Liam Cottle liamcottle

MeshChat Group Chats

A few thoughts on how I would build group chat functionality into MeshChat.

Do note, that this is not a true decentralised/distributed approach as the group chat server must be hosted by a single identity.

It would be nice for a truly distributed group chat, although when it comes to moderation, message retrieval and reliability, I think it would be too complex for an initial implementation.

Of course, everyone is welcome to build their own group chat system, these are just my ideas on what I'm thinking of implementing, nothing is set in stone :)

MeshPi

Setup a self hosted Meshtastic monitoring system on a Raspberry Pi with a Waveshare SX1262 LoRa Hat.

Upgrade System

sudo apt update
sudo apt upgrade

SafetyNet Attestation Bypass

Proof that with a few hours work, you can easily provide aribitrary data to the Google SafetyNet API and receive a valid Attestation signed by attest.android.com.

I've captured the HARDWARE_BACKED flag. Check this comment.

This is only a software backed attestation, as you can see with the evaluationType=BASIC. ~~I don't have any devices that support hardware backed attestations via TEE, however once I do, I'll be taking a look into them 🤠~~

nonce: base64([email protected])
packageName: [email protected]

Disable SSL Pinning on Instagram for Android

Create the file /data/data/com.instagram.android/shared_prefs/devprefs.xml and add the following content. (You will need root access to modify it)

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
    <string name="debug_allow_user_certs_ttl">1557909551442:86400000</string>
    <boolean name="debug_allow_user_certs" value="true" />
    <boolean name="debug_disable_liger_fizz" value="true" />

	from machine import Pin
	from phew import server, connect_to_wifi

	# define relays
	relays = {
	1: machine.Pin(1, machine.Pin.OUT),
	2: machine.Pin(2, machine.Pin.OUT),
	3: machine.Pin(3, machine.Pin.OUT),
	4: machine.Pin(4, machine.Pin.OUT),
	5: machine.Pin(5, machine.Pin.OUT),

	#include <MsgPack.h>

	size_t maxEncryptedPackageMaxContentLength() {

	// LXMF overhead is 111 bytes per message:
	// 16 bytes for destination hash
	// 16 bytes for source hash
	// 64 bytes for Ed25519 signature
	// 8 bytes for timestamp
	// 7 bytes for msgpack structure

	# This script mods StorySave to bypass checkpoint_required/challenge_required in 2023

	# exit when any command fails
	set -e

	# make sure StorySave.apk exists
	if [ ! -f "StorySave.apk" ]; then
	echo "StorySave.apk does not exist."
	echo "Download latest StorySave apk from APK Mirror and then rename it to StorySave.apk"
	echo "https://www.apkmirror.com/apk/liam-cottle/storysave/storysave-1-26-2-release/storysave-1-26-2-android-apk-download/"

	:global getPublicIP do={

	# tag for temporary configurations
	:local tag "get-public-ip-via-$interface"

	# service that provides public ip address in http response
	:local lookupProtocol "https"
	:local lookupHostname "api.ipify.org"

	# add temporary address list for lookup service

	const axios = require('axios');

	/**
	* PLEX_TOKEN: Your X-Plex-Token
	* PLEX_IDENTIFIER: Your Plex Server Identifier
	* PLEX_SERVER_NAME: Your Plex Server Name
	*/
	const PLEX_TOKEN = '';
	const PLEX_IDENTIFIER = '';
	const PLEX_SERVER_NAME = '';