In the last months i’m working on my PhD thesis, which involves breaking LoRaWAN in a few ways (i’m studying cybersecuriy) and i’m 1mm near to my goal, but i’m quite stuck on a simple thing. I’m using libellium board with a Microchip RN2483A lora chip mounted on it and i’m playing around with it. I’ve managed to send arbitrary pre-made join requests to a real gateway/network server and now i’m finally able to read downlink packets all around me (i’ve spent two days to figure out that downlink messages are done using inverse polarization, i was going mad because of it). The next step i need is to recreate, using my board, a downlink packet, specifically a join-accept one.
Using my custom code on a board i’m able to send a custom join request and get the relative join-accept, but when i send out a packet using the same transmission parameters (using another board) my board seems to ignore it. What can it be?
join request (sent by me) parameters: frequency 868.1, radio power 15, spreading factor 12, coding rate 4/5, bandwidth 125Khz, crc mode ON
join accept receiving configuration (working): the same but using frequency 869,525 (i’m waiting on the RxWindow 2) and inverted polarization
So i assumed i just need to send the fake join accept packet using the same configuration i used to receive the real one from the real gatway, but it didn’t work. What am i missing?
N.B. i have access to real and already accepted join-accept, and i can reset my board so i’m sure it’s not a problem with integrity or memory of the board.
it is possible for sure, and i’m doing this for security researches, i’m a good guy here ahahahah
Also, without knowing every single security parameter it is impossible to be harmful with a fake join accept packet. I’m just looking for the physical specific parameters used by the gateway during the join accept, i already know how to do the rest of the work
Anyway, just to be clear, i need it because i’m trying to implement a minimalistic gateway to test a few security things. Now i’m working on the join phase because that’s the focus of my work, i’m not trying to fool any “good” device around me
I’m sorrry, i didn’t want to create an off-topic. I’ve read lots of topics about lora configurations here, so i thought it was the right place as i would have found someone with that deep understading of lorawan physical layer.
Anyway I’ve read every single specifcation for developers found on the lora site (from 1.0.0 to 1.1) but not great luck for physical layer there, it didn’t even mention the polarization step. Then i’ve studied the code of many lora end-device implementations and a few gateways too like the one provided by TTN, Chirpstack, Libelium and Microchip, but i’ve found only the configurations i wrote before.
Anyway, at least for now, i’m stuck because i’ve discovered that my board can indeed receive data using inverted polarization, but it cannot send data using inverted polarization and that’s why my other board do not receive anything. Probably the manifacturer of the chip blocked this functionality as my board was developed to be at most an end device, but not a gateway (but it can perform p2p communication using lora directly without passing trough the lorawan mac layer, so it’s a strange choice).
Now i’m looking for a board that can be a gateway too, so that i can be sure it can send data using inverted polarization, but before buying it i’d like to be sure that the problem is indeed the one i’ve just mentioned, and not another misconfiguration i’ve made.
Sorry again for the off-topic, if you think i should delete it just tell me and i’ll do it, no hard feelings