links and point-to-multipoint so you could update multiple
devices at once. Authentication really gets tricky then...
Anyway, I've got to go vote. 73...
More information about the aprssig