To find the (insecure) “Reset Frame Counters” option (previously known as “Relax Frame Count” and later on “frame counter checks”):
Console V3
For V3, at least for LoRaWAN 1.0.x ABP devices, “Reset Frame Counters” is in Network layer, Advanced MAC Settings (just below the ABP NwkSKey):
Don’t ignore the warning:
Resetting is insecure and makes your device susceptible for replay attacks
It seems that in V3 the V2 “Reset Frame Counters” link no longer exists, and the TTN downlink counter is reset automatically if needed.
Console V2
Just here for posterity and the links to help you solve problems.
- First, read this full post, and its warnings below, and the warning TTN Console shows, so you understand what you’re doing!
- Log in to the Console at https://console.thethingsnetwork.org
- Go to your application
- Click Devices, and find the specific device
- Just to be sure†: write down the current values for “Frames up” and “Frames down”
- Click Settings, and uncheck the checkbox:
- In the command line interface, see the
--disable-fcnt-check
option.
Disabling frame counter checks drastically reduces security and should only be used for development purposes.
This only affects the counters on the server side, hence only affects the uplink frame counter; if you ever reset the counters in TTN (see also the next warning) then you’ll need to implement something similar in your device for the downlink frame counter. (Note that downlinks include MAC commands, like used for ADR, and ACKs for confirmed uplinks.) For V3, see below.
Simply just changing this setting for an ABP device will reset the frame counters in TTN. (Due to a bug for ABP devices, even just changing its description will already reset the counters!) So, the downlink counter will be reset to zero when changing this setting.
Even when the frame counter checks have been disabled, a device will no longer work when it resets after already having used values larger than 16 bits (65,536 and up). In that case, TTN will not be able to validate the MIC. And as a DevAddr is not unique, TTN needs a valid MIC to find the device. (An uplink only holds the LSB 16 bits of the frame counter. For the MSB the server will try the last known value and the next value, to validate the MIC.) (TTN first checks the 16 bits counter, regardless any MSB it knows, so that’s a happy accident in case the device has been reset to zero.)
Also note the “reset frame counters” link next to the last known counter values in the Console. If you really know what you’re doing then you can use this to make the TTN backend set both the counters back to zero when needed, without the need to disable the frame counter checks. Beware that resetting the downlink counter requires your device to do the same, for otherwise the device will ignore any downlinks that use numbers that are lower than the downlink count it knows. (Just the opposite of how TTN will ignore low values for uplink counters.) Also, despite the incomplete warning, if the uplink counter already exceeded 16,384 then TTN will not accept any uplinks after resetting the counter without resetting the device as well. You might want to write down the last known values for both “Frames up” and “Frames down” before resetting anything.
All the above is only about the counters. But a device may have lost much more state after a reset, such as network settings (including the channel mask as sent in the initial ADR Request for US915 and AU915, which is only sent once ever for ABP), ADR state, and pending confirmations. To ensure that TTN does not assume any state that the device has already lost, fully re-registering the device may be better.
† If you messed up, then there’s a small chance that ttnctl
might help to make TTN use the true counters again.