Skip to content

Authentication

Access List

The Tracker2's default remote access control mechanism is a simple list of authorized callsigns. This list can be edited through OTWINCFG or using the AUTHLIST command. Callsigns are entered without SSID. A * in the first entry will match all callsigns, giving remote access to everyone if password authentication is not enabled.

cmd:authlist
AUTHLIST N1VG
cmd:authlist +kb6vaa
AUTHLIST N1VG, KB6VAA
cmd:authlist +ki6fal
AUTHLIST N1VG, KB6VAA, KI6FAL
cmd:authlist -kb6vaa
AUTHLIST N1VG, KI6FAL
cmd:

Password

The Tracker2's second access control mechanism is a one-time password facility. The user sets a passphrase of at least 16 characters using the SECRET command. From this passphrase, the tracker generates a series of 4-character passwords, each to be used only once and in sequence. The PASSLIST command prints a list of passwords with their sequence numbers that the user can carry with them. As each password is used, it is crossed off the list.

cmd:secret This is my new passphrase.
Set.
cmd:passlist 32
   0:237U    1:3XY2    2:T8TH    3:4W2T    4:SNJJ    5:A3XD    6:TP8W    7:9FT6 
   8:G9FS    9:VFS8   10:BA80   11:4WAV   12:S4N7   13:WXPE   14:7EWD   15:4WUS 
  16:E3KD   17:5HR3   18:JDWS   19:0WA9   20:7ZXT   21:5F4R   22:B4EZ   23:9MG9 
  24:0MJT   25:2ZXY   26:2PAK   27:HXJE   28:04YF   29:58GZ   30:6K3W   31:XXMD 
cmd:pwauth on
PWAUTH ON
cmd:

The PWAUTH command enables or disables password authentication.

Limitations

Do not use the same passphrase on two different devices. The same passphrase will generate the same sequence of passwords, and an eavesdropper who hears a password used on one device would then know one of the valid passwords for the other device.

Because the password is not tied to the content of the message being sent, there's a risk of man-in-the-middle attacks. For direct RF links the risk is small because the eavesdropper would hear the password at the same time as the device being controlled, unless they actively jammed the controlled device's receiver. Unsuccessful control attempts present a more significant risk; a valid password sent with a message that wasn't heard by the device remains valid. Because of the unreliability of APRS messaging over multiple digipeater hops or through IGates, non-receipt of commands is a very real possibility. To reduce this threat, it's advisable to send a non-authenticated test message to the target device first to ensure that it's reachable.

Technical Details

The XXTEA block cipher forms the basis of the Tracker2's one-time password mechanism. Only the encryption routine is used; no decryption is required.

A 128-bit key is generated from the user's passphrase by zero-padding the passphrase to a multiple of 128 bits and using each 128-bit section in succession to repeatedly encrypt two 64-bit plaintext blocks starting with initialization vectors of 0x25b5874597119bc5 and 0xb556ae25caa24730 respectively. The resulting ciphertext becomes the 128-bit secret key.

For each password to be generated, the nonce 0x77a2566769436027 is exclusive-OR'd with the 16-bit sequence counter, and then encrypted using the secret key. 30 bits of the resulting ciphertext become the 4-character password; the low five bits of each of the leftmost four bytes of the ciphertext are each used as an index into the password character set to select one character of the password. The character set is as follows:

0123456789ABCDEFGHJKMNPRSTUVWXYZ

Remote Access

The Tracker2 uses APRS Messaging to send remote commands. Use your favorite APRS application to send commands over the air (Nuvi, UIview, OpenAPRS.net). The messaging "From" must match AUTHLIST, if enabled. "To" is your remote Tracker2's callsign. "Text" must begin with CMD, followed by your one-time passphrase, and remote command. Each command sent uses up a passphrase.

Example: (From: KI6FAL-1 To: N1VG-3 Text: CMDXXXX TXD 19)
The remote will respond with the change, or rejection.
Correct response from remote Tracker2: TXDELAY 19

Remote commands sent via OT2-Nuvi:

DISPATCH, MESSAGES, CREATE MESSAGE. (navigate through Nuvi screens to the message field)  

-N1vg-3 cmd237u alias 1 wide1
ALIAS 1:WIDE1

-N1vg-3 cmd3xy2 hop 1 0
HOPLIMIT 1:0

-N1vg-3 cmdt8th usealias 1 on
USEALIAS 1:ON

-N1vg-3 Cmd4w2t reset
RESET

Most commands only require the first three characters of the remote command. Several require the whole command (ALIAS = ali, TXDELAY = txd, PATH = path).

Use - to clear a command field (e.g. CMDXXXX PATH -) if IGates can hear the Tracker2 directly.

Check the current setting by sending a command only (e.g. CMDXXXX ali), and you'll get a response like:
ALIAS 1:WIDE1 2:TEMP 3:SAR

Passphrases should be scratched off your list as they are used.

When connected directly to your Tracker2, you can see what your next valid passphrase is by using the SECRET command:

CMD:Secret
SECRET 5 (Use Passphrase 5 next)