evilsocket/pwnagotchi

mesh protocol is not signed

Open

#530 aperta il 5 nov 2019

Vedi su GitHub
 (3 commenti) (0 reazioni) (1 assegnatario)JavaScript (978 fork)batch import
enhancementhelp wanted

Metriche repository

Star
 (6243 star)
Metriche merge PR
 (Nessuna PR mergiata in 30 g)

Descrizione

while developing the mesh protocol, i also implemented the signature for the payload so that impersonation/spoofing and in general sending fake data can't be done (relevant for things like #529) ... the idea is that each unit has a list of public keys of friendly units that are authorized to receive signed mesh data from.

The current implementation is however commented:

https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L147 https://github.com/evilsocket/pwngrid/blob/master/mesh/peer.go#L199

because with a signature the payload would become too big for a single frame, and the injection would fail here:

https://github.com/evilsocket/pwngrid/blob/master/mesh/packet_muxer.go#L107

Sending more than one frame is not doable as the interface is hopping unpredictably on the wifi channels.

Ideally we should find a way to use a signature scheme that would generate a small overhead in size, maybe something like BLS.

Guida contributor