M0SFW – Experiments in Radio Communications

Meshtastic Firmware Update – You Might Need A Ladder

I have two Meshtastic nodes mounted on top of a mast as infrastructure to contribute to the mesh. You can read about the solution here.

Yesterday I updated the firmware on the nodes from 2.4 to 2.5…. The only problem is that during the upgrade the nodes factory reset and also disabled the serial interface control! So now we have a challenge – two Heltec V3 nodes 10m up in the air with no control. For those not familiar with the Heltec V3 node normally on initial factory reboot you communicate with the node using bluetooth. The bluetooth pin number is randomised and displayed on the screen of the device. So the situation is:

  • I can see the Bluetooth interface from the ground using my phone.
  • I don’t know what the pin number is, I can’t access that data without a ladder.
  • I cannot configure the device using API over the serial ports as this is disabled in the configuration.
  • I can’t connect the devices to the WiFi because I can’t configure them without a ladder.
  • I can access the devices using the raspberry pi mounted on the mast with the Heltec modules. This is connected to USB interface for firmware upgrade.

How to solve this puzzle without a ladder?

The first thing I tried was to edit the userPrefs.json file. This is a new feature in 2.5 which should allow a user to configure custom default settings. However I was disappointed to find that the range of configuration options is very limited and I was not able to configure either the network or the Bluetooth settings. However that got me thinking, maybe if I can upgrade the firmware on the nodes I might be able to hack into the devices using code.

So here is how I solved the problem:

  1. First I created my own fork in the Meshtastic github so that I can write my own custom code.
  2. In the repository locate the src/nimble/NimbleBluetooth.cpp file which contains the code to randomise the Bluetooth PIN. Let’s make that a little less random!
  3. Build new custom firmware and flash to the device using the raspberry pi which I can access via the network.
  4. Now I can access the device via Bluetooth without a ladder and restore my configuration!

Here’s what I changed:

        if (config.bluetooth.mode == meshtastic_Config_BluetoothConfig_PairingMode_RANDOM_PIN) {
            LOG_INFO("Use random passkey");
            // This is the passkey to be entered on peer - we pick a number >100,000 to ensure 6 digits
            // Comment this line and replace!  passkey = random(100000, 999999);
            passkey = 123456;
        }
        LOG_INFO("*** Enter passkey %d on the peer side ***", passkey);

And voila! I can connect to the devices on my phone with the pin number 123456!

Did it work? Yes

Would it have been quicker to fetch the ladder? Also yes!

willwoodman

Leave a Reply

Your email address will not be published. Required fields are marked *