Firechat and Nearby Communication
Firechat and Nearby Communication
By /

I recently discovered the existence of Firechat when I heard that it was being used by thousands of protester during the ongoing "Umbrella Revolution" in Hong Kong. Firechat is said to be a messaging app which, unlike whatsapp wechat or TextSecure, can communicate from one device to another directly, without using any existing Internet connection.

Wireless has so much more to offer than just being a bridge to the Internet, especially right now where it is being more and more monitored. Wireless mesh networks offer an exiting alternative: a wild, disruptive and uncontrollable network. I love mesh network so I really wanted to know more about the Firechat app.

Firechat hands on

Firechat is developped by a start-up company called OpenGarden. This is not the first ad-hoc application they developed since they already provided an app called Open Garden enabling wireless multi-hop connectivity to the Internet. Firechat is their last and most widely used product and is actually being used in Hong Kong. So let's try it !

Sadly, Firechat is not Free Software and is not Open Source neither so the only way to download it was either from the GooglePlay (which I don't have) or to download the apk from a third party (which I don't recommand for obvious security reason). For the purpose of the test, I installed the APK and ran the application.


Second disapointment, a registration is necessary to start chatting around and it requires an Internet connection. As shown on the three pictures above, it asks for the "Real Name" "Full Name" [ndlr: FIX 06-10], a surname and an email address. The good thing is that there is no email verification mechanism so you can just enter bullshit information and it is going to work. All the communication in Firechat are public so it is strongly advised to enter false information anyway.


Third disapointment, an error message appears each time I load the main window to warn me that I don't have the Google Play Services which indeed I stripped from CyanogenMod (I try to be tracker-free and to only use free software). Despite of the warning, the application still runs and the interface is then very simple, your chatroom list is divided into three parts:

  • Everybody/Nearby: chat with people nearby, either from Internet based location (Everybody mode) or from bluetooth-based physical connectivity (nearby mode)
  • Joined rooms: the room you joined and for which you are participating
  • Firechats: a list with all the room

You can picture Firechat as an IRC server, there is a lot of people connected to it and you can create and join as many room as you want. Each time you join a new room, it will be added into your "Joined" set. I don't know if it is due to the absence of Google Play Service, but I didn't find a way to search for room which is very inconvenient since there are thousands of different rooms and only ten are being shown on the "Firechats" list.

Hence, the normal mode of communication of Firechat requires Internet. Every room are in fact hosted on the Firechat server and need an Internet connection to communicate with. The Nearby room however is the exception as it is dedicated for real physical colocation based on the bluetooth and the WiFi devices. I was a bit confused as how the Everyone chatroom worked. Like the Nearby room, it allows to communicate with people around you but at a much larger scale. Based on your IP address, it will connect you with the users from the same country as you which is inconvenient because if you use a VPN (like me) Firechat will connect you with the users whom their IPs are in the same country than the outer end of the tunnel.

Let's get our hand dirty and see how it works from a network point of view :)

Firechat Nearby communication


Obviously, the Nearby room is the most interesting since it involves an original mean of communication called "adhoc networks". Nearby communication requires that either or both WiFi and Bluetooth interface to be turned on. Firechat does not enable the bluetooth interface automatically so it need to be manually turned on and set visible to every device (by default it is only visible to paired device). This can be done in the setting like the two following image :


Once Bluetooth is activated, Firechat will create two RFCOMM bluetooth channel. From my Laptop, I use the awesome blucat tool to scan and interact with the channels (like netcat but for bluetooth):

[root@archlinux:~] [sam. oct. 04 07:49:20] 
$ hciconfig hci0 up

[root@archlinux:~] [sam. oct. 04 07:49:20] 
$ blucat devices
Searching for devices
+,3C8BFE5CD657, "nameless", Trusted:false, Encrypted:false
Found 1 device(s)

[root@archlinux:~] [sam. oct. 04 07:49:46] 
$ blucat services 3C8BFE5CD677  
Listing all services
+,3C8BFE5CD677, "nameless", Trusted:false, Encrypted:false
-,"Headset Gateway", "", btspp://3C8BFE5CD677:2
-,"Handsfree Gateway", "", btspp://3C8BFE5CD677:3
-,"AV Remote Control Target", "", btl2cap://3C8BFE5CD677:0017
-,"Advanced Audio", "", btl2cap://3C8BFE5CD677:0019
-,"", "", btl2cap://3C8BFE5CD677:0017
-,"Android Network Access Point", "", btl2cap://3C8BFE5CD677:000f
-,"MAP SMS/MMS", "", btgoep://3C8BFE5CD677:4
-,"MAP EMAIL", "", btgoep://3C8BFE5CD677:5
-,"OBEX Phonebook Access Server", "", btgoep://3C8BFE5CD677:19
-,"OBEX Object Push", "", btgoep://3C8BFE5CD677:12
-,"", "", btspp://3C8BFE5CD677:15
-,"FireChat", "", btspp://3C8BFE5CD677:6

most of the channels are quiet standard Android channels except for the last two which have been created by Firechat. I tried to connect to the last one called Firechat on bluetooth port 6 but I was not able to get any response from the application so I believe this is only a "beacon" to advertise the presence of a FireChat user to the neighborhood or maybe it is used to create multi-hop route I don't really know.

The second channel on bluetooth port 15 is more interesting because this is were the communication takes place. So let's first connect to it using the following blucat command blucat -url and see what happens when I send a message to the Nearby room from the Firchat application (in order to make a distinction between send and receive message, i append the [received] and [send] tags):

[root@archlinux:~] [sam. oct. 04 07:50:58] 
$ blucat -url btspp://3C8BFE5CD677:15
[received] {"t":246039.375,"uuid":"!'AX.]!F!+:KIGJO","user":"plopinou","msg":"Lorem ipsum","firechat":"Nearby","name":"plop"}


As we can see from above, first the Android phone interactively asks for the user to accept the pairing, once it is done, every message sent from the Firechat app will be sent over the bluetooth channel on port 15 to every paired devices. So when I sent the "Lorem Ipsum" message from the Firechat app, I received a string on blucat which we recognize to be a JSON format to describe the data which are :

  • t: timestamp in seconds
  • uuid: a unique identifier for the message (probably an armored hash)
  • user name: real name full name [ndlr: fix 06-10] of the user
  • msg: the message to be sent to the room
  • Firechat: the name of the chatroom
  • name: the surname

Most interestingly, it is pretty easy to communicate with Firechat Nearby room from a Linux computer using blucat by sending a JSON formatted string. Let's send the following string in blucat and see what happens :

$ blucat -url btspp://3C8BFE5CD677:15
[sent] {"t":246040.0,"uuid":"123456","user":"teletrollix","msg":"trololo","firechat":"Nearby","name":"generalol"}

From the screenshot, the Firechat app display the "trololo" message sent from the user "teletrollix" which goes by the name "generalol". I tried sending ridiculous long string and there doesn't seem to have any limit to the size of the string we can send.

A funny thing is that every message sent from the application to a room will be forwarded by bluetooth as well. So don't except the room to be private because even if you are only two in it, every message you send to the room are forwarded to the bluetooth users. For instance if I create a room "hdhdusuwhwhsudusbshsiw" and send the message "plop" from the Firechat app, it will appear in the blucat log !!

$ blucat -url btspp://3C8BFE5CD677:15
[received] {"t":254533.78125,"uuid":"=G95udh9s}#uhE","user":"plopinou","msg":"Plop","firechat":"hdhdusuwhwhsudusbshsiw","name":"plop"}

Now what happens, if I send a message using blucat to a random channel, will it get forwarded by the application to Internet to every user ? Well, even though the message does appear in the room from the Firechat App, it is not forwarded to the Internet. Take another example, from the Firechat app, I will send the "Hey Joe" message and will then send from Linux using blucat the message "IMPOSSIBRU" to the room "Everyone":

$ blucat -url btspp://3C8BFE5CD677:15
[received] {"t":246494.15625,"uuid":"zn4!Q#4S~#X5,-mQ","user":"plopinou","msg":"Hey joe","firechat":"Everyone","name":"plop"}
[sent]     {"t":246500.0,"uuid":"jhzfjff","user":"teletrollix","msg":"IMPOSSIBRU","firechat":"Everyone","name":"generalol"}

From the previous image we understand the following things:

  • Firechat app does not forward message received by Internet to the bluetooth. Blucat did get the Hey Joe message but didn't get Chun Lam's message "Hi"
  • message sent by bluetooth to a random chatroom does appear in the firechat app (the IMPOSSIBRU message)
  • is it forwarded to the internet users ?

To be sure I used Wireshark to try to understand how does Firechat app communicate to its server that's where I discovered two interesting things.

Firechat Server

Using wireshark and filtering on the IP of my Android phone, I was able to determine that Firechat is sending message to two different IPs:


From the first IP, I understand that Firechat is also looking to create bond between WiFi device. It periodically sends UDP packet to the multicast address and will also forward message just as it does with bluetooth. So not only every message sent are forwarded by bluetooth, they are also forwarded by WiFi !

This is actually quiet clever if we take into assumption that every message have to be public but I find it hard to swallow that they ask to provide a Real Name Full Name [ndlr: fix 06-10] given how it is wildly broadcasted and easy to intercept.

Let's keep going, the second IP is actually the Firechat server and message are sent through an SSL connection to the port 4176. And now comes the big surprise that is, if I simply connect to this IP using OpenSSL, then plenty of messages starts raining :

[nameless@archlinux:~] [sam. oct. 04 08:48:06] 
% openssl s_client -host -port 4176
depth=0 C = US, ST = California, L = San Francisco, O = "Open Garden, Inc", CN =
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Open Garden, Inc", CN =
verify return:1
[... Open SSL Connexion Log message ...]]

{"firechat":"Everyone","t":33.188826,"name":"Dhiraj Chainani","user":"themagicalteddy","msg":"this is cool","uuid":"K@)&:6p3]t%xW#{p","loc":"Singapore","st":1412402798}
{"t":247027.21875,"name":"plop","uuid":"*y7H[:hScJ43&X>d","user":"plopinou","msg":"It is","firechat":"Everyone","loc":"Singapore","st":1412402856}
{"t":72723.0703125,"name":"Lance Wong","uuid":"[Q$|p6fwHJ<:(bE=","user":"lancey","msg":"hello","firechat":"Everyone","loc":"Singapore","st":1412402869}
{"loc":"Woodlands","firechat":"Everyone","t":488.515361,"name":"Eugene","user":"cybercat","msg":"Wat make u cool","uuid":"a7!^x_Nvn<(1,Md;","st":1412402888}
{"t":247153.59375,"name":"plop","uuid":">BC.y4iS.poVSa,S","user":"plopinou","msg":"It just is","firechat":"Everyone","loc":"Singapore","st":1412402982}
{"t":247672.375,"name":"plop","uuid":"v:t{qA|@Y}Gn? <+","user":"plopinou","msg":"LOREM IPSUM","firechat":"Everyone","loc":"Singapore","st":1412403501}
{"t":248317.859375,"name":"plop","uuid":".qdWMiU%^IA,G}~u","user":"plopinou","msg":"Anybody ?","firechat":"Everyone","loc":"Singapore","st":1412404146}
{"t":4886.49169921875,"name":"MeeSiamMaiHum","uuid":"[Y$S ?-yW(b-g1gL","user":"maihum","msg":":-)","firechat":"Everyone","loc":"Singapore","st":1412404580}
{"name":"Lim Chee Aun","t":101.390309,"uuid":"y%VV+CJl5*b<","msg":"Test","firechat":"Everyone","user":"cheeaun","loc":"Singapore","st":1412404734}

As we can see from the image Above :

  • Every message we sent to the room "Everyone" is easily intercepted by just connecting to the server with OpenSSL
  • message sent by bluetooth to the "Everyone" room to a Firechat app are not Forwarded to the Internet (see how the message from generalol are not received on the SSL).

Both my Android phone and my Laptop are connected to the Internet using my broadband modem. If now I configure both of them to use my VPN in order to get to the Internet from France, we then receive message from French people:

[nameless@archlinux:~] [sam. oct. 04 08:48:06] 
% openssl s_client -host -port 4176
[... Open SSL Connexion Log message ...]]
{"firechat":"Everyone","t":2329.514754,"name":"Jbmdb","user":"jbmdb13","msg":"Tu as instagram ?","uuid":"q$){>5=xx_f0)oK%","loc":"Martigues","st":1412404607}
{"loc":"Saint-Paulien","firechat":"Everyone","t":514.790329,"name":"Morgane","user":"morgane17","msg":"Non dsl","uuid":"u+Fo32Txr%n,5bB{","st":1412404634}
{"name":"Bastian","t":493.515672,"uuid":"bzk&jZEmZR($","msg":"Slt tlm","firechat":"Everyone","user":"bastain37","loc":"Amboise","st":1412404770}
{"firechat":"Everyone","t":2493.639984,"name":"Jbmdb","user":"jbmdb13","msg":"Ouki ni snap je pari ?","uuid":"Q>2nQxbGNW`KF@n","loc":"Martigues","st":1412404771}


Wireless device such as bluetooth or WiFi have so much more to offer than just providing a mobility area to the Internet. It is good news to see application like FireChat popularising this exciting communication paradigm. However in the current state FireChat suffer from several flows that makes it unsuitable for an event like "Umbrella Revolution". First the application is closed source and its internal mechanism are pretty difficult to understand at first. It is hard to fully comprehend wether a message goes public or stay locally. The lack of information regarding this matter makes it irresponsable to ask users to fill in their full name before using the application.

During the study, we stressed that not only every message sent are broadcasted locally (both Bluetooth and Wifi) regardless of the room, but we also show how easy it was to intercept and send information from/to Firechat users. Given the political context of the Umbrella Revolution, I would advise people to stop using Firechat or at least try to avoid leaking any information that could link to their real identity.

0.0 ·
What's Next
Trending Today
Noam Chomsky Has 'Never Seen Anything Like This'
Chris Hedges · 11,215 views today · Noam Chomsky is America’s greatest intellectual. His massive body of work, which includes nearly 100 books, has for decades deflated and exposed the lies of the power elite...
Donald Trump Is the Mirror and Hillary Clinton Is the Mask
Chris Agnos · 6,587 views today · Disclaimer: I do not support Donald Trump or Hillary Clinton for president. I think the scope of the political debate is far too narrow for the kinds of actions that need to...
Your Lifestyle Has Already Been Designed (The Real Reason For The Forty-Hour Workweek)
David Cain · 3,248 views today · Well I’m in the working world again. I’ve found myself a well-paying gig in the engineering industry, and life finally feels like it’s returning to normal after my nine months...
Gil Scott-Heron Deconstructs Colonialism and Black History in His Own Unique Style
3 min · 2,951 views today · His-Story: I was wondering about our yesterdays, and starting searching through the rubble and to say the very least, somebody went to a hell of a lot of trouble to make sure...
Today I Rise: This Beautiful Short Film Is Like a Love Poem For Your Heart and Soul
4 min · 2,565 views today · "The world is missing what I am ready to give: My Wisdom, My Sweetness, My Love and My hunger for Peace." "Where are you? Where are you, little girl with broken wings but full...
Mark Corske's Engines of Domination (2014)
60 min · 2,512 views today · Political power -- armed central authority, with states and war -- is it part of human nature? Is it necessary for human communities? Or is it a tool that ruling elites use to...
HyperNormalisation (2016)
161 min · 1,587 views today · We live in a time of great uncertainty and confusion. Events keep happening that seem inexplicable and out of control. Donald Trump, Brexit, the War in Syria, the endless...
Donald and Hobbes Is Genius
Various · 1,384 views today · Some clever folk have been replacing precocious 6-year-old Calvin, from the Calvin and Hobbes comic strips, with Donald Trump and the results are, well, take a look...
What Makes Call-Out Culture So Toxic
Asam Ahmad · 1,325 views today · Call-out culture refers to the tendency among progressives, radicals, activists, and community organizers to publicly name instances or patterns of oppressive behaviour and...
The White Man in That Photo
Riccardo Gazzaniga · 1,077 views today · Sometimes photographs deceive. Take this one, for example. It represents John Carlos and Tommie Smith’s rebellious gesture the day they won medals for the 200 meters at the...
10 Quotes From an Oglala Lakota Chief That Will Make You Question Everything About Our Society
Wisdom Pills · 1,030 views today · Luther Standing Bear was an Oglala Lakota Sioux Chief who, among a few rare others such as Charles Eastman, Black Elk and Gertrude Bonnin occupied the rift between the way of...
John Lennon's "Imagine," Made Into a Comic Strip
John Lennon. Art by Pablo Stanley · 807 views today · This is easily the best comic strip ever made.  Pabl
Anarchists - What We Stand For
unknown · 756 views today · Anarchism : The word “anarchy” comes from Greek and means “no rulers”. As a political philosophy, anarchism is based on the idea that organization does not require rulers—that...
For Those Who Don't Want to Vote for the Lesser of Two Evils
Peter White · 726 views today · Ranked-choice voting is catching on, and Maine might become the first state to help citizens vote for candidates they actually want.
Planet Earth II Could Be Best Nature Doc Ever Made
3 min · 622 views today · 10 years ago Planet Earth changed our view of the world. Now we take you closer than ever before. This is life in all its wonder. This is Planet Earth II. A decade ago, the...
Schooling the World (2010)
66 min · 408 views today · If you wanted to change an ancient culture in a generation, how would you do it? You would change the way it educates its children. The U.S. Government knew this in the 19th...
The Top 100 Documentaries We Can Use to Change the World
Films For Action · 362 views today · A more beautiful, just and sustainable world is possible. Take this library and use it to inspire global change!
Eckhart Tolle: Your Facebook Ego, That's Not Who You Are
2 min · 289 views today · “Identification with thoughts and the emotions that go with those thoughts creates a false mind-made sense of self, conditioned by the past: the "little me" and its story. This...
Are You Lost in the World Like Me?
3 min · 276 views today · Animated film by Steve Cutts for 'Are You Lost In The World Like Me?', taken from These Systems Are Failing- the debut album from Moby & The Void Pacific Choir. 
Lessons in the Calais Jungle: Teaching Life Stories and Learning About Humanity
Aura Lounasmaa · 248 views today · I am part of a team of academics teaching a course to residents in the Calais Jungle, a camp for migrants and refugees outside the French city. Life Stories in the Jungle has...
Load More
Like us on Facebook?
Firechat and Nearby Communication