minutemesh

our first successful, reliable impersonation attack
another impersonation, this time from a node that doesn't exist

Inspiration

Meshtastic is a decentralized off grid communication system using the LoRa peer to peer protocol. It supports direct messaging and private channels. In Amherst, the community is called Pioneer Valley Mesh, and we can connect with CT and NH on a regular basis.

Direct messages between two users use the elliptic-curve Diffie-Hellman key exchange algorithm to end-to-end encrypt messages and authenticate messages. Public or private channels, however, rely on a shared secret, which the messages are broadcasted over the network. The primary channel is encrypted with a simple public key known to everyone, which is also used for all periodic broadcasts (position, telemetry, userinfo) by default. Pentesters have previously reported that messages in public in private channels are not cryptographically signed, and instead use the sender's MAC address as the only unique identifier, meaning that it is vulnerable to impersonation attacks.

In August 2025, an exploit named meshmarauder was used to 'poison' the contact lists of users by capturing and rebroadcasting another node's NodeInfo packet after modifying the field containing their public key. Because NodeInfo packets are Trust-on-First-Use, they noted that nodes receiving a forged packet would associate the sender's MAC address with the illegitimate public key. In addition, this included user "name" information, which was modified to be "[WARNING] Meshtastic is insecure".

As radio and cybersecurity fanatics, we wanted to dig into a possible new vulnerabilities related to Meshtastic. Mesh networks are particularly useful in emergency communications, especially when existing infrastructures are unavailable. This technology currently being pitched as military or first-responder technology, keeping them secure is of massive importance.

What it does

We integrated the secret encryption/decryption algorithm presented in meshmarauder directly into the MeshTNC firmware, allowing for the tool to operate independently. Rather than contact poisoning or modifying incoming packets, we created a convenient CLI tool to construct packets with an arbitrary message and sender. In any channel in which the secret is known, the tool can impersonate any user in a way undetectable to the standard Meshtastic client.

Challenges we ran into

The biggest challenge we had was reversing the cryptography in order to parse the packets. In particular, some attempts we had of modifying the packet would corrupt the protobuf in the data payload, so we had to be mindful of the protobuf structure.

Accomplishments & What we learned

We created a tool that can pentest Meshtastic radios, learning lots about cryptography and the inner workings of radio packet routing along the way.

Currently, there is no counter-measure to our project implemented in the Meshtastic protocol. Users may ignore other users, but doing so ignores the impersonated user, not the attacker.

What's next for minutemesh

We didn't have time to create a flipper-zero like UI or do brute-force channel key breaking. We also wanted to create a theoretical patch by changing the encryption mode to include AEAD or message signing using ED25519. There are fundamental flaws in the design of protocol which means a major rewrite will be required. We also think it would be interesting to explore into the other competing mesh framework, MeshCore, but since it is not used much in the Amherst area and none of us are as familiar with it, we decided to focus our efforts on Meshtastic.