Fooling around with LoRA – Meshtastic (2023)

Using Lilygo T-Beam v1.1

Ok, it has been quite a while, I got 2 Lilygo T-Beam https://meshtastic.org/docs/hardware/devices/tbeam/ in 2021 during covid time, but they were sitting in the drawer. Finally install Meshtastic firmware https://meshtastic.org/ to both of the T-beam board, the firmware installation is quite a child play with the web interface, as a firmware guy, it is too simple so cannot complaint, just go to this page https://flasher.meshtastic.org/ from your web browser (mine is Chrome), the rest is self-explaining. I connect the T-Beam micro-usb to my Win10 laptop, COM port on my machine is COM5, your might be different.

I heard about LoRa for quite sometime so while working on a 5G-NR radio, I said what a heck let see what LoRa really is and how much fun we can learn by tinkering with the available hardware that are laying around.

I want mostly try the off-the-grid texting feature, this is quite cool to have a texting system quite long range that runs autonomously. I tested with my phone Samsung A8, Samsung tablet and web version on a Windows 11 laptop, I am very pleased with the result. For phone and table I just simply install Meshtastic from the Appstore.

For a simple “long range” test, I just put one T-beam by the window and just walk around the neighborhood and texting back my location, the neighborhood is a city dense environment, le radio is on the 2nd floor, the longest distance is 544m, very good since it is not line-of-sight, tons of building/apartment’s separating the two radios. I am using the radio setting Long-Fast for this test.

While watching a Youtube from Meshtastic to improve range https://youtu.be/V3f-Y3EfsBU, I found out the stock antenna that came with the T-Beam is not a good one based on the NanoVNA measurements, I think I bough this NanoVNA sometime ago.

I am also impress with the on-board GPS, which is a module NEO-6M, the GPS update is quite accurate as I walked around the neighborhood.

One little quirk, no sure it is me or not, I was not able to connect 2 devices to the same T-beam Bluetooth simultaneously, the whole idea is the T-beam serve as “base station” to link up with the mesh of Meshtastic devices. Maybe I miss something, more to come.

I am so happy with the result I bought 2 more Lilygo Lora, a T-beam and a Lora32 (without GPS) to expand my experimentation.

I saw a Youtube where they integrate ATAK app to use Meshtastic, not sure if ATAK is useful but it can worth a test.

It could be very useful outdoor communication in location where mobile coverage is not present like national parks. If we can text while on the lake that would be nice, bonus is location provided by GPS.

LoRa Modulation Magic

Or how to decode a symbol that is below the noise floor, yes that is possible, there is this excellent video explaining all the mathematic behind LoRa modulation https://youtu.be/jHWepP1ZWTk for sure it is not for people who are not keen into signal processing mathematics, but for those who are, it is a very nice video with the Matlab code to generate a LoRa symbol signal and the demodulation of this, the author shows how the actual magic happens to retrieve the symbol where the signal is under the noise floor, i.e. SNR is negative!

More in deep of LoRa phy can be found here from this presentation Decoding the LoRa PHY (33c3) https://youtu.be/NoquBA7IMNc it is heavy stuff, the presenter had to reverse engineer the PHY based on little information available.

• https://meshtastic.letstalkthis.com/

Fooling around with SoftSDR via HackRF One and HackRF One with Portapack H2 and GNSS

Since I started to work on an O-RAN 5G RU radio last year (2021), my hobby of softsdr just got back to surface 😎 I work more specifically on the clock synchronization using PTP/SyncE.

I have got a HackRF One and later the Portapack H2 module, I am using Mayhem firmware for the Portapack.

Since PTP can be easily spoof, unless you protect with MACSEC, for some lazy reason, our HW/FPGA did not want to add MACSEC to protect the S-Plane/PTP. For security reason, I will not disclose where I work.

It is a child play to spoof PTP, I setup a network of many RPI with PTP, just save PTP traces from master clock and later replay those packets, we can see ptp4l goes crazy with large offset.

Some HW guy at work even goes to say PTP can be protected by GNSS, which I just told them it is the other way around as GNSS can be much more easy to attack over the air by spoofing or jamming the signal. As per new timing requirement for critical infrastructure (telecom, financial, power grid), it is essential to have an alternate clock source to back up GNSS.

I used the Portapack to replay GPS signal to my Ublox, after 2 minutes the Ublox lost it, that is time is reset to 23:59 and I lost positioning coordinate as well, worse thing is I remove the interfering signal and Ublox did not recover, I had to power-cycle the module. My theory is the Ubox entered anti-jamming anti-spoofing by trying to desense the receiver, maybe if I wait long enough it might remove the desense.

I recorded a video to demonstrate when the Ublox lost it (will upload here soon).

Some people think they can make gold from lead in 2022.

Fooling around with WRT54G (again)

Many years ago I bought many WRT54G (GL, V4, GS V4, V5), at first I used dd-wrt in all modes, especially repeater and client mode.  I also put kismet on one of them.

To improve kismet range I made a 2 meters RG8 cable  with TNC-RP and N coupled to my cantenna (Nescafe), picture to follow.

Last year 2010 I spent a whole weekend to put Freeradius on one of the WRT54GL, I used openwrt whiterussian.  After hours and hours to find out the right EAP that fit on my 4MB flash, I got the Freeradius to authenticate my dd-wrt WRT150N and my cadillac access point HP MSM466 (EAP-PEAP).  I basically run Freeradius under Ubuntu to trim down the unwanted EAP.   It was quite headache to find free flash space, I removed all the not used modules to have only barebone router with Freeradius.

Now I try to backup my flash with the Freeradius, some people suggest to use JTAG but I saw a guy using CFE boot to backup the flash, much faster, so I decide to put serial on the WRT to access CFE.

A few week ago I saw a TP-LINK 941ND (2 streams with 3 radios chains) for $43, chipset is Atheros and has dd-wrt support, so I decide to give it a try to replace my WRT54G used as client bridge for a Sony tv which has only ethernet port.  It tooks 15min to flash dd-wrt.

To run client-bridge on TP-Link it took a while as to made it works, mac cloning was required, for some reason the wifi mac and the lan mac seems to be the same? so with mac cloning to have wifi mac a value +1 from lan mac.  Under Broadcom WRT54G all the mac address are different so no mac cloning is required there, client-bridge just works out-of-the-box.  I made a post under dd-wrt forum to thanks the guy who gave the mac cloning tip.

I don’t know why the genius behind Linksys marketing changed the router “look”, personally I hate the new”space-age UFO” look, they tried to make it look like an appliance you can put in the living room, so the guest to your house can say “wow what a nice looking UFO”.  I maybe old fashion but I prefer the WRT54G look.  I kind of like the Netgear vertical look.

D-link new router DIR-645 cylindrical smart antenna router is quite “shocking” in a good way, I went to FCC report to have peek inside and I’m quite impress with the design, I thought the DIR-645 used some new Atheros chipset but to my surprise the chipset is Ralink!?  The Tx power is also impressive >100mW (20dBm+).  The way the antenna array is setup remind me of Ruckus AP.  I really want to have a hang on the DIR-645 to see how it performs.  I’m a big fan of smart antenna, steer the signal to where the client device is a smart thing to do.