jason schaefer . com

"arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say."

Category: android

  • Meshtastic solar repeater and client node setup

    ** this post is under construction **

    == Repeater setup ==

    Requisites:

    – solar charged
    – battery powered
    – low temp Li-ion charge cutoff
    – low power
    – no gps module due to fixed location
    – advantageous location
    – reliable/durable
    – medium gain antenna

    Materials:

    Soldering iron. Whatever you have should work, no fancy soldering required

    Heatshrink tubing https://www.amazon.com/Wirefy-180-Heat-Shrink-Tubing/dp/B084GDLSCK/

    RAKwireless WisBlock Meshtastic Starter Kit US915 https://store.rokland.com/products/rak-wireless-wisblock-meshtastic-starter-kit

    Optional GPS module https://store.rokland.com/products/rak-wireless-rak12500-gnss-gps-location-module-u-blox-zoe-m8q

    Outdoor, 915mhz, dipole antenna https://www.mouser.com/ProductDetail/712-ANT-8-9-IPW1SMA

    18650 Battery holder https://www.amazon.com/dp/B098SS1XYG

    Nitecore low temp battery https://www.18650batterystore.com/products/nitecore-nl1835lthp-18650-3500mah-8a-low-temperature-battery

    JST 2.0 Ph 2-Pin Connector Plug Male with 150mm Cable & Female https://www.amazon.com/dp/B01DUC1O68

    JST ZH1.5mm 2PIN Micro Electrical Male and Female Connector Plug with 150mm Wire Cables **this is only needed if you want to bypass the low temp charge controller and plug in direct to the onboard RAK solar plug** https://www.amazon.com/dp/B0B58M7D49

    5w solar panel https://www.amazon.com/Dzees-USB-C-Solar-Panel-360%C2%B0Adjustable/dp/B0CT355XFY/

    Adafruit solar charger with low temp cutoff https://www.adafruit.com/product/4755

    10k thermistor https://www.adafruit.com/product/372

    Male DC Power adapter – 2.1mm plug to screw terminal block https://www.adafruit.com/product/369

    Insulated enclosure https://www.harborfreight.com/brands/apache/1800-weatherproof-protective-case-small-black-64550.html

    Camo the PV and Enclosure https://www.rustoleum.com/product-catalog/consumer-brands/specialty/camouflage-spray-paint

    The Rak Wisblock is the perfect choice for a repeater. Its low power, modular and extremely reliable. You can purchase the starter kit which comes with the base board (RAK19007) and the Lora + bluetooth chip (RAK4631). It comes with PCB antennas (0.8dBi) that we won’t use for this fixed repeater. Always keep the antennas connected before powering the radio! Lack of antenna load will result in damage to the radio chip.

    Lets start by setting up the Rak wisblock for Meshtastic firmware

    Download the version of Meshtastic that suites you. Go through the change log to help you decide https://github.com/meshtastic/firmware/releases

    Here is the link to the latest stable https://github.com/meshtastic/firmware/releases/latest

    unzip firmware-2.3.10.d19607b.zip

    locate the firmware file for the wisblock 4631. Its called “firmware-rak4631-2.3.10.d19607b.uf2” (replace the 2.3.10…. with whatever fw version your using)

    plug the wisblock into your computer and double tap the button shown below.

    This will expose a mountable filesystem that you can copy the firmware image into.

    copy “firmware-rak4631-2.3.10.d19607b.uf2” onto the RAK4631 mount point. It might have current.uf2, index.htm and info_uf2.txt, don’t mess with those. Just copy and paste the “firmware-rak4631-2.3.10.d19607b.uf2” file into the RAK4631 partition. The green light will flash while its transferring and it will reboot when done. The firmware is now loaded and we move onto programming the radio with meshtastic software.

    We will be using the CLI (command line interface) meshtastic python script. https://meshtastic.org/docs/getting-started/initial-config/

    start by creating your python environment for interfacing with the RAK firmware operating system. https://meshtastic.org/docs/getting-started/initial-config/

    We will use pip to install meshtastic and create a python virtual environment to control the version of binaries and all the dependencies needed. These instructions are for Debian, of course ;-)

    sudo apt-get update
sudo apt-get install python3
sudo apt-get install python3-pip

    lets create a working directory for meshtastic

    mkdir meshtastic

cd meshtastic

    Now create the virtual environment for python

    mkdir python

    python3 -m venv python/

    Enter the virtual environment and install meshtastic esptool and all its dependencies

    source python/bin/activate

    pip install --upgrade esptool meshtastic

    Anytime in the future when you need to use meshtastic you will enter the python virtual environment with 

    source meshtastic/python/bin/activate

    This way you can control the versions of meshtastic and esptool without affecting any other versions of the python scripts, binaries and dependencies on your system.

    Now we can program the RAK radio

    to see whats currently programmed run

    meshtastic --info

    If this radio has been used before or you want to be sure of a blank slate run a factory reset

    meshtastic --factory-reset

    Now the radio can be setup from scratch. “Region US” sets the radio up for use in the USA at 915mhz

    meshtastic --set lora.region US

    set the name of this node

    meshtastic --set-owner [name]

    I like to set a preset bluetooth pin so I can easily access it locally over bluetooth from android phone using the meshtastic app.

    meshtastic --set bluetooth.mode FIXED_PIN

    the pin must be 6 characters long

    meshtastic --set bluetooth.fixed_pin 123456

    designate this as a router. Here is a description of what this means https://meshtastic.org/docs/configuration/radio/device/

    meshtastic --set device.role ROUTER

    Since this wisblock does not have the gps module (since its fixed location and conserves power) you will need to set its location manually. You can add a GPS module with the RAK12500 GNSS GPS Location Module.

    meshtastic --set position.fixed_position true --setlat 38.88987 --setlon -77.00971
    meshtastic --ch-set name family --ch-index 0

    use “psk random” for high encryption aes256

    meshtastic --ch-set psk random --ch-index 0

    Add a admin channel to this repeater so you can remotely administer the hardware. Unfortunately, this admin channel needs to be added to both nodes in order for administration features to work. This means that if someone physically gains access to this device they will have access to your channels encryption key and the admin key. So communications can be decrypted and they can remotely administer other nodes that have this admin channel. 

    meshtastic --ch-add admin

    run –info again to confirm changes

    meshtastic --info

    you should see things like

    
Owner: raktest (49aa)
....
  "device": {
    "role": "ROUTER",
....
    "position": {
      "latitudeI": 388898700,
      "longitudeI": -770097100,
      "latitude": 38.88987,
      "longitude": -77.00971

....
  "bluetooth": {
    "enabled": true,
    "mode": "FIXED_PIN",
    "fixedPin": 123456
....
Channels:
  Index 0: PRIMARY psk=secret { "psk": "McyfwZfTvif/Ig6KTf5zWX0JxzFdYLPJeKYi91lhxpA=", "name": "family",
....
Index 1: SECONDARY psk=secret { "psk": "w5idYjeyhw1e5jHL5EjjQuDwEH6iqZckSbzXgZNSfGA=", "name": "admin",

    And finally the channels URL. These URL’s hold the encryption key and name of the channel. Use these to add future devices to the mesh. The last “Complete URL” additionally contains the admin channel so only use that for nodes that you want to use for remote administration and devices that you want to be able to remotely administer. I will go over client configs later in this post using a tbeam.

    Primary channel URL: https://meshtastic.org/e/#Ci4SIDHMn8GX074n_yIOik3-c1l9CccxXWCzyXimIvdZYcaQGgZmYW1pbHk6AgggEgoIAUADSAFQHmgB

Complete URL (includes all channels): https://meshtastic.org/e/#Ci4SIDHMn8GX074n_yIOik3-c1l9CccxXWCzyXimIvdZYcaQGgZmYW1pbHk6AgggCikSIMOYnWI3socNXuYxy-RI40Lg8BB-oqmXJEm814GTUnxgGgVhZG1pbhIKCAFAA0gBUB5oAQ

    copy and paste the channel URL’s into your notes, for later.

    Now we move on to the hardware needed to turn this into a robust, long term outdoor repeater

    The RAK repeater is very tolerant to extreme temperatures but the li-ion battery is not so forgiving. It is sensitive to very hot and cold conditions. The most limiting factor is charging li-ion in freezing conditions. This will quickly destroy a battery. To help minimize temperature swings I opted for a larger container with some insulation to smooth out the hot and cold transitions. This case was cheap, insulated and decent quality. So far its survived a few years in the harshest of conditions. https://www.harborfreight.com/brands/apache/1800-weatherproof-protective-case-small-black-64550.html

    This case is not enough to keep the battery above freezing. Winter months are long and very cold and my batteries would get trashed within a few months of use in winter conditions. To solve this problem I used a low temp-cutoff charge controller from adafruit. https://www.adafruit.com/product/4755 in conjunction with a 10k thermistor https://www.adafruit.com/product/372

    This charge controller is far superior to the internal charge controller of the RAK and with the added low temp cutoff I haven’t had to replace a battery since.

    == Roaming mobile nodes ==

    Requisites:

    – Small/portable
    – low power
    – battery powered
    – GPS
    – waterproof
    – low gain antenna
    – easily re-charged (usb)

    Materials:

    Lilygo TBeam v1.2 https://store.rokland.com/products/lilygo-ttgo-meshtastic-t-beam-v1-1-esp32-lora-915-mhz-wireless-module-wifi-gps-neo-6m-with-oled-display-soldered-for-arduino-q349

    cable gland pg9 https://www.amazon.com/dp/B07VT317NT

    39/64″ drill bit https://www.amazon.com/Drill-America-High-Speed-Reduced-Shank-64/dp/B01BKTNHPY/

    Pelican 1010 micro enclosure https://www.pelican.com/us/en/product/cases/micro/1010

    TO BE CONTINUED…

  • Migrating SMSSecure (Silence) keys and texts

    For those unfamiliar: SMSSecure (now called Silence) is a text messaging application that supports encryption. It has exceptional integration on your phone and will handle your non-encrypted friends acquaintances texts as well.
    https://smssecure.org
    I recommend using fdroid to install it. F-droid is a Free Software repository for Android.
    https://f-droid.org

    UPDATE: You can now export an encrypted copy of Silence. This export includes your encryption keys. From your old phones Silence “app”lication, under the three horizontal “…” -> “Import / Export” -> “Export encrypted backup”. This exports to the phones /sdcard/SilenceExport or from mtp “mtp://[usb:xxx,xxx]/Internal storage/SilenceExport”. Copy this directory to the new phone, to the equivalent path (/sdcard/). Install Silence on the new phone. In my experience the first-run import prompt didn’t work so I had to do it manually. Click the three horizontal “…” -> “Import / Export” -> “Restore encrypted backup”. Your done!

    I wanted to do this transfer using mtp but neither thunar or nautilus could “see” the SilenceExport directory. I had to do the following:
    plug in old phone and copy the export to my laptop:
    adb pull /sdcard/SilenceExport/
    plug in the new phone:
    adb push SilenceExport/
    Remember you have to authorize your laptop from the phone.

    THE FOLLOWING INSTRUCTIONS ARE CONSIDERED OUT OF DATE yet still useful for some.

    When moving to a new phone you can export a plain text copy of all your sms texts for import on the new phone. This is fine but has many drawbacks. The export feature of smssecure does not export a users encryption keys. Here are instructions on doing this yourself. Its really not as bad as it might seem and is worth doing to avoid re-keying with every friend you text with. You can also avoid exporting sensitive txt’s to plain-text.

    PREREQ’s:
    Install SMSSecure on the new phone.
    You will need adb access to both phones.

    Enable developer options by going into Settings -> About phone -> then press “Build number” 7 times.

    Enable adb access under Settings -> Developer options -> Android debugging.

    Allow adb root access from “developer options -> Root access” “Apps and ADB”. Otherwise you will get a permission error like so:

    shell@ville:/ $ su -
Permission denied

    Also, be sure your computer can see the phone:
    [jason@local ~] $ adb devices
    List of devices attached
    393520931D5B00EC device

      • If usb is broken you can use ADB over the network. Enable it under Developer options -> Android debugging -> ADB over network. Connect to your local wireless first and take out your sim card before enabling. Otherwise your phone will be fully reachable over the cell network/public internet.

    Now connect to the phone over the network:
    [jason@local ~] $ adb connect 192.168.123.12:5555

    You can continue as if it was plugged in directly…
    To disconnect from the phone use this:
    [jason@local ~] $ adb disconnect 192.168.123.12:5555

    STEPS:
    I wasn’t able to directly copy the smssecure directory to my computer. It errors with zero files transferred:

    [jason@local ~] $ adb pull /data/data/org.smssecure.smssecure/ org.smssecure.smssecure-balz
pull: building file list...
0 files pulled. 0 files skipped.

    First I copy it to the sdcard of the old phone:

    [jason@local ~] $ adb shell
shell@crespo:/ $ su -
root@crespo:/ # cp -rv /data/data/org.smssecure.smssecure/ /sdcard/

    Copy the smssecure data from your old phone /sdcard/ to your local computer:

    [jason@local ~] $ adb pull /sdcard/org.smssecure.smssecure/ org.smssecure.smssecure

    Now plugin the new phone

    Next, we will copy the org.smssecure.smssecure directory to the new phone:
    Note: I attempted to copy directly to the new phone at /data/data but there was a permission denied:

    [jason@local ~] $ adb push org.smssecure.smssecure/ /data/data/
push: org.smssecure.smssecure/databases/messages.db-journal -> /data/data/databases/messages.db-journal
failed to copy 'org.smssecure.smssecure/databases/messages.db-journal' to '/data/data/databases/messages.db-journal': Permission denied

    Instead copy it to the /sdcard/ of the new phone, first:
    UPDATE: This doesn’t work anymore

    [jason@local ~] $ adb push org.smssecure.smssecure/ /sdcard/
adb: warning: skipping empty directory 'org.smssecure.smssecure/code_cache/'
adb: warning: skipping empty directory 'org.smssecure.smssecure/app_captures/'
adb: error: failed to copy 'org.smssecure.smssecure/lib' to '/sdcard/org.smssecure.smssecure/lib': symlink failed: Operation not permitted

    The brilliant developers of adb didn’t write in support for adb push to be recursive? We have to get creative as usual with Android. Use zip if you have unzip on your phone.

    [jason@local ~] $ zip -r org.smssecure.smssecure.zip org.smssecure.smssecure/

And then,
adb push org.smssecure.smssecure.zip /sdcard/
adb shell
cd /sdcard/
unzip org.smssecure.smssecure.zip

    Before we proceed lets check what permissions the org.smssecure.smssecure directory is currently set to (from the phones shell). In this case its chown u0_a63.u0_a63 and chmod 755:

    root@crespo:/ # ls -ld /data/data/org.smssecure.smssecure/
drwxr-xr-x u0_a63   u0_a63            2015-12-06 21:35

    Keep note of this for later.

    Using the new phone’s root shell you will delete the existing (un-used) directory and copy your smssecure directory (with all your text’s) from sdcard to /data/data:

    [jason@local ~] $ adb shell
shell@crespo:/ $ su -
root@crespo:/ # 
root@crespo:/ # rm -fr /data/data/org.smssecure.smssecure/
root@crespo:/ # cp -rv /sdcard/org.smssecure.smssecure  /data/data/

    Note: If you try using move (mv) instead of copy (cp) and your sdcard is on a separate partition you will get this error:
    root@maguro:/ # mv /sdcard/org.smssecure.smssecure/ /data/data/
    failed on '/sdcard/org.smssecure.smssecure/' - Cross-device link
    255|

    Back to permissions:
    After the data is copied to the new phone the directory and file permissions will be wrong (owned by root):

    root@crespo:/ # ls -l /data/data/org.smssecure.smssecure/       
drwxrwx--- root     root              2015-12-06 21:35 app_parts
drwxrwx--- root     root              2015-12-06 21:35 databases
drwxrwx--- root     root              2015-12-06 21:35 files
lrwxrwxrwx install  install           2015-12-06 15:07 lib -> /data/app-lib/org.smssecure.smssecure-1
drwxrwx--- root     root              2015-12-06 21:35 shared_prefs

    We need to change ownership to user and group. In my case I need to change it to u0_a63. Android’s chown doesn’t work as expected:

    root@crespo:/ # chown -R u0_a63.u0_a63 /data/data/org.smssecure.smssecure/
No such user '-R'

    Unfortunately, android sucks and chown is broken so we must get creative. Like any puzzle, its simple once you know the answer :-)

    root@crespo:/ # find /data/data/org.smssecure.smssecure/ -exec chown u0_a63.u0_a63 {} \;

    Luckily, chmod works ok:

    chmod -R 755 /data/data/org.smssecure.smssecure/

    Be sure to reboot your phone.
    Note: My SMSSecure disappeared and I needed to re-install. Everything was there after I re-installed and it survived subsequent reboots.

    done;