Droid-Star open development

User avatar
YT5HOK
Posts: 213
Joined: Sat Nov 16, 2019 11:36 am
Location: Belgrade, KN04FR

Re: Droid-Star open development

Post by YT5HOK » Fri Feb 12, 2021 11:08 am

VK3KYY wrote:
Fri Feb 12, 2021 8:59 am
YT5HOK wrote:
Fri Feb 12, 2021 8:37 am
So, there is no option that un-licensed person uses BM. Well, one can try to counterfeit documents for license validation, but we are not going there now.
Can't anyone just set up the App using any DMR ID that's already been allocated?
i.e This can be anyone's ID.
Yes. Thus mandatory hotspot security. Well, not everywhere yet (on every master).

Also, if anyone abuses someone else's ID over repeater(s), one can use AirSecurity.

ok1pt
Posts: 167
Joined: Mon Jul 20, 2020 3:38 am

Re: Droid-Star open development

Post by ok1pt » Fri Feb 12, 2021 11:10 am

VK3KYY wrote:
Fri Feb 12, 2021 8:59 am
Can't anyone just set up the App using any DMR ID that's already been allocated?
i.e This can be anyone's ID.
I believe that for example my DMR ID cannot be abused, as I turned the "Hotspot Security" On and entered my own, non-trivial password. Of course it's the repsonsibility of ham operators to protect themselves against abusing their DMR ID and causing them troubles...

VK3KYY
Posts: 7486
Joined: Sat Nov 16, 2019 3:25 am
Location: Melbourne, Australia

Re: Droid-Star open development

Post by VK3KYY » Fri Feb 12, 2021 8:23 pm

I think the majority of BM users don't even have an account.

Neither BM or DMR MARC enforce requiring an account or setting hotspot security.
I think if they did that, the number of hotspot users would decrease a lot

Many people struggle just to setup the hotspot even without the complications of passwords.


I don't know if setting hotspot security, prevents you using any other repeaters when your hotspot is turned on.
Unless BM enforce such a strategy, anyone could transmit using your ID into any repeater or hotspot that allows public access.

KI5GZK
Posts: 129
Joined: Sat Apr 11, 2020 6:27 pm

Re: Droid-Star open development

Post by KI5GZK » Fri Feb 12, 2021 8:44 pm

According to their website, BrandMeister is requiring hotspot security passwords when connecting to US master servers.

https://news.brandmeister.network/hotsp ... s-masters/

VK3KYY
Posts: 7486
Joined: Sat Nov 16, 2019 3:25 am
Location: Melbourne, Australia

Re: Droid-Star open development

Post by VK3KYY » Fri Feb 12, 2021 10:01 pm

KI5GZK wrote:
Fri Feb 12, 2021 8:44 pm
According to their website, BrandMeister is requiring hotspot security passwords when connecting to US master servers.

https://news.brandmeister.network/hotsp ... s-masters/
Interesting

I'm not sure what this means in practice, because when I checked PiStar, and it seems to have put something into the hotspot security password which isn't my password, and it seems to still work OK.

User avatar
YT5HOK
Posts: 213
Joined: Sat Nov 16, 2019 11:36 am
Location: Belgrade, KN04FR

Re: Droid-Star open development

Post by YT5HOK » Fri Feb 12, 2021 11:29 pm

VK3KYY wrote:
Fri Feb 12, 2021 8:23 pm
I think the majority of BM users don't even have an account. *1

Neither BM or DMR MARC enforce requiring an account or setting hotspot security. *2
I think if they did that, the number of hotspot users would decrease a lot *3

Many people struggle just to setup the hotspot even without the complications of passwords. *4


I don't know if setting hotspot security, prevents you using any other repeaters when your hotspot is turned on. *5
Unless BM enforce such a strategy, anyone could transmit using your ID into any repeater or hotspot that allows public access. *6
*1 This was true until 2021. Now is different. Seen data on Telegram BM group.
*2 True and false.
*3 Number of hotspots didn't decrease, but number of user accounts increased.
*4 Agreed. Not BM fault. If there were no abusers, there would be no need for security.
*5 It doesn't. I have hotspot security on all my HS's and use repeaters.
*6 Yes, but if you set hotspot security, no one can use your ID to connect HS to BM. Also, if you set AirSecurity, no one can use your ID to TX over repeater.

User avatar
YT5HOK
Posts: 213
Joined: Sat Nov 16, 2019 11:36 am
Location: Belgrade, KN04FR

Re: Droid-Star open development

Post by YT5HOK » Fri Feb 12, 2021 11:30 pm

VK3KYY wrote:
Fri Feb 12, 2021 10:01 pm
KI5GZK wrote:
Fri Feb 12, 2021 8:44 pm
According to their website, BrandMeister is requiring hotspot security passwords when connecting to US master servers.

https://news.brandmeister.network/hotsp ... s-masters/
Interesting

I'm not sure what this means in practice, because when I checked PiStar, and it seems to have put something into the hotspot security password which isn't my password, and it seems to still work OK.
Be sure that HS securityt does work. I have tried myself. Wrong password and you don't connect to BM. ;)

kt4lh
Posts: 272
Joined: Sun Jan 12, 2020 4:27 am

Re: Droid-Star open development

Post by kt4lh » Sat Feb 13, 2021 7:17 pm

YT5HOK wrote:
Fri Feb 12, 2021 11:30 pm
Be sure that HS securityt does work. I have tried myself. Wrong password and you don't connect to BM. ;)
Same, but it wasn't an intentional test.. rebuilt PIStar and forgot to put my hotspot password in and pounded on it for 30 minutes before I figured it out. I forget if it was in a log file or what, but it wasn't immediately obvious what was going on but it just never would "go green".

User avatar
YT5HOK
Posts: 213
Joined: Sat Nov 16, 2019 11:36 am
Location: Belgrade, KN04FR

Re: Droid-Star open development

Post by YT5HOK » Sat Feb 13, 2021 7:34 pm

kt4lh wrote:
Sat Feb 13, 2021 7:17 pm
Same, but it wasn't an intentional test.. rebuilt PIStar and forgot to put my hotspot password in and pounded on it for 30 minutes before I figured it out. I forget if it was in a log file or what, but it wasn't immediately obvious what was going on but it just never would "go green".
Did I say my was intentional...? :lol:

But to be serious, I think that is a bug I found, as sometimes when I change server, first letter of password from uppercase goes to lowercase, which is observable only under Expert Configuration.

VK3KYY
Posts: 7486
Joined: Sat Nov 16, 2019 3:25 am
Location: Melbourne, Australia

Re: Droid-Star open development

Post by VK3KYY » Sat Feb 13, 2021 10:34 pm

BTW.

I read the translation of the posting by Brandmeister, and I think they are saying that Apps like DroidStar and DudeStar should not be used on their network except for emergency use.
Programs such as DROID-Star, DUDE-Star and the like are currently widely used in order to be able to transmit without a radio device. On the other hand, there is little objection to this if these are used as an occasional emergency nail.
I'm not sure if BM will do anything to prevent access by this App, but they say that Apps should identify themselves as being an App.
Hence our request - encourage programmers to use the correct protocol. Clear announcement, we do not provide any support for such applications, if something does not work, then that's the way it is.


Furthermore, these programs log on to the network under a false name, the DVMega identifier is popular. This, too, is an absolute no-go, it undermines any troubleshooting if the applications do not even transmit a correct version string.

I don't know what DudeStar etc identify as, so currently there may be nothing that differentiates this app from a real DVMega, but I think BM may be able to analyse the network traffic from these Apps to determine whether the data is from a DVMega or from something else.


BTW.
I think this will also effect projects like the "DMR Station", as does not use an RF path either.

Post Reply