evilsocket/pwnagotchi

mesh protocol is not signed

Open

#530 ouverte le 5 nov. 2019

Voir sur GitHub
 (3 commentaires) (0 réactions) (1 assigné)JavaScript (978 forks)batch import
enhancementhelp wanted

Métriques du dépôt

Stars
 (6 243 stars)
Métriques de merge PR
 (Aucune PR mergée en 30 j)

Description

while developing the mesh protocol, i also implemented the signature for the payload so that impersonation/spoofing and in general sending fake data can't be done (relevant for things like #529) ... the idea is that each unit has a list of public keys of friendly units that are authorized to receive signed mesh data from.

The current implementation is however commented:

https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L147 https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L199

because with a signature the payload would become too big for a single frame, and the injection would fail here:

https://github.com/evilsocket/pwngrid/blob/master/mesh/packet_muxer.go#L107

Sending more than one frame is not doable as the interface is hopping unpredictably on the wifi channels.

Ideally we should find a way to use a signature scheme that would generate a small overhead in size, maybe something like BLS.

Guide contributeur