betaflight-configurator icon indicating copy to clipboard operation
betaflight-configurator copied to clipboard

Published 20 hours ago verified publisher icon betaflight

Add support for getting/setting elrs uid via receivers tab

Open jeffpearce opened this issue 3 years ago • 27 comments

Dependent on https://github.com/betaflight/betaflight/pull/11192

Adds support for getting and setting elrs passphrase via receivers tab:

  • Allows entering passphrase directly - uid bytes are displayed below entry
  • Calls msp API to get/set uid
  • Saves mapping of uid byte string to passphrase into localstorage so it can properly display any passphrases its seen

UI when passphrase is known (passphrase retrieved from storage): Screen Shot 2021-12-29 at 6 41 49 AM

UI when passphrase is not known (not present in local storage): Screen Shot 2021-12-29 at 6 46 10 AM

UI when disabled (not spi rx, or older version of betaflight) Screen Shot 2021-12-29 at 6 46 55 AM

jeffpearce avatar Dec 29 '21 16:12 jeffpearce

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Dec 29 '21 22:12 sonarqubecloud[bot]

It should be msp 1.45

asizon avatar Dec 30 '21 06:12 asizon

I don't know how ELRS works, but some doubts:

  • What happens if the user changes the passphrase in another computer / device / CLI /etc.? I suppose this will show a bad passphrase when connected again?
  • If the passphrase is unknown, there is no way to change it? I see you hide the input.

Seems a little confusing to me. If we can retrieve it from the FC/RX, I think is better to simply mask the passphrase with '*****' and let it change for a new value under user petition. A kind of write only value.

As I say, I don't know about ELRS so maybe my thoughts are wrong.

McGiverGim avatar Dec 30 '21 08:12 McGiverGim

@McGiverGim: elrs stores a 6 byte hash of the passphrase. In this change, if the actual passphrase is unknown, it displays a representation of that hash, and the save button just saves the hash it read upon load unless the user changes it. It might be less confusing to mask it out in that case, maybe via a placeholder.

I do like the idea of showing the actual passphrase if we know it, because I can plug my FC into betaflight and see if it's set correctly for that FC. I think the most common case would be someone wants to set all of their quads to the exact same passphrase, and this gives an easy way to see whether it's correct.

jeffpearce avatar Dec 30 '21 17:12 jeffpearce

Sorry for my late reply, I was out ;)

I'm more of the opinion that if it is a hash, it is a one-way password and is better to not store it, simplifying the things. But I don't use the system, so if others developers/users think is ok, then I will not oppose to it.

McGiverGim avatar Jan 10 '22 08:01 McGiverGim

@jeffpearce I think having indication that there is a password, but it's only hash is better than hiding? We'd need to indicate that it will overwrite the existing password, but it would also help since user would see about the current state not just overwrite what's there already.

chmelevskij avatar Jan 10 '22 13:01 chmelevskij

Im waiting for elrs tx/rx this week, but i should adquire and spi rx fc to start testing that and how it works.

asizon avatar Jan 11 '22 05:01 asizon

AUTOMERGE: (FAIL)

  • github identifies PR as mergeable -> FAIL
  • assigned to a milestone -> PASS
  • cooling off period lapsed -> PASS
  • commit count less or equal to three -> PASS
  • Don't merge label NOT found -> PASS
  • at least one RN: label found -> PASS
  • Tested label found -> FAIL
  • assigned to an approver -> FAIL
  • approver count at least three -> FAIL

blckmn avatar Jan 11 '22 07:01 blckmn

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Feb 18 '22 01:02 sonarqubecloud[bot]

@chmelevskij:

I think having indication that there is a password, but it's only hash is better than hiding? We'd need to indicate that it will overwrite the existing password, but it would also help since user would see about the current state not just overwrite what's there already.

I'm sorry, but I don't understand the suggestion. What I'm considering right now is always showing the hash (since we read that from Betaflight), but not attempting to convert it back the the plaintext password. If the user types in a new password, they would see the hash change, and we could even treat it differently (bold, different color) if they do that. Does that sound along the lines of what you're suggesting, or have I misunderstood?

jeffpearce avatar Feb 18 '22 01:02 jeffpearce

we could even treat it differently (bold, different color) if they do that.

yep, something to show that there is existing and it will be overwritten.

chmelevskij avatar Feb 21 '22 10:02 chmelevskij

How about showing only the hash, but add a 'Generate' button (or similar) that prompts for the password (pop up), the hash is then replaced if the person selects ok.

blckmn avatar May 29 '22 21:05 blckmn

md5 should be replaced with sha-256 :joy:

https://www.npmjs.com/package/sha.js https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf

haslinghuis avatar Jun 02 '22 02:06 haslinghuis

@haslinghuis if depends on what you’re doing with it. If you’re implementing a password scheme or trying to keep something secret, md5 isn’t safe. If, on the other hand, you’re just using it as a hash function to convert an arbitrarily long string to something of known length as we are here, it’s a good choice. This needs to match the value stored in the transmitter, which is the md5 hash of the passphrase as entered in the expresslrs configurator.

jeffpearce avatar Jun 02 '22 02:06 jeffpearce

AES-256 should be military-grade encryption. Just testing the waters if this would be possible.

haslinghuis avatar Jun 02 '22 03:06 haslinghuis

Is hashing done on FC or just in the configurator?

chmelevskij avatar Jun 15 '22 10:06 chmelevskij

@chmelevskij this is only done in the configurator. Both the rx and tx store this hash value, and if they match, the tx will talk to that rx - it's a convenient substitute for binding. This change is only applicable to SPI receivers, as the ELRS configurator handles storing it on an external rx.

I'm not sure if I made it clear, but inputting this hash value is already available via the Betaflight CLI. This is meant to make the process a little more user friendly. Currently, you need to go the the ELRS website and input your passphrase; it creates the hash and gives you the CLI command for storing it on the FC.

jeffpearce avatar Jun 15 '22 12:06 jeffpearce

@jeffpearce, I just had a quick look. When you think PR is ready to merge please make sure it's only one commit (squashed). Thanks!

limonspb avatar Jun 18 '22 06:06 limonspb

@jeffpearce could you please rebase and squash :)

AlessandroAU avatar Jul 22 '22 18:07 AlessandroAU

I’ll update the PR soon!

jeffpearce avatar Jul 24 '22 13:07 jeffpearce

We are using less and not using css anymore, maybe that is breaking the build?

yarn gulp release --android doesn't work.

haslinghuis avatar Oct 11 '22 22:10 haslinghuis

I’ll take a look

jeffpearce avatar Oct 11 '22 23:10 jeffpearce

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

sonarqubecloud[bot] avatar Oct 12 '22 12:10 sonarqubecloud[bot]

@chmelevskij could you take a look here please?

haslinghuis avatar Oct 16 '22 00:10 haslinghuis

Cordova doesn't like crypto-js for some reason. IDK if it needs babel, or if it's something else. I could work around this by copying the MD5 code, but that's not my preferred solution.

jeffpearce avatar Oct 16 '22 00:10 jeffpearce

Do you want to test this code? Here you have an automated build: Betaflight-Configurator-Linux WARNING: It may be unstable and result in corrupted configurations or data loss. Use only for testing!

github-actions[bot] avatar Oct 16 '22 01:10 github-actions[bot]

@jeffpearce not sure here, but have no problem with alternatives here. Could make alternative for affected Operating Systems only or even as unsupported (yet).

haslinghuis avatar Oct 20 '22 21:10 haslinghuis

Hey @jeffpearce does it work by just having the code in repo?

It wouldn't be the first package we do this to. Given that we are multiplatform and quite complex it's often easier that than trying to fix it upstream.

chmelevskij avatar Oct 26 '22 03:10 chmelevskij

@chmelevskij i think I have a solution. I’ll do a bit more testing and push my changes tomorrow if I don’t find any problems

jeffpearce avatar Oct 26 '22 04:10 jeffpearce

Do you want to test this code? Here you have an automated build: Betaflight-Configurator-Android Betaflight-Configurator-Linux Betaflight-Configurator-macOS Betaflight-Configurator-Windows WARNING: It may be unstable and result in corrupted configurations or data loss. Use only for testing!

github-actions[bot] avatar Oct 26 '22 14:10 github-actions[bot]

FWIW and if this is still under debate (pr 11192), i think it is really un-important to do any privacy masks in the configurator. any ELRS "exploit" concerns are not of any essence here, IMHO.

QuickSilver allows pilot to type the phrase visible in plaintext and the hash is visible as plaintext as well. Privacy is not a real factor. image

if it's really desired, then so be it, but diff/dump bind-code is plaintext.

nerdCopter avatar Oct 27 '22 13:10 nerdCopter