Decentralized Communications: Deep-Dive into APRS and Meshtastic

Please welcome Anker Thiagi and Mayor Dani as they talk about decentralized communications.

Thank you everybody. Thank you for being here. I know this is the last talk. Uh I won't I mean we won't be keeping you uh from having good time. Um so yeah these are the uh barcodes. You can use them and have them ask us questions. Um before we begin with the talk uh I just wanted to get a show of hands. How many of you have searched for uh ways to track your devices or you know cars or uh bikes? Um yeah so that that makes a lot many of you. I didn't expect that. Okay. So that was Yeah. So that was how I uh personally started my journey with uh APRS and Mesttastic. I bought a new Ducati last

year and uh one of the first things that I was told to do was uh get a uh you know uh GPS tracker on top of it. I didn't want to get uh an Apple um u Apple whatever air tag is it's called uh because it's uh everybody knows how it looks and you know it's very easy to find uh so um okay so the first thing that I found was this thing uh this is a metastic device as you can see it's a no one can think that it's a you know tracker of sorts but I'll come to when we discuss more about uh mestastic. So welcome uh to our talk uh decentralized communications with a deep

dive in APRs and mestastic. This is Mayures and this is my colleague Ankur. Um so a little bit about both of us uh we are I mean I'm into detection engineering adversary simulations and security research and um Ankor is into he's a cyber security enthusiast. He's more of a radio security uh not a jockey, sorry, radio security enthusiast and uh also uh he's a packet hacker. That's his call sign. So if anybody is into uh ham radio, please uh make a note of it uh and you can you know uh contact him there. So what u this is the brief of how we'll be talking about uh all the decentralized communications uh what are we going to do um even though a lot of

people know about uh radio frequencies we're also including a bit of uh a cheat sheet about what we are talking about simple terms what we'll be talking about what is the architecture uh of both APRS and meshtastic And uh what are the security implications and then a few suggestions if we may uh uh suggest and then uh what are the conclusions or resources that you may use uh to get more familiarized with uh both these protocols. So beginning with uh the need for decentralized communications. How many of you have heard of this term fire seal? Right. So one of the use cases exactly. So this is a scene from the movie Die Hard uh that came out in 20 2007 sorry.

Uh so there was a fire sale uh where every every communications go down all means of communications goes go down and this is one of the use cases which you can uh definitely make use of uh where uh either natural disaster strikes or um you know as as the fire sail uh your communications are down. So but you still want to reach out to people outside either for help or uh just communications. Uh so that is one of the use cases uh where you need decentralized uh communication networks like APRS or meshtastic. You might be out trekking in I don't know yity or any all faroff areas where you don't have uh radio or cell phone coverage but you

still want to reach out. I know uh last year I was at Yellowstone and I had to take walkie-talkies there. Uh so one of those areas definitely you need uh one of either of these two solutions there or uh generally if you want to be independent uh from eaves drop dropping I don't know I mean how many of you are uh uh concerned about people listening to your conversations. So one of these uh these protocols will also help you uh be protected from that. And then emergency response uh also uh emergency response police they also use one of these networks and as a community besides we see lot of uh volunteers they're using uh these walkie-talkies

they are also you can consider them one of a small example of a community network. So a bit of a historical context uh before uh we go deep. Uh in 1982 Bob Ringa that's his call sign he introduced uh APRS to map a high frequency Navy Navy uh positions. Uh so Navy position reports. So there there you have it that you know this comes from a very uh trusted source that you know uh and it will work in uh location mapping. uh in 1990s APRS is introduced where uh local RF nodes were now connecting to internet and then 2014 u a company called as um Cal Cyclio uh they uh they patented Laura or Long

Range and then 2019 Mestic emerges since 2019 like you see that icon there it has been uh crazy level of adoption of people uh for mestastic uh that really helps the community. Please uh do definitely uh get get in get involved in mestastic. Uh so that's about the historical context and as I was saying this is the uh cheat sheet for radiocom communications. Um so as we know radio frequency is made up of electromagnetic waves between 3 kHz to 300 GHz. It's made up of transmitters, receivers and antennas for and which is used for propagation and the fre uh fundamental properties are frequency modulation modulation or wavelength and uh and the power that's needed to uh

transmit and the bandwidth which is uh needed to uh transmit on. And then again uh the type of modulation depends on uh the type of protocol. Uh examples are uh frequency modulation which is used by APRS uh Laura uh which is again uh built uses meshtastic and then uh a couple of keywords line of sight uh so in radio frequency terms if you can see something uh that is your line of sight and that is how long your uh radio waves can reach without being um uh stopped. Right. So, uh that is about it. Uh talking about APRS, Ankur will continue. Hi everyone. So before we start with APRS, so what exactly is APRS? APRS is automatic

packet reporting system. So um anyone here in the audience already have a ham radio license? Any ham radio operator? Okay, you guys already know this, but for everyone's sake, so APRS is a data mode for ham radio operators. So, it allows you to transmit data packets or digital data over ham radio frequencies. And these data packets can have location updates, they can have telemetry data, they can have weather reports as well. So, it extends the use cases for a typical ham radio user. Uh but because this is only for amateur radio operators, you would need to have a license first of all. So FCC uh licensing hierarchy goes by technical and then general and then amateur extra.

You would at least need to have a technical license to be able to get started with APRS. This is u you know there is a barrier to entry here. So for everyone interested in APRS, if you would like to transmit on APRS, you would need to get a license. But because the radio frequencies are open, anybody can tune in. You can listen, read and you know watch activity on HPRS. There are internet connected sites as well that gives you uh these sites give you visibility into the uh you know the activity going around the world on the APRS frequencies. So uh there is no there there's no one stopping you from you know looking at what exactly is

happening on the RF. Uh but if you would like to transmit you would like to actively participate you would need to get a license. Uh let's talk about the network structure. Um for APRS what you need is you need a ham radio obviously. Uh I have this bofang radio and this is connected to a TNC. This is a modem of sorts and then um using this um you know using this uh architecture I can listen and transmit on the RS frequencies. uh this will not have as wide of a range as I would like it to be but uh there are ways to extend your range and these are done by repeaters and these on the uh

amateur radio terminology for repeaters digital repeaters or digipers. What these repeaters do is you know if you are in a range of a digater you connect to that and then you um you know your packets are then forwarded by the digipeter across the RF range of that device. Um these systems can also be connected to the internet and uh you know these systems connected to internet are called I gates internet gateways. So this is how you bridge the RF with the internet. So if you are broadcasting over or if you are listening over APRS you can forward your packets to the internet as well and systems that are connected to internet can now view and

uh you know index the activity of the RF. um security model is uh important u since this is open by design uh FCC part 97 this is a regulation uh if you are a ham radio operator you know this um any and all sorts of encryption is prohibited so these these frequencies are supposed to be open anybody can tune in they can send packets if they have the license and the validation to do that but uh everything has to be clear text no encryption at all authentication This is limited to your call sign. So everybody who has a license will get a call sign by FCC and then you use a call sign to u

you know identify yourself on the APRS network. Um authentication in APRS u it uses a password based system which is open. So uh we cannot really call it a password but your call sign is hashed to a number and then this number is used as your identity and you know you use that to identify yourself and you can use a call sign. uh the pro there are problems with this architecture and we'll talk about that later in the presentation. Uh here is a quote from uh Bob Raninga uh the founder itself. his silent key is no more. But um he very uh you know nicely summarized that you know people think of APRS as vehicle tracking system

but uh in his words this is not just a vehicle tracking system. It's a tactical realtime information exchange mechanism and uh in a gridown scenario this is uh your means of you know reaching out and connecting to the world. Um because by nature this is open u you can also uh use this to get a you know for situational awareness of your surroundings. Uh this is bridge to the internet. So this gives you u access and you know visibility outside of your immediate RF boundary. Even if you are not able to reach a particular or reach your loved ones using your RF devices if there is a gateway in your range that gateway will broadcast your traffic over

the internet. And now your loved ones, your people who are looking for you can locate you. This is a map. Um there are sites that curate activity from APRS network and then they can you know using the GPS location of the nodes that are broadcasting they can map it over and show it to us. So the the nodes in the blue they are you know weather reports. So there are a lot of people who are uh they have their own weather monitoring systems and they connect it to APRS and broadcast weather reports. People broadcast position reports as well. So this also serves as a you know way of getting situational awareness of the weather reports that are uh very highly

and you know very very concentrated around the areas that you are interested in rather than going to a centralized server. This is a locally curated and uh populated data. Let's talk about the technical foundation. So um we we need to understand that u APRS uses AX25 packet radio system. So APRS is a packet radio mechanism and what I mean by that is over voice communication channels what you are sending is digital data. So it has to be encoded decoded in the right form in the right manner. Uh frequency modulation is the u is the technique we use here. Um the uh the frequency the primary frequency for APRS in North America is 144.390. Um this is uh by design there

is a standard around the world where uh these frequencies are not reused. So for European Union um they would use a different frequency band. So if you move to a different continent, if you move to a different place, you would need to check the local regulations and understand what the frequency u you know frequency reservations are for that area to make sure you're compliant. Uh we'll look at the packet format for APRS in detail, but ju just to give a very brief overview. Um APRS is clear text. You have a source and a destination. So the node sending uh out some data uh you would have everything clear text you would you can specify what exact path you would like

to follow what nodes you would like to propagate through and then you have a delimiter and you know optionally some data as [Music] well there are stations uh there are digipers like we talked about I gates these uh bridge the internet and the RF APRS is a mechanism to collect internet broadcasted data and show it to the users over the worldwide web um there are hopcon mechanisms. We'll talk about these in the upcoming slides. Uh here is an example. So let's talk let's look at the packet data here. So um APRS traffic uh like for example here this is there we we wrote a Python script to decode this data. Now the first example is

position update. So there are latitude longitudes updated and there is a comment field as well. So it's clear text uh encoded. Some of the data is readable but most of it you will have to decode it but it's pretty easy to do that you can do that in a Python script as well. Uh the second screenshot also so show shows u similar update but then this is coming from a device that it uh broadcasting not just its position but also some of its status battery status and everything else. Um this is a hex just wanted to show you the raw data. So you know even if you don't have a decoder you can just look at the data raw dump and you can

make sense of it what exactly is happening. So you have a ax25 header, you have some binary uh data at the start of the stream and then everything else is text just a summary of what exactly you can send position reports, messages, status, weather data, telemetry. So the the use cases are pretty wide. So this is a very generic mechanism to share text based data over voice channels. Here is a sample uh code. Just wanted to show that you know this it's very trivial to connect to APRsis uh gateway. All you need to do is write a socket program. That's it. Um you need to point it to a host and a port. Um authentication like I said it's pretty

trivial. You need to have a call sign. I don't recommend it but you can use someone else's call sign. Find a password for that. But that is what we security people do just to prove this is a P. So you can calculate the password and then you can use that here as well or I would recommend have your own call sign. Once you have data coming in uh on RF or from the internet services bridge you would need to decode that and decoding is pretty trivial as well. Um all you need is to you know there there are these character assignments. Uh every character would mean something. So you write a map and then you know map it

to the right value. the security model this is of interest. So Bruce Willis is trying to reach uh the bad guys but this being an open u mechanism uh everybody can listen to him. So AP just to clarify APRS and mestastic are not voice enabled. So we are using this just as a you know for for reference here but all you can send is text data uh not real voice. Uh like I talked about authentication is you know uh pretty limited. So you need to have your own call sign but you can use someone else's call sign calculate their password on your own because the mechanism is pretty open and you can you know pretty

much Yeah. How do you calculate the password? I have a call. Yeah. So yeah uh the question is how do you calculate the password? Is it right? Okay. So password calculation pretty simple. You just Google it calculate APRS password. you will get a site that will calculate it for you or um the mechanism is simple enough. I've converted that to a bash script. So just to let you know so uh it's it's pretty trivial. So anybody can do that. It's more like a hashing mechanism. So every call sign and map to a number uh it's a numeric value that you get after the password calculation. So you use that to identify yourself to the network. Uh network knows how to

calculate password so they can validate that way. So, but there is nothing else that stops people from doing it for any call sign they know of. And call signs are public database. So, all FCC registrations and anybody here with a call sign would already know our addresses, our details are already out in the public. So, it's pretty trivial to find uh call signs and then find passwords and authenticate as that person. So, authentication is of uh it's it's virtually absent here. Encryption is uh not enabled by design. This is FCC mandated part 97. So you are not allowed to do that. This is legally bounded. So u everything on APRS is clear text. Access control is regulatory because you

need to have a license but you know it's debatable. U data integrity you need to have uh there are basic CRC based uh checks built into it but you know that's it no privacy at all. So uh talking about the security risk uh spoofing uh it's a very high risk because you can spoof as anyone um even if you don't have a call send you can spoof as a amateur radio operator. Eaves dropping it's built into it. So you know you can say that the protocol was designed for eaves dropping. Jamming is a moderate risk because uh jamming is always possible because if you have a high enough transmit power antenna present in your vicinity you will always

u you know face jamming but yeah that is also a possibility. Man in the middle is also of concern and data manipulation. All right so that's it from APRS. Oh he has a question. Yeah sure. Yeah. Yeah, we we um so the question is uh will the code and everything else been available? So yes, we have a QR code for the uh get a repository. We have not populated that yet, but we will do that after the talk. Slides and code and everything else. Thank you. Okay, coming to the 2018s or 2020s uh with Mistastic now. So, Mistastic as we started, it's a still an open-source uh but an off-grid uh messaging platform. Uh it is built on ESP 32 micro

uh controllers uh and works on again license free ISM bands. Uh you need to make sure that uh you sign up or you know you subscribe to the location where you are located in because all these bands are different. say in US it's uh 9 915 MHz in uh Europe it's different and Asia is different because if you select some other uh band u if you and if you select another country then you're not going to be able to transmit uh and receive um and then the key features of this mestastic protocol is simple uh think of the time when you were uh a kid in and you were in classroom you wanted to pass uh a note to one of your uh

classmates who are sitting right behind. So what you would do is you would write your message uh in a piece of paper and pass it on to your classmate. What the classmate would do is he would copy the same message thrice or or no. So he would copy the message and then pass it to three more people. Uh so and this continues until the message reaches your friend. Now there are two things to consider here. One is uh by three what I meant was the hop count. So uh a message in uh metastic is always traveling three hops. There are uh ways that you can increase the hop count but it is it will cause uh congestion and all of these

things but so suggested that you use three. Uh the other thing is important that uh the message is encrypted in this case. So no matter everybody gets the uh you know the note to write but they don't get to know what the message was. So even even if you whatever uh you send across it won't be uh visible to everybody and then uh the by premise you can just as Ankur said uh by premise you can just uh share text small pieces of text there is no u voice or data so it is more fit for sharing uh GP your locations and telemetry uh and so on and so forth. Um yeah and then since this is

built on the ESP32 micros uh microcontroller uh it has a long uh battery life. Again now talking about the technical foundation um so I've covered some a bit of it here. It's a fully distributed mesh architecture uh which which supports automatic no uh discovery and dynamic routing of packets and you also have nodes which are connected to the internet which then uh make the range of your packets uh wide. uh and then as I said uh with encryption all these packets are encoded by EES 256 uh uh standards and you have u two keys that you uh that is that are created with every device. One is the channel key and uh which is shared with

everybody so that you know uh when you open up your app for mistic it's you can chat on uh like a uh world world chat sort of a thing and then there's a private uh key with with which you can just talk to a person uh one person that you wanted to talk with. This is like Ankur showed uh that was the screenshot from APRS uhfi website. So this is from Liam Cotle. He's a that's a well-known very well-known website. These blue dots show uh that there are internet enabled or MQTT MQTT enabled servers that are uh showing your mestastic nodes. So these are not exact uh nodes but these are internet connected um nodes here. Um now

technically Mstastic is a firmware you can say which is meant to be uh which is working on ESP32 and recently uh on NRF4 52 and RP2040 platforms. Uh and then it works on long range modulation for on ISM bands and all these uh frequencies that we know of. One inter important feature that we needed to uh highlight here is that it's based on protobuff. Uh so it enables efficient binary encoding with both uh forward compatibility and uh as we know uh Laura also um helps you with uh it uses basically uh chirp spread spectrum uh which spreads your uh it's a chirp is a uh type of a message or indication that you uh get to use when you uh start

playing with meastic and uh it is much more better than uh other modulation techniques like FSK and all of those. Um and then uh the topology uh when we talk about architecture it's every node can relay for everybody and this perpetually can keep on happening until uh either two things happen one that the uh signal dies off or the intended person gets the message. Uh and then in mestastic you have automatic neighbor detection. Um and then using dynamic path selection the neighbors are selected and the way you um interface with mestastic on certain devices is directly using a Bluetooth. So in my case this is this device does not have any screens as you can see. So I have to connect to it

using Bluetooth from my phone and then um um uh and then you know uh send and receive messages. This device here can uh it has a screen I it's not turned on because it's not battery powered. Uh so but it has uh it has its own screen uh and it can act as your home node. Um so now looking at the packet structure uh a mestastic packet structure uh comprises of channel ID which identifies the uh encryption uh node ID packet ID and the hop limit as I said uh which is the one of the uh important factors here. Uh one thing that we need to uh stress here is that the header is always encrypted. Uh I'm

sorry, header is always clear text but the payload is always uh can be encrypted if you choose to using the AS256 um uh method. And then um uh payloads you can choose uh uh what do you encrypt? Is it the message or content or the metadata? Now metadata can be uh your location and all of that uh battery and all of the data. And then this is how uh the packet looks u mystic packet looks like. Uh for people in uh security who are into detection engineering or malware analysis if you must have heard the term MZ right? Uh so that's the u magic header for a binary. So m dollar in this case is the uh

packet header for mechtastic uh packets in I mean I know this looks uh this is uh this is this is the uh this is the protobuff enabled header and then this is an encrypted package an unencrypted packet from meshtastic. I know this does not look much different from the previous one because this is all in binary but this is clear text and this is how uh the package will packet will look like uh when we sniff on the network. Uh and then these are the data types that mestastic supports like I said text messages positioning reports and telemetry around what is happening and then uh channel announcements uh along with uh the mesh mesh configuration. So this is a simple

Python script which we will share again uh where we configure a specific channel to subscribe to talk to. Uh and then this script again is where uh we this is shows a call back when a message is received. So what to do where are we uh getting it from who is who sent it and what is the channel ID and everything. And then there's a security let's talk about the security model. Does this happen in uh Mestic? No. So uh Bruce Willis like we know uh again Die Hard series. One of the first series where uh they I saw u uh Bruce Willis you know breaking the gang using walkie-talkies because he could just simply infiltrate their coms uh because

it was unencrypted. But considering uh mestastic and APRS are just uh textbased walkie-talkies um this is not possible if encryption is enabled. So this uh in in short authentication is enabled in mestastic using uh uh AES 256. Uh and then data integrity is also uh maintained using CRC and packet verification. Um and pretty much you can uh access control is also maintained using channelbased groupings. Another important thing that we saw recently was this uh we started uh seeing a lot of uh CVS for uh mestastic firmwares coming up. uh as of today uh there there are six CVs and of which one the CV 2025 uh 2497 the first one that you see is a rce so if you have

um uh if you have mestastic devices definitely upgrade yourself to the latest uh 2.5 version if I'm not wrong uh yeah 2.5 and then um just a comparison uh or or rather uh statement that you for mestastic. Uh so you can't with mestastic you can't spoof u as much because you need a channel key. Uh eavesdropping again low if encry encryption is enabled with an ES256 unless someone gets that. Jamming uh again uh if it is uh of course it's a radio frequency so you can jam the whole networks. uh man in the middle again can happen at uh internet connected or uh gateway points. Uh and then replay attacks was also uh moderate rate moderate risk. One

of the vulnerabilities that we saw was also uh fixed uh in uh that supported replay attacks also fixed in the 250 firmware. And uh this is the uh model comparison. So let's try to uh compare APRS and MSIC side by side. Uh just to summarize you know this is a broad overview of what exactly the architecture looks like. Um things of concern are you know basically frequency uh for APRS you are limited to amateur radio bands. These give you wider range but then uh you are limited to clear text transmissions only. uh ISM bands on metastic give you uh much less uh range comparatively but then uh you have the uh you know the nicities of

using AS 256. So yeah um regulatory environment limits the uh use cases. So for for someone looking to get started uh this might be a blocker. If you are trying to compare APRS and Westastic, the first thing that you would need to consider is do I need to get license first of all? Um, and if you're not willing to do that, um, you know, you have your answer. MTACIC is the choice. Uh, if you're looking for range, u APRS is a better choice. Uh, but then mestastic is also a good option. You're not losing out much on there. But then uh there is a problem threat model expected adversary capabilities. You know we we expect adversaries to be able

to uh spoof and you know listen into the communications uh and be able to uh you know emulate and spoof the traffic forastic as well. There are concerns around power and maintenance and expertise. you would need to have some sort of a expertise to be involved and have a good enough community network and maintain that and to be able to use that. Uh we looking at these concerns we um you know tried to summarize some of our thoughts and we we thought we would list down some of the recommendations that we as a community can have for these uh for the users. First of all, we as users can uh look through these and then for the implementations as well. If

you are part of the implementation project, you can uh you know try to focus on these. Uh for APRS, we would like users to understand the inherent differences between the two technologies. So this is not a one is better than the other comparison. Both of these excel in their own ways. Um but then uh you need to understand your use cases. So the um design goal here were different for both these protocols and standards and as such we would need to consider those uh when we are considering our use cases as well um for implementations uh of APRS the i gates and you know the DNC's and the uh applications userfacing applications we would like um the iate authentication

mechanisms to be improved we would like uh user authentication the password uh based mechanism to be replaced to be uh replaced with something that is much more u secure in a manner that it is not open by nature at least. Um user education this is something that we were hoping for and this talk is on the same lines. We would like users to be educated for on these principles and you know functional differences so that they can take a call. For meastic uh we recommend users to enable encryption by default. uh mestastic gives you an option to uh optionally you know use encryption but as a standard practice we would uh request everybody to use it. Um these

are small textbased updates and they are limited to three hop count by default. Uh this would not really uh be a big concern if you enable encryption. We are using it with small form factor devices and there are no issues as such. Some people are concerned about battery range and this could be a reason to disable encryption but uh in our test with these devices it's not it's not making much of a difference. Uh secure key distribution this is a primary concern. So um uh inherently the protocol doesn't support uh key exchange mechanism. So if you would like to create your own channel you don't have a way to exchange key using the protocol itself. So you need

to use something out of band and WhatsApp is not a good use case. Right? So you cannot share your keys using WhatsApp. So u we we would like to see something uh some uh you know we we would like this to be a focus for users as well. Rotate key channel keys and secure physical devices perfect forward secrecy it's a goal uh Bluetooth security and tamper evident features as well. All right. So to conclude, um like I said, both both these systems have their own uh you know value traditions. APRS is uh it it predates modern internet. So it it is a 1980s technology, but it has a very wide user base. So it uh it has stood the test of

time, right? So it's a Lindy uh protocol and I would definitely recommend everybody to look into it. um getting a amateur radio call sign you know getting license is not a big deal um everybody here I think can definitely get a license at least a technician level so that gives you a uh authority a legal receipt to get started with um security must be understood in the context so uh if you feel like you would need secure encrypted and private by default communications meastic is the choice that's it no questions u but if If you are open and if you are not concerned about private messages, if you would just like to broadcast for example

weather reports, they don't always have to be encrypted, right? So you can choose APRS as a mechanism. All right. So uh there is a lot that has been talked about on APRS and mestraastic and honestly we don't feel like you know sharing every link here would be a good solution. So we would like users to be pointed to the source. So AP specs are hosted on APs.org mestastic.org for mestastic and there are really uh decent communities. This is what we use to get started with. So we would like u everybody new to be involved and be part of these communities as well. Uh the slides and uh slides and code everything would be hosted uh on GitHub. So this is the QR

code. Uh we will do that by the end of the day. So, uh, just look out for those. And that's it. Um, any questions? And, yeah. Yeah, we'll start some questions here. All right. So, we've got one coming in. We're going to do them all via slider. So, again, if you ask via slido, that's the best way to do it. Slide. Besides SF2025, that's your code. And we're in theater six. So, we'll start off with this first question. What is your meshtastic call sign? There is u there is no call sign on estastic. So uh the nodes that you have they will u by default every node will have a MAC address. So the firmware uses

the last four characters of the MAC address as the identifier but you can change that. So there's a short name and a long name and you can name your device anything. So there is no call sign instic. It looks like we might have had one in the theater. So I'll just go ahead and ask it to me and make it short because I got to repeat it. Sure. So what's your opinion on mesh core versus meshtastic? So what's your opinion on mesh core versus meshtastic? Mesh core I I have not used it but I have seen YouTube videos and I'm pretty excited about that. U we would need to do some testing. Um honestly just because it's

so recent we have not been exposed to it yet. We'll give you a few more seconds. I'm not seeing any in here. No question is too small or too silly to ask. I'll get one more here in the theater. I'm just checking again. Slide 06. Good. How are keys currently exchanged to perit permit meshtastic? So, yeah, great question. So, um when you have the meshtastic firmware installed, by default, everybody is on a global common channel. Uh the primary zero channel. um everybody is on the same channel because the key for that channel is hardcoded by the firmware and everybody who uses the firmware will have that key by default installed. So AQ uh equiliquest this is

a B 64 encoded version of the key. So uh because you know this key everybody is in on this channel but now if you would like to create your own private channel uh you can do that with your app with your uh client but the problem is how do you share that so that is one of the concerns we raised here. So you need an out ofband mechanism because the protocol itself will not support that natively or does not support it as of now. So uh you create a QR code and then you know you go to your user walk up to them and then secretly scan it. So that's the best way to do that. Uh

WhatsApp like I said or any other social mechanisms out of band would not be a good solution. So this is a u you know area of improvement for example there are no good mechanisms to do that as of now. That's true. So, Encore also uh Oh, go ahead. Yeah, that's that's the world chat that I talked about. Uh, so when once you share because it's shared with everybody uh they want to know what TNC adapter you have plugged into that bow fang again. If you could explain it. Yeah, so the these models so the these devices the Bofang radio this is pretty u you know decently priced radio to get started with. So, I just wanted to highlight the fact that

with this radio, you can connect a a cheap TNC. This is not exactly cheap. Um, I'm not sure what the price was, but this was expensive, so I had to think about it. I didn't get it first time. Uh, I got my license and then maybe after one or two years, I got this TNC. So, you know, I had to save. So, this somewhere around$100 $200 or so. Uh but then once you have this, you have the capability to transmit and receive APRS packets via Bofang and similar radios. Uh there are radios that are pretty cheap these days. They're under $200 cheaper than the TNC itself and uh they have the TNC built into them. So the

modem is part of the device itself and the UI gives you features to configure it. Um some of these radios will then connect to your Bluetooth app. Um, and then you can manage the u radio via the app as well. So you don't have to hardcode and write everything or type everything out. All right, I'm going to ask this last one here. Uh, have you looked at any of the infrastructure on the back end for meshtastic? Um, particularly like in MQTT and the other. Yeah. So uh MQTT u we have looked at how so the Python example the script that we showed is one of the ways we have interacted with the MQTT and the APIs

back end. Um so once you are on the RF you would like to expose your traffic to the internet and you would like to be listed on the Liam CLE map site for example or any other uh node that listening on the traffic you would need to uh forward your traffic first of all. So um the configurations are manual. I think that was perhaps your uh thing. Well, thank you everyone. That will conclude the talk. Thank you so much Ankur and Mayor. Um we are done for today. Um, hope you have a good conference