Software signing suddenly stop working
-
@Anticimex I did see Your similar answer on another thread. I am in accord with you, but my / our nodes was working flawless from month.... I Will try also swapping radios, maybe a power failure that has broken them? But no Power failure in about 6 month in my home....
@sineverba The log will show if your messages come through or not (you need them from both the node and the GW to verify that). It can be a power issue, or a noise issue, or a neighbour buying some radio equipment that disturb your comms, or birds just crossing at a bad time. Hard to say, but I am inclined to blame RF for this problem and not signing (for this very reason).
And as I have said, in many threads (and also in the documentation) the fact that it "works without signing" does not automatically mean signing is not working. It is normally just because with signing enabled, the RF link is put on stress due to the messages being much bigger. -
@sineverba The log will show if your messages come through or not (you need them from both the node and the GW to verify that). It can be a power issue, or a noise issue, or a neighbour buying some radio equipment that disturb your comms, or birds just crossing at a bad time. Hard to say, but I am inclined to blame RF for this problem and not signing (for this very reason).
And as I have said, in many threads (and also in the documentation) the fact that it "works without signing" does not automatically mean signing is not working. It is normally just because with signing enabled, the RF link is put on stress due to the messages being much bigger.@Anticimex ok, I Will investigate more and more.
Question: if I leave the Heather without signing, or a generic relay, someone "malicious" how could "play" with my relay? Need to have a portable controller and gateway and sniff when I poweron or poweroff the relay itself tto have the node in his controller?
-
@Anticimex ok, I Will investigate more and more.
Question: if I leave the Heather without signing, or a generic relay, someone "malicious" how could "play" with my relay? Need to have a portable controller and gateway and sniff when I poweron or poweroff the relay itself tto have the node in his controller?
@sineverba With enough knowledge, only a gateway is needed. You can just use a terminal to send commands to the gateway. If your node ID is known and your radio address, then anyone could just send commands to it. They will need to know what command your node reacts to, but that can be obtained from sniffing the traffic (assuming you don't encrypt your communications).
-
@sineverba With enough knowledge, only a gateway is needed. You can just use a terminal to send commands to the gateway. If your node ID is known and your radio address, then anyone could just send commands to it. They will need to know what command your node reacts to, but that can be obtained from sniffing the traffic (assuming you don't encrypt your communications).
@Anticimex If i live at 4th floor of a Palace and the family at 3rd use MySensor, on same Channel also (!), Is there the possibility that their Heather commands could be read and interpretated from mine ? (Or viceversa).... Thank you!
-
@Anticimex If i live at 4th floor of a Palace and the family at 3rd use MySensor, on same Channel also (!), Is there the possibility that their Heather commands could be read and interpretated from mine ? (Or viceversa).... Thank you!
@sineverba That is up to you and how you validate the sender of the messages you receive and accept in your node. If you accept everything, then you accept everything ;)
-
@sineverba That is up to you and how you validate the sender of the messages you receive and accept in your node. If you accept everything, then you accept everything ;)
@Anticimex so, we return to the whitelisting :-( ...
-
@Anticimex so, we return to the whitelisting :-( ...
@sineverba Not necessarily. You can validate that the message is from "some gateway", and that it is specifically of the type you accept.
You can also enable encryption.But essentially, if you want "security" you need signing. That is kind of the point of that feature ;)
-
@sineverba Not necessarily. You can validate that the message is from "some gateway", and that it is specifically of the type you accept.
You can also enable encryption.But essentially, if you want "security" you need signing. That is kind of the point of that feature ;)
@Anticimex
I'm re-studying the API and specifically the signature / signing section.I did not understand something. I don't want open a new thread, ask here. If necessary, I will open a new one.
My questions (and thank you in advance for your time and time for all readers!)
From this page: https://www.mysensors.org/apidocs-beta/group__SigningSettingGrpPub.html#gaf75e26bdb90edd1230100ef160786e78
-
MY_SIGNING_REQUEST_SIGNATURES
It says "If used for a gateway, gateway will by default require signatures from ALL nodes[...]".
I did enable this on the gateway (Arduino UNO).
Q: In my network I have 2 nodes that transmit temp, hum and battery (atmega328). No signing at all in the sketch(es). Why they works without the SIGNING? -
MY_SIGNING_NODE_WHITELISTING
I do not understand the explain. In effect, in my relay node (the only one of 3 nodes that did have the signing software enabled) I did have also:
#define MY_SIGNING_SOFT #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //#define MY_SIGNING_REQUEST_SIGNATURES #define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x3B,0xF4,0xF4,0xDF,0x1E,0x97,0xB1,0x2D,0xEC}}}What's a verifyng node cited on the explain? Another one node of my network is acting as a bridge beetween both?
- You did mention that I could sniff the address of trasmitting (of the gateway). I did not find nothing on the library... Could you help me to perform this "sniff"? This is my receive function atm:
/** * Receive function from gateway * * @since 1.0 */ void receive(const MyMessage &message) { if ( !message.isAck() ) { if ( message.type == V_STATUS) { if ( message.getCommand() == 1 ) { bool received_state = message.getBool(); Serial.print("We did receive a new value. Received_state value is "); Serial.println(received_state); if ( received_state == 1) { digitalWrite(PIN_RELAY , RELAY_ON); } else { digitalWrite(PIN_RELAY , RELAY_OFF); } } } } } -
-
@Anticimex
I'm re-studying the API and specifically the signature / signing section.I did not understand something. I don't want open a new thread, ask here. If necessary, I will open a new one.
My questions (and thank you in advance for your time and time for all readers!)
From this page: https://www.mysensors.org/apidocs-beta/group__SigningSettingGrpPub.html#gaf75e26bdb90edd1230100ef160786e78
-
MY_SIGNING_REQUEST_SIGNATURES
It says "If used for a gateway, gateway will by default require signatures from ALL nodes[...]".
I did enable this on the gateway (Arduino UNO).
Q: In my network I have 2 nodes that transmit temp, hum and battery (atmega328). No signing at all in the sketch(es). Why they works without the SIGNING? -
MY_SIGNING_NODE_WHITELISTING
I do not understand the explain. In effect, in my relay node (the only one of 3 nodes that did have the signing software enabled) I did have also:
#define MY_SIGNING_SOFT #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //#define MY_SIGNING_REQUEST_SIGNATURES #define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x3B,0xF4,0xF4,0xDF,0x1E,0x97,0xB1,0x2D,0xEC}}}What's a verifyng node cited on the explain? Another one node of my network is acting as a bridge beetween both?
- You did mention that I could sniff the address of trasmitting (of the gateway). I did not find nothing on the library... Could you help me to perform this "sniff"? This is my receive function atm:
/** * Receive function from gateway * * @since 1.0 */ void receive(const MyMessage &message) { if ( !message.isAck() ) { if ( message.type == V_STATUS) { if ( message.getCommand() == 1 ) { bool received_state = message.getBool(); Serial.print("We did receive a new value. Received_state value is "); Serial.println(received_state); if ( received_state == 1) { digitalWrite(PIN_RELAY , RELAY_ON); } else { digitalWrite(PIN_RELAY , RELAY_OFF); } } } } }-
I am not sure. I assume you run the 2.2.0-rc.1 version on all nodes and gw? The documentation you read is for that branch (development branch).
-
The verifying node is the node that verifies the signatures. That is, the node that require signatures. It can be both ends if both require signatures (node and GW)
-
No, I meant "someone" could sniff. The library itself does not offer sniffing APIs.
-
-
@Anticimex
I'm re-studying the API and specifically the signature / signing section.I did not understand something. I don't want open a new thread, ask here. If necessary, I will open a new one.
My questions (and thank you in advance for your time and time for all readers!)
From this page: https://www.mysensors.org/apidocs-beta/group__SigningSettingGrpPub.html#gaf75e26bdb90edd1230100ef160786e78
-
MY_SIGNING_REQUEST_SIGNATURES
It says "If used for a gateway, gateway will by default require signatures from ALL nodes[...]".
I did enable this on the gateway (Arduino UNO).
Q: In my network I have 2 nodes that transmit temp, hum and battery (atmega328). No signing at all in the sketch(es). Why they works without the SIGNING? -
MY_SIGNING_NODE_WHITELISTING
I do not understand the explain. In effect, in my relay node (the only one of 3 nodes that did have the signing software enabled) I did have also:
#define MY_SIGNING_SOFT #define MY_SIGNING_SOFT_RANDOMSEED_PIN 7 //#define MY_SIGNING_REQUEST_SIGNATURES #define MY_SIGNING_NODE_WHITELISTING {{.nodeId = GATEWAY_ADDRESS,.serial = {0x3B,0xF4,0xF4,0xDF,0x1E,0x97,0xB1,0x2D,0xEC}}}What's a verifyng node cited on the explain? Another one node of my network is acting as a bridge beetween both?
- You did mention that I could sniff the address of trasmitting (of the gateway). I did not find nothing on the library... Could you help me to perform this "sniff"? This is my receive function atm:
/** * Receive function from gateway * * @since 1.0 */ void receive(const MyMessage &message) { if ( !message.isAck() ) { if ( message.type == V_STATUS) { if ( message.getCommand() == 1 ) { bool received_state = message.getBool(); Serial.print("We did receive a new value. Received_state value is "); Serial.println(received_state); if ( received_state == 1) { digitalWrite(PIN_RELAY , RELAY_ON); } else { digitalWrite(PIN_RELAY , RELAY_OFF); } } } } }@sineverba actually, reading your first post, it would appear that you run the official release (2.1.1). The signing requirements work differently there, and the documentation is also different as you can see here: https://www.mysensors.org/apidocs/index.html as opposed to here: https://www.mysensors.org/apidocs-beta/index.html
-
-
-
I am not sure. I assume you run the 2.2.0-rc.1 version on all nodes and gw? The documentation you read is for that branch (development branch).
-
The verifying node is the node that verifies the signatures. That is, the node that require signatures. It can be both ends if both require signatures (node and GW)
-
No, I meant "someone" could sniff. The library itself does not offer sniffing APIs.
@Anticimex No, I'm running the 2.1.1 on all nodes and gw.
In this moment I did re-enable the signature and signing software section on the gateway (but not in nodes, no nodes have signing enabled). All works. I can confirm.
For the 2 (whitelisting) I did enable only on the node that require signature, i.e. the relay node. Not in gw, not in no others nodes.
For the 3, maybe I was not clear. I did mean if I did have the possibility, on receive function, as following pseudo code:
if (message.getSenderSerial() == 0X01,0XAA, 0XBB) { Serial.println("We did receive this message from our gateway... we can proceed"); } -
-
@Anticimex No, I'm running the 2.1.1 on all nodes and gw.
In this moment I did re-enable the signature and signing software section on the gateway (but not in nodes, no nodes have signing enabled). All works. I can confirm.
For the 2 (whitelisting) I did enable only on the node that require signature, i.e. the relay node. Not in gw, not in no others nodes.
For the 3, maybe I was not clear. I did mean if I did have the possibility, on receive function, as following pseudo code:
if (message.getSenderSerial() == 0X01,0XAA, 0XBB) { Serial.println("We did receive this message from our gateway... we can proceed"); }This post is deleted! -
@Anticimex No, I'm running the 2.1.1 on all nodes and gw.
In this moment I did re-enable the signature and signing software section on the gateway (but not in nodes, no nodes have signing enabled). All works. I can confirm.
For the 2 (whitelisting) I did enable only on the node that require signature, i.e. the relay node. Not in gw, not in no others nodes.
For the 3, maybe I was not clear. I did mean if I did have the possibility, on receive function, as following pseudo code:
if (message.getSenderSerial() == 0X01,0XAA, 0XBB) { Serial.println("We did receive this message from our gateway... we can proceed"); }@sineverba your config seem correct.
-
A small update.
1 - I did delete the library and re-downloaded from Github
2 - I did clear the EEPROM of gateway
3 - I did clear the EEPROM of a new Atmega328 (for relay / actuactor)
4 - I did reinstall the Gateway sketch and the sketch for the relay heater, with signing...... it works......
Yes, too many changes all together..... And fortunately I did receive today the PCBs for it, so in next days I will solder it on a firm base and not on breadboard.....
After 30 min, no working anymore...... :( :( Fake alarm.... maybe some trouble with breadboard, maybe oxyde.... I will test in some day on PCB.
-
A small update.
1 - I did delete the library and re-downloaded from Github
2 - I did clear the EEPROM of gateway
3 - I did clear the EEPROM of a new Atmega328 (for relay / actuactor)
4 - I did reinstall the Gateway sketch and the sketch for the relay heater, with signing...... it works......
Yes, too many changes all together..... And fortunately I did receive today the PCBs for it, so in next days I will solder it on a firm base and not on breadboard.....
After 30 min, no working anymore...... :( :( Fake alarm.... maybe some trouble with breadboard, maybe oxyde.... I will test in some day on PCB.
@sineverba uhm, if you cleared the eeprom, you have erased your personalization data. So now you run without a signing key. So your signatures are worthless.
You also still run 2.1.1 because that would not work on 2.2.0,iy has checks for such things.
You will need to redo personalization if you erase the eeprom. -
@sineverba uhm, if you cleared the eeprom, you have erased your personalization data. So now you run without a signing key. So your signatures are worthless.
You also still run 2.1.1 because that would not work on 2.2.0,iy has checks for such things.
You will need to redo personalization if you erase the eeprom.@Anticimex I did forget a step. I did reinstall the personalization also, but after 20/30 mins, all stop works.
I could try also the 2.2.0rc. Do I need every node and gw on same release or can I mix nodes and gw between 2.1.1 and 2.2.0 ?
-
@Anticimex I did forget a step. I did reinstall the personalization also, but after 20/30 mins, all stop works.
I could try also the 2.2.0rc. Do I need every node and gw on same release or can I mix nodes and gw between 2.1.1 and 2.2.0 ?
@sineverba ok, I strongly suggest you instead just post your logs (or read them yourself). If you get NACKs, you can reflash and re-personalize all you want. Signing will never work as long as you get NACKs. You have to fix that problem by either tuning your rf settings, checking your rf environment or power supplies.
-
Well I've just got mine working again. I'm putting it down to the birds not just crossing, but circulating for the last couple of weeks!
After the work last night, I moved my Gateway into the same room as my node on the breadboard in order to swap radios and it instantly became more responsive (much less NACKs & much less randomness on signed communication). I continued swapping radios etc to at least demonstrate consistency/working radios, but the location improvement alone was a Big Clue!
I have a NRF24L with the external aerial on the gateway, so was always expecting it to continue performing well regardless of what was around it. In my case though it was sitting above a metal 19" network patch panel & right next to a running laptop. Inside the patch panel as well as numerous runs of Cat6, is a 24port switch and a 8 port POE switch. Fair enough, plenty of interference potential, but I don't recall changing any of that recently (for it to just drop out).
Anyway, whether it's a combination of things, wriggling some wires, resetting some radios in their sockets etc or just now positioning the Gateway further from all the metal, we're back in business.
I agree, nothing wrong with the software, but perhaps somewhat sensitive on the environmental factors.
Thanks guys and good luck with the remainder of yours @sineverba
-
@sineverba ok, I strongly suggest you instead just post your logs (or read them yourself). If you get NACKs, you can reflash and re-personalize all you want. Signing will never work as long as you get NACKs. You have to fix that problem by either tuning your rf settings, checking your rf environment or power supplies.
I'm looking and investigating for this issue.
My network of sensors is located at channel 125, by the way I did notice new troubles when Wifi of ADSL is under heavy load.
I did use two different scanner, and this is the output.
And other scanner
I don't know if my choice to move the radio to channel 125 is ok. In effect, on the node with relay/actuactor, I have also the traffic light. When wifi is under heavy load, I can see the red led blinking. No red when no wifi is used.
On another website (http://arduino-info.wikispaces.com/Nrf24L01-2.4GHz-HowTo) I did read the hint to move the radios to channel 108.
What do you think about?
-
I'm looking and investigating for this issue.
My network of sensors is located at channel 125, by the way I did notice new troubles when Wifi of ADSL is under heavy load.
I did use two different scanner, and this is the output.
And other scanner
I don't know if my choice to move the radio to channel 125 is ok. In effect, on the node with relay/actuactor, I have also the traffic light. When wifi is under heavy load, I can see the red led blinking. No red when no wifi is used.
On another website (http://arduino-info.wikispaces.com/Nrf24L01-2.4GHz-HowTo) I did read the hint to move the radios to channel 108.
What do you think about?
@sineverba I'd suggest that if you can analyze the traffic, pick a channel with low "competing" traffic. Wifi and nrf work in the same band, so it would also to some extent depend on your (and your surroundings) use of various wifi channels. It's difficult to give any recommendations. Just try various and see which have the fewest failed transmissions.
