Hacker News new | past | comments | ask | show | jobs | submit login
Building a Mesh Network in Rural Somaliland (commotionwireless.net)
113 points by benbristow on Jan 2, 2014 | hide | past | web | favorite | 40 comments

I think it's pretty amazing the way that certain technologies that might be considered bleeding edge by some, are being adopted more in the developing world out of practical needs. Even more so as the costs of maintaining aging copper/fibops grows, the less perceived incentive to move towards more modular and decentralized systems ("we invested all this money already") for the increasing burden of maintaining that would be placed upon on others in developed countries.

Though this makes me wonder, the routers are running some kind of openwrts firmware[0], it would be interesting if someone had the chance to unsquash/decompile it for backdoors because from a sigint perspective (especially in the horn of africa) being able to tap into these networks (like via uav recon ops) will probably be on the table.

Edit: Looks like they are funded by the New American Foundation[1] with Eric Schmidt as chairman, interesting…

[0] https://commotionwireless.net/download/routers

[1] https://en.wikipedia.org/wiki/New_America_Foundation#Funding

There are very good reasons the developed world uses hard lines, and none of them are "we already spent so much money on them". The drawbacks to this sort of network are much less of a problem in the developing world right now.

I mean, my word, you think the interference on your WiFi from neighbors is bad now...

>There are very good reasons the developed world uses hard lines

I wasn't saying they wern't good reasons, mostly just pointing out that the economics aren't getting any better (for consumers or companies), you know, C.R.E.A.M and all that…

>and none of them are "we already spent so much money on them".

Gotta love absolutes:

>…The rapid expansion of this so-called distributed generation deprives utilities of revenues while leaving them liable for maintaining the grid. [0] , NRG Energy chief David Crane

[0] http://www.theatlantic.com/technology/archive/2013/11/who-wi...

the project is open source so you can also take a look through the source code: https://github.com/opentechinstitute/commotion-router

This looks like shell scrips for patches and config files. Is there another place with the source that actually used to compile the binaries like this: http://downloads.commotionwireless.net/router/1.0/ar71xx/gen...

It uses the OpenWRT build system to produce those binaries. Try pulling the source code and building it yourself :)


I would be more interested in the decompiled binaires at this point, you know the stuff being released directly into the wild from the site :)

Unless you could point me in the direction of a repo that looks like this[0] (posted in this thread, and project I've been following along with others), that corresponds to the binary I posted above.

[0] https://github.com/cjdelisle/cjdns

Hey, I am one of the developers of the Commotion project. OpenWRT can be a confusing system. Let me help you find what you are looking for. The Commotion-router repo above is contains our setup scripts that make it easier for new users like you to build our software from source. If you look at the feeds.conf file you will find the exact sources we are pulling in to the openWRT build system for compilation. The most important line, for your concerns about backdoors would be the third line of that file. That line pulls in the master branch of the repo commotion-feed. This repository is full of makefiles. These makefiles specify how to build the source code into the compiled binary your pointed to before. If you follow the follow the install instructions that were poster earlier and then explore the curses (command line GUI) menu for make menuconfig you can explore the exactly what packages are going to be built for the specific architecture. (If you are curious about tampering we sadly have not had the time or funding to do deterministic builds, so I suggest you build it from source yourself so that you can examine the code.) Now, each item in the menuconfig references a "feed." You can look at the feeds.conf file in the current directory, and the various makefiles in the feeds folder to explore where exactly things are being pulled from. Our source code will use the git repo's specified in the makefiles in commotion-feed on the master branch. You can find all of those in our github, because we are an open-source project. If you have any concerns about specific lines of code that have been implemented I beg of you to submit a bug to the repo you find a problem with. We want every possible opportunity better our code. While we have done internal testing, I hope that with eyes like yours looking over the code we will find more bugs that we can address in the future. If you have any questions I will try to follow this thread the best I can, and am elationfoundation on github. You can also find most of the developers and our field experts on freenode at #commotion. I have built, and debugged, far too many openWRT images. So, If you do need assistance jump on #commotion during Americas East Coast working hours and I will be glad to help you.

I hope this helped. OpenWRT's build system is a beautiful, but complex being.

Thanks for the response. I have to be honest and say I'm probably not going to dig through a bunch of the makefiles listed in the third repo in feeds.conf (at least right now).

But at least from you even mentioning deterministic builds, must mean that the thought has crossed your minds? I know the Tor project has to deal with concerns like that, and I figure firmware providers for mesh-networks will increasingly have to deal with the same.

These sorts of things have piqued my interest lately and right now I'm in the middle of digging through the linksys e1000 firmware[0][1] (from yesterdays hubbub, too bad the script didn't work for me :/) and my cousin telling me about open ports (10080,1780,51000) on on his network with some interesting traffic (his words). So, if I hear any stories relating to traffic on ports from postings online relating to this firmware, I'll probably take a look for fun (though there are probably many other people better at these things like yourself).

[0] http://support.linksys.com/en-us/support/routers/E1000 [1] http://i.imgur.com/jWebamh.png

From your screenshot, I don't think that squashfs detection is right, you may have to play around with dd and unsquashfs.

Also try a newer version of binwalk [-1] and/or the 2.0 branch [0]

-1: https://github.com/devttys0/binwalk/

0: https://github.com/devttys0/binwalk/tree/binwalk-2.0

Here are some of the steps that I use to unsquash the binary Commotion images to make changes:

1. Find the PARTs

2. Extract them

3. unsquash: unsquashfs -d image/ squashfs.bin

4. Make the changes.

5. squash: ~/code/commotion-openwrt/commotion-openwrt/openwrt/staging_dir/host/bin/mksquashfs4 image/ squashfs-made.bin -nopad -noappend -root-owned -comp xz -Xpreset 9 -Xe -Xlc 0 -Xlp 2 -Xpb 2 -b 256k

6. pad: ~/code/commotion-openwrt/commotion-openwrt/openwrt/staging_dir/host/bin/padjffs2 squashfs-made.bin 64

7. mkfwimage: ~/code/commotion-openwrt/commotion-openwrt/openwrt/staging_dir/host/bin/mkfwimage -B XM -k kernel.img -r squashfs-made.bin -v XM.ar7240.v6.0.0-OpenWrt-r36682 -o openwrt-ar71xx-generic-ubnt-nano-m-squashfs-factory-DR2-tn.bin

If you are modifying a sysugrade image: Extract 0-1048576 (bytes): that's the kernel Extract the rest: that's the squashfs

Put them back together with ( dd if=vmlinux bs=1048576 conv=sync; dd if=squashfs-made.bin ) > openwrt-ar71xx-generic-ubnt-bullet-m-squashfs-sysupgrade-DR2-custom.bin

These are just my notes. Feel free to contact me if you want more information.

I saw your comment yesterday, which made me want to take a stab at it. Thanks alot!

I used dd to get squashfs filesystem by itself[i], and unsquashfs [unsquashfs -v unsquashfs version 4.2 (2011/02/28)][i^2] but that gave that error, then I tried compiling with lzma,xz, lzo by their selfs and neither worked. But your right about the old version of binwalk, I was using v1.2.1.

[i] http://i.imgur.com/Vk35XL0.png

[i^2] http://i.imgur.com/HxTE0rR.png

You're at the point where I normally get stuck. From the slides yesterday, see if you can find the version of squashfs that was used when the firmware was built.

That makes sense, cant access linksys website now to check (glad I got this binary in time :P) binwalk says "Squashfs filesystem, little endian, version 3.0" so I'm going to dl that and try again. Who knows, if I can get this to work, I can make a new wifi cracking script[0] that wont take hours with the vulns found so far by going through the backdoor, for security research purposes of course ;)

[0] https://github.com/cinquemb/WifiBruteCrack/blob/master/wifi_...

You may also want to send a request for GPL'd sources to Linksys for this device.

I have another way to extract this for you - can you please contact me?

Wow! Really interesting post. I've always wanted to set up a mesh network, just for the learning experience. Just one question I've been wondering:

How much do you think the whole setup would've cost if you did it yourself? I ask because I've always thought that the cost of the special hardware for a mesh network was the major limiting factor.

I didn't write this. Just found it. You'll have to ask the author.

Cost per outdoor router is somewhere around 60€.

> Somaliland receives its Internet connection via microwaves across the desert from Djibouti.

Surely the main way people access the internet is through 3G either directly on the phones or on mobile broadband. When I was in Hargeisa in 2008, 3G connectivity was common, and I would assume that it is still the case (though its possible Abaarso doesn't have a very good mobile connection).

I took that to mean the region (and thus the service providers) and not the individual users.

Actually, what he means are the ISPs in Somaliland receive their internet from Djibouti via microwave (at least Somtel does; not quite sure about Telesom).

The ISPs then distribute their internet connection to their customers via DSL, 3G, etc.

> Surely the main way people access the internet is through 3G either directly on the phones or on mobile broadband.

I don't know if that's true or not but I'd be willing to bet that most of the cellular towers there (providing 3G/mobile broadband) are themselves using microwave backhauls, quite possibly the same one(s) carrying the "Internet connection".

Yeah, even cellular data needs to come from somewhere. The towers generally connect to the same backbone used for ground line Internet. You wouldn't do satellite internet connections for cellular towers because of the awful latency.

The points in the network are in the range that Cat6 can handle. Wouldn't it be easier to just run cat6 between the points and put 50$ APs with gigabit in each point? You'd get wifi and gigabit for the clients and regular switched gigabit interconnect. Surely it would be much faster and more reliable. A few TP-Link TL-WDR3600 APs would do nicely and even give you a couple of USB ports to attach some printers for network printing.

You'd have to use fiber. Copper between buildings is susceptible to ground loops and one lightning strike frying the entire network.

I just did a bit of googling and these don't seem to be major issues:


Ground loops shouldn't be a problem as the APs have transformers that don't use ground at all so there's no ground connection to mess things up.

If lightning is a big issue you might need surge protectors on the lines. Is a Cat6 cable inside a plastic conduit that susceptible to getting hit by lightning though?

Is a Cat6 cable inside a plastic conduit that susceptible to getting hit by lightning though?

IANAE (electrician), but per my understanding, putting copper cable inside a PVC (or other plastic) conduit is among the worst things you can do; it gives the strike only one place to go: down the copper.

EDIT: I found a comment on a CCTV forum site that corroborates this: http://www.cctvforum.com/viewtopic.php?p=79496&sid=0e2686464...

That's because you're protecting against the end-point getting hit (in your example a camera) and then using the cable to conduct. But if the APs are inside the buildings that's not what we're protecting against. Instead we're trying to not get the cable itself hit.

On the radio side the cable doesn't have to be susceptible to getting hit by lighting since the radio itself is a big metal thing sticking up in the air. In many cases the cable from the AP down to the PoE injector is the most attractive path for lightning to reach the ground. You can make it less attractive but that often costs money or takes work (See the Motorola R56 Guidelines).

This also goes for ethernet between buildings. Surprisingly enough if the building is poorly grounded the best path can be over your ethernet to a different building.

The ethernet transformers don't really help. They are just another part to get melted off the circuit board if there's a close lightning strike.

Surge protectors pretty much exist as a sacrifice to protect your more expensive electronics (switches and routers).

But I wouldn't put the radios outside now. They're only outside because you need them for backhaul. Since we're running Cat6 I'll just put them inside the buildings as APs as you'd do in your house.

http://en.wikipedia.org/wiki/RONJA RONJA (Reasonable Optical Near Joint Access) is a free-space optical communication system originating in the Czech Republic. It transmits data wirelessly using beams of light. Ronja can be used to create a 10 Mbit/s full duplex Ethernet point-to-point link.

Mmm full duplex...

But yeah I helped on the Montreal meshnet and I think we either have or really want to have a RONJA link, because it's cool as hell as well as very useful in general.

I know, I drool over the http://www.canon.com/bctv/canobeam/

From what I've heard, optical wireless links are super sensitive to environmental conditions (precipitation, pollution, etc), and don't work too well in real-world deployments. I would love to hear about more people's experiences with it, though.

How much coverage do you get for ground buried, twisted pair shielding and integrated magnetics in the RJ45 jacks? (Just from EM, direct strikes I would assume to be handled via lightning rods)

This is not my area of expertise by far, so I'd love to know what I'm missing.

Interesting, I have a bunch of Cat6 running on conduits in the ground between two buildings (about 80m apart) and they work fine. How would ground loops/lightning affect the install?

Since this will end up being a sort of "new Internet", I hope they start by building this one with security in mind from the ground up. We don't want to end-up with a next-gen Internet, that's just as broken as this one, security wise, especially since you basically have to have access to someone else's phone or computer, to get in the network.

While this isn't what commotion is using, its what we are using for Project Meshnet. "Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing." https://github.com/cjdelisle/cjdns

Wonderful, congratulations!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact