One Ping and One Ping Only: The Trouble With Meshtastic and ATAK-style Networks, by GuerrillaLogistician

TLDR; Don’t fall for the fucking hype… please for the love of god, I can’t tell if these people are more committed than Jim Jones fanatics at Jonestown.

I usually don’t want to wade into this conversation because other people are far more competent and do better with this subject, but I can’t help it.  If you are married to a concept in totality, you will end up dead because you haven’t reasoned things out.  Like anything else, there isn’t a perfect answer; there is always a use case, and technology will continually advance, but the core science won’t change as quickly.  Let’s begin breaking this topic down. Then, @4nt1p4tt3rn on X can break this down even better and give you the details/secret tricks that will scare you for now I hope to induce cold sweats I will leave the night terrors for him to divulge

This is an analogy to help those understand, not a one-for-one, so if you are a nerd of all things Meshtastic, add your “actually” comments below so you can be mocked accordingly. For the rest of you, especially those who liked Hunt for Red October, you may understand the analogy. I am sure many of you have seen this Shawn Conery’s MEME, but let’s watch it again.

Captain Ramius: Re-verify our range to target… one ping only.

Capt. Vasili Borodin: Captain, I – I – I just…

Captain Ramius: Give me a ping, Vasili. One ping only, please.

Capt. Vasili Borodin: Aye, Captain.

A ping is a massive active sonar pulse that can actually kill divers and wildlife if close enough.  Unlike the Ping on a sonar system, Meshtastic, LORA, and similar systems tend to run low power, which is helpful, but we will dive into that in a minute. Let’s say a sonarman could put out a low-power ping (Active Sonar) that did its job; that wouldn’t be a bad thing if it were usable and quiet enough that other ships wouldn’t detect it easily.  I won’t speculate on how advanced active sonar is these days, and if they can do that, but let’s pretend they can.  Except the sonarman accidentally hits the continuous button instead of one ping, and now the submarine is just calmly tracking and transmitting its very unique low-power pulse at intervals.  Now, let’s say dozens of subs are running around along with a sonar network called SOSUS all quietly running active sonar.  If you watched Hunt for Red October, you would briefly remember the whole Russian Navy out searching for Red October.  All those ships were banging away with active sonar, and Captain Ramius easily avoided them with little effort.  Think of all that noise in the water and how easy it was for the Americans to figure out what was happening.

The interesting thing is, though, that all these active sonar emissions have a fingerprint, just like Meshtastic does.  It looks different and acts differently than other systems, so it is definable on a TinySA Ultra or by listening to it.  Add to that, just like most digital systems; there is also this unique fingerprint that gets transmitted initially, saying I am node 123.  Just think all those submarines quietly pushing out an IDs but one keeps saying I am 123 which with time might mean it’s the USS Razorback.  Just think, if that sub could not only be tracked, but the enemy knew where it was, when it was moving, and could tell it apart from all the others with minimal effort.  This is Meshtastic in its basic unhacked over-the-counter form being sold by people on YouTube.  Can things be dialed back?  Sure.  Can some or maybe all the data be hidden? I doubt it, but let’s pretend it can be.  Will the system still have to retransmit each time someone calls out?  Yes, that is its design.  So even if we dial it back, even if we hide the info, we still can count the systems operating and locate them faster then if it only transmitted occasionally, and the rest of the time it was just listening doing its job.

How long would it take to setup a remotely secure network for someone untrained in Meshtastic?  Are you very tech-savvy or only slightly?  In less than a day, I can train you to transmit with a wifi only tablet and a Baofeng, sending out short burst encrypted messages.  If pressed for time I can teach you how to do it safely in a few hours thanks to NCScout training the trainer style of teaching. https://brushbeater.store/collections/training-courses  Can someone teach me Meshtastic in that short of time, then set up a system in short notice and prevent others from easily gathering vital data on my friends, family, confidants? If so I would like to see that class.

Today’s modern resources can give us many gifts; they connect rural areas and can create accessible, non-cellular networks to communicate with.  This is great until you realize that this free distributed network is neither controlled nor owned by you, just like cell phones.  Anyone in this field of study should know by now what is wrong with cell phones, but if you need a deadly example, we only need to look at Ukraine, and the multiple time’s Westerners went to Ukraine with systems like ATAK and got smoked just inside the border.  I will reference one link for proof, but there is far more for you to find if you search the subject. Suffice it to say it’s a very rarely talked about subject because ATAK was a Defense Threat Reduction Agency (DTRA) and Raytheon-funded project.  If you trust either of them, well, I have some excellent Ukrainian oil stocks to sell you, and I promise the Bidens aren’t involved.  Next, and sadly, the worst part is just trusting your cellphone to operate any software.  It is dangerous enough having a WIFI only tablet, downloading APK files then transferring them from one source to another.  While safe now depending on where you got the APK, and who wrote it the risk is still there.

Again, I don’t care if it is Apple or Android remember that we have court cases where the gov had all the information, they just weren’t legally allowed to use it in court against the defendant because of how they obtained the information. There are things more advanced than Stingray system that can get you scooped up quickly.  Just remember if it is being sold in China and connects to a cell tower, it has a backdoor.  Unless you are savvy enough to cut the cell system out of a device, expect it is always talking even if you didn’t pay for service.  So, to recap, if you are building a very UNSAFE open network for people to use for a peacetime operation, Meshtastic is fine.  Now, let’s dive into why you shouldn’t waste your time on this if you are remotely prepping or worried about anything beyond lousy weather.

Link to probable ATAK users killed by Russia.

https://www.thenation.com/article/world/lviv-foreign-fighters-ukraine/

The issue with these networks, if we remove all the issues with cellphones and use hacked-up text-only stuff, still falls under the ping issue above.  If you have 1-5 nodes and want to talk with 1 and 5, 2-3 will still get and retransmit that message.  This creates a wave of signals in the area, and the general network can be located with a KrakenSDR fairly quickly.  So even if we play smart send only at certain times, etc, the risk is amplified that this network will be found.  You might say cool, but they can’t find me directly right away.  That might be true unless they can sniff out your unique data.  Just like the US Navy knew the Russian Navy was hunting something, knowing your patterns and activity without the message is still a great intel snatch.  Don’t believe me? Read about that in Guerrila’s guide to Signal Intelligence. https://a.co/d/8XF3jZl

A thread on how Meshtastic operates: https://meshtastic.discourse.group/t/how-does-the-mesh-of-meshtastic-work/4714

What about the super cool encryption?  If I could slam my head on the desk in front of you, I would.  Sure, 256 AES is hard to break; Bubba won’t be able to hack it, but if you believe the military/government of the world can’t get in, you’re nuts.  However, there are two issues here.  You need to know how to change the key, you have to change it for all the devices, and like all things open source, the software has a default key, so if you don’t change it, you are basically open to anyone operating on your system or listening in.   Add to that if the system has a node that is HAM mode, then it goes fully unencrypted for anyone to hear.  A note for 256 bit encryption the US military recommends changing it every 30 days, some radio systems have been found to have issues that allowed decryption without breaking the key as well.  That again is left for a smarter caliber of writer, but know it has happened before.

[You have two options for open. Meshtastic calls them “Channels.” It’s really just a string that defines the encryption key. If you make up a new channel name, nobody else is going to hear you. But…the default channel is the same for everyone when you fire up the program. If you don’t change the channel name, you’re all on the same “channel” and can talk to each other. Technically, in that case, you’re all using the same AES key, and the traffic is still encrypted. Sort of like everyone agreeing to use 12345 as their luggage combination.

The other is amateur radio mode. That removes the encryption completely. You’ll have to talk to someone who is really into ham stuff. I’ve been a ham for 30 years and have never put my devices into that mode. Never saw the need, sorry.]

https://www.reddit.com/r/meshtastic/comments/17mrssn/newbie_needs_explanation/

Add to that most of this networking troubleshooting is done on (inserts drum roll) a fucking cellphone.  Yep, it’s an all-so-hackable thing that everyone from local LE to 5 eyes (or is it 7-11 eyes now) can access easily.  See the link below for that little info.  Here is the kicker, though: if you don’t do some hard work on these things, many of the nodes come with GPS.  So, let’s say I find a node; not only can I read the info of the display, but with the right equipment, I can pull every GPS location on the network, but that is 4nt1p4tt3rn topic.  Hopefully, he will write an article, and I hope when he sees this, he gets up and does something about it or put his X posts together into something good.

https://meshtastic.letstalkthis.com/

I want to circle back with one more article to double-expose how bad this crap is.  I am going to post the image to show you how screwed the military is right now.  The article eludes to the fact that stuff like ATAK can create a hotspot of signals, and the worst part is they are pretty easy to locate with drones and off-the-shelf equipment.  You may not get an image like this, but the reality is if some Logistician, far removed from the military, can hunt this crap down, fat Sad Hams sure as hell can do it, and by god, someone actively coming for you can do the same as well, and maybe faster then this REMF of 1.  Now, remember ATAK is linked to Android devices, with all sorts of issues there.  Then add to it all the data blowing around on it all the time, and the system is constantly updating.  If you don’t get it, the image below should give you an idea of what is happening.

https://www.thedrive.com/the-war-zone/33401/this-is-what-ground-forces-look-like-to-an-electronic-warfare-system-and-why-its-a-big-deal

I will be fair to the Mesh network people; the idea has merit for many applications; it has some promising subversive city-dwelling stuff, but only with massive use and a different form of encryption beyond the AES 256.  Remember, if I get one node in my hands, I have your code and can read all the messages on the system.  Add to that this really is a good concept for rural systems or setting up a very local network on a farm you have constant control over.  It might even be ok for a base of operations for a unit that isn’t worried about being smacked by SIGINT and indirect.  What this isn’t good for is anything, Guerrilla, keeping yourself clandestine, or tactical work.  It isn’t a easy system to harden which is why I am so against it, beyond the obvious issue.  While its nifty and I support not only the innovation, but the off grid concept, everything you want to do can be done with baofengs, and small tablets sending short text transmissions with your own encryption like OTP far more safely.  While bulkier than some of the Meshtastic/LoRa systems, you have control over them, the antennas, etc.

https://en.wikipedia.org/wiki/Fast_Simple_QSO