Show more

on RAKwireless can generate random Application Keys for Over-The-Air Activation (OTAA) ... We shall use keys to activate our and devices wirelessly

thethingsindustries.com/docs/d

Show thread

Something (or Someone) is transmitting Packets every minute ... Signal Strength (RSSI) shows that they're a few hundred metres away

gist.github.com/lupyuen/8dacf0

Show thread

Someday I might walk around with RAKwireless to find the Mystery Transmitter ... But for now let's test WisGate with WisBlock and BL602!

docs.rakwireless.com/Product-C

Show thread

After transmitting a packet, a Device () will open a short "Receive Window" ... To receive a Response Packet (if any) from the LoRaWAN Gateway ()

github.com/lupyuen/wisblock-lo

Show thread

When hunts for the next Frequency Channel to transmit (Spread Spectrum) ... It listens to the airwaves to check whether the channel is in use ... Let's find out whether BL602 is doing Carrier Sensing correctly 🤔

github.com/lupyuen/bl_iot_sdk/

Show thread

Oops Mynewt's Carrier Sensing implementation is outdated ... Semtech's LoRaWAN Reference Implementation does NOT require Carrier Sensing outside Japan and South Korea ... So we disable Carrier Sensing and use a random LoRa Frequency Channel

github.com/lupyuen/bl_iot_sdk/

Show thread

After disabling Carrier Sensing ... hits an Exception while transmitting the Join Network Request ... Let's lookup these addresses in the RISC-V Disassembly

github.com/lupyuen/bl_iot_sdk/

Show thread

According to our RISC-V Disassembly, Driver hits a Null Pointer Exception here ... Seems like non-essential logging code ... So let's disable this code

github.com/lupyuen/bl_iot_sdk/

Show thread

is now transmitting the Join Network Request ... But doesn't receive any response from our LoRaWAN Gateway (WisGate) ... Let's check the WisGate LoRaWAN Log

github.com/lupyuen/bl_iot_sdk/

Show thread

Sadly our Gateway didn't receive any LoRaWAN Packets transmitted by ... Let's look inside the transmitted packets ... And verify the transmission with Airspy SDR

github.com/lupyuen/bl_iot_sdk/

Show thread

"Join Network" Packet transmitted by ... Looks similar to the one transmitted by BL602 ... Nonce and Message Integrity Code will differ of course

github.com/lupyuen/wisblock-lo

Show thread

Here are the Packets transmitted by RAKwireless ... Captured by Airspy SDR and CubicSDR

youtu.be/xdyi6XCo8Z8

Show thread

vs : Join Network Request ... Let's check the Nonce and Message Integrity Code ... Wonder if we can retransmit the BL602 packet from WisBlock 🤔

github.com/lupyuen/bl_iot_sdk/

Show thread

Let's copy the Join Network Request generated by ... And retransmit with ... Surprise: the Join Request succeeds! 😲 Which proves the Nonce and Message Integrity Code are OK ... Probably the BL602 Power Amplifier setting is wrong 🤔

github.com/lupyuen/bl_iot_sdk/

Show thread

But wait: Will allow replayed "Join Network" Requests? 😲 Nope it doesn't! will reject Replayed Requests because the Nonce needs to be unique ... Here's how we find Nonce Errors in RAKwireless WisGate

github.com/lupyuen/bl_iot_sdk/

Show thread

We should always select "Public LoRa Network" (instead of Private) ... So that our Driver will transmit Public Sync Word 0x3444 (instead of 0x1424) ... Duh! 🙄

github.com/lupyuen/bl_iot_sdk/

Show thread

transmits a packet to Gateway and receives the response ... Why is BL602 transmitting at Lower Power, when the Power Amplifier is enabled? 🤔

github.com/lupyuen/bl_iot_sdk/

Show thread
Show more

@lupyuen you could use a bloom filter or similar, but then how would you time them out?

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.