Firechat and Nearby Communication
Firechat and Nearby Communication
By https://twitter.com/9B22EB34 / breizh-entropy.org

I recently discovered the existence of Firechat when I heard that it was being used by thousands of protester during the ongoing "Umbrella Revolution" in Hong Kong. Firechat is said to be a messaging app which, unlike whatsapp wechat or TextSecure, can communicate from one device to another directly, without using any existing Internet connection.

Wireless has so much more to offer than just being a bridge to the Internet, especially right now where it is being more and more monitored. Wireless mesh networks offer an exiting alternative: a wild, disruptive and uncontrollable network. I love mesh network so I really wanted to know more about the Firechat app.

Firechat hands on

Firechat is developped by a start-up company called OpenGarden. This is not the first ad-hoc application they developed since they already provided an app called Open Garden enabling wireless multi-hop connectivity to the Internet. Firechat is their last and most widely used product and is actually being used in Hong Kong. So let's try it !

Sadly, Firechat is not Free Software and is not Open Source neither so the only way to download it was either from the GooglePlay (which I don't have) or to download the apk from a third party (which I don't recommand for obvious security reason). For the purpose of the test, I installed the APK and ran the application.

  

Second disapointment, a registration is necessary to start chatting around and it requires an Internet connection. As shown on the three pictures above, it asks for the "Real Name" "Full Name" [ndlr: FIX 06-10], a surname and an email address. The good thing is that there is no email verification mechanism so you can just enter bullshit information and it is going to work. All the communication in Firechat are public so it is strongly advised to enter false information anyway.

  

Third disapointment, an error message appears each time I load the main window to warn me that I don't have the Google Play Services which indeed I stripped from CyanogenMod (I try to be tracker-free and to only use free software). Despite of the warning, the application still runs and the interface is then very simple, your chatroom list is divided into three parts:

  • Everybody/Nearby: chat with people nearby, either from Internet based location (Everybody mode) or from bluetooth-based physical connectivity (nearby mode)
  • Joined rooms: the room you joined and for which you are participating
  • Firechats: a list with all the room

You can picture Firechat as an IRC server, there is a lot of people connected to it and you can create and join as many room as you want. Each time you join a new room, it will be added into your "Joined" set. I don't know if it is due to the absence of Google Play Service, but I didn't find a way to search for room which is very inconvenient since there are thousands of different rooms and only ten are being shown on the "Firechats" list.

Hence, the normal mode of communication of Firechat requires Internet. Every room are in fact hosted on the Firechat server and need an Internet connection to communicate with. The Nearby room however is the exception as it is dedicated for real physical colocation based on the bluetooth and the WiFi devices. I was a bit confused as how the Everyone chatroom worked. Like the Nearby room, it allows to communicate with people around you but at a much larger scale. Based on your IP address, it will connect you with the users from the same country as you which is inconvenient because if you use a VPN (like me) Firechat will connect you with the users whom their IPs are in the same country than the outer end of the tunnel.

Let's get our hand dirty and see how it works from a network point of view :)

Firechat Nearby communication

Bluetooth

Obviously, the Nearby room is the most interesting since it involves an original mean of communication called "adhoc networks". Nearby communication requires that either or both WiFi and Bluetooth interface to be turned on. Firechat does not enable the bluetooth interface automatically so it need to be manually turned on and set visible to every device (by default it is only visible to paired device). This can be done in the setting like the two following image :

 

Once Bluetooth is activated, Firechat will create two RFCOMM bluetooth channel. From my Laptop, I use the awesome blucat tool to scan and interact with the channels (like netcat but for bluetooth):

[root@archlinux:~] [sam. oct. 04 07:49:20] 
$ hciconfig hci0 up

[root@archlinux:~] [sam. oct. 04 07:49:20] 
$ blucat devices
Searching for devices
+,3C8BFE5CD657, "nameless", Trusted:false, Encrypted:false
Found 1 device(s)

[root@archlinux:~] [sam. oct. 04 07:49:46] 
$ blucat services 3C8BFE5CD677  
Listing all services
+,3C8BFE5CD677, "nameless", Trusted:false, Encrypted:false
-,"Headset Gateway", "", btspp://3C8BFE5CD677:2
-,"Handsfree Gateway", "", btspp://3C8BFE5CD677:3
-,"AV Remote Control Target", "", btl2cap://3C8BFE5CD677:0017
-,"Advanced Audio", "", btl2cap://3C8BFE5CD677:0019
-,"", "", btl2cap://3C8BFE5CD677:0017
-,"Android Network Access Point", "", btl2cap://3C8BFE5CD677:000f
-,"MAP SMS/MMS", "", btgoep://3C8BFE5CD677:4
-,"MAP EMAIL", "", btgoep://3C8BFE5CD677:5
-,"OBEX Phonebook Access Server", "", btgoep://3C8BFE5CD677:19
-,"OBEX Object Push", "", btgoep://3C8BFE5CD677:12
-,"", "", btspp://3C8BFE5CD677:15
-,"FireChat", "", btspp://3C8BFE5CD677:6

most of the channels are quiet standard Android channels except for the last two which have been created by Firechat. I tried to connect to the last one called Firechat on bluetooth port 6 but I was not able to get any response from the application so I believe this is only a "beacon" to advertise the presence of a FireChat user to the neighborhood or maybe it is used to create multi-hop route I don't really know.

The second channel on bluetooth port 15 is more interesting because this is were the communication takes place. So let's first connect to it using the following blucat command blucat -url and see what happens when I send a message to the Nearby room from the Firchat application (in order to make a distinction between send and receive message, i append the [received] and [send] tags):

[root@archlinux:~] [sam. oct. 04 07:50:58] 
$ blucat -url btspp://3C8BFE5CD677:15
[received] {"t":246039.375,"uuid":"!'AX.]!F!+:KIGJO","user":"plopinou","msg":"Lorem ipsum","firechat":"Nearby","name":"plop"}

 

As we can see from above, first the Android phone interactively asks for the user to accept the pairing, once it is done, every message sent from the Firechat app will be sent over the bluetooth channel on port 15 to every paired devices. So when I sent the "Lorem Ipsum" message from the Firechat app, I received a string on blucat which we recognize to be a JSON format to describe the data which are :

  • t: timestamp in seconds
  • uuid: a unique identifier for the message (probably an armored hash)
  • user name: real name full name [ndlr: fix 06-10] of the user
  • msg: the message to be sent to the room
  • Firechat: the name of the chatroom
  • name: the surname

Most interestingly, it is pretty easy to communicate with Firechat Nearby room from a Linux computer using blucat by sending a JSON formatted string. Let's send the following string in blucat and see what happens :

$ blucat -url btspp://3C8BFE5CD677:15
[...]
[sent] {"t":246040.0,"uuid":"123456","user":"teletrollix","msg":"trololo","firechat":"Nearby","name":"generalol"}

From the screenshot, the Firechat app display the "trololo" message sent from the user "teletrollix" which goes by the name "generalol". I tried sending ridiculous long string and there doesn't seem to have any limit to the size of the string we can send.

A funny thing is that every message sent from the application to a room will be forwarded by bluetooth as well. So don't except the room to be private because even if you are only two in it, every message you send to the room are forwarded to the bluetooth users. For instance if I create a room "hdhdusuwhwhsudusbshsiw" and send the message "plop" from the Firechat app, it will appear in the blucat log !!

$ blucat -url btspp://3C8BFE5CD677:15
[...]
[received] {"t":254533.78125,"uuid":"=G95udh9s}#uhE","user":"plopinou","msg":"Plop","firechat":"hdhdusuwhwhsudusbshsiw","name":"plop"}

Now what happens, if I send a message using blucat to a random channel, will it get forwarded by the application to Internet to every user ? Well, even though the message does appear in the room from the Firechat App, it is not forwarded to the Internet. Take another example, from the Firechat app, I will send the "Hey Joe" message and will then send from Linux using blucat the message "IMPOSSIBRU" to the room "Everyone":

$ blucat -url btspp://3C8BFE5CD677:15
[...]
[received] {"t":246494.15625,"uuid":"zn4!Q#4S~#X5,-mQ","user":"plopinou","msg":"Hey joe","firechat":"Everyone","name":"plop"}
[sent]     {"t":246500.0,"uuid":"jhzfjff","user":"teletrollix","msg":"IMPOSSIBRU","firechat":"Everyone","name":"generalol"}

From the previous image we understand the following things:

  • Firechat app does not forward message received by Internet to the bluetooth. Blucat did get the Hey Joe message but didn't get Chun Lam's message "Hi"
  • message sent by bluetooth to a random chatroom does appear in the firechat app (the IMPOSSIBRU message)
  • is it forwarded to the internet users ?

To be sure I used Wireshark to try to understand how does Firechat app communicate to its server that's where I discovered two interesting things.

Firechat Server

Using wireshark and filtering on the IP of my Android phone, I was able to determine that Firechat is sending message to two different IPs:

  • 239.192.0.0
  • 209.237.236.194

From the first IP, I understand that Firechat is also looking to create bond between WiFi device. It periodically sends UDP packet to the multicast address 239.192.0.0 and will also forward message just as it does with bluetooth. So not only every message sent are forwarded by bluetooth, they are also forwarded by WiFi !

This is actually quiet clever if we take into assumption that every message have to be public but I find it hard to swallow that they ask to provide a Real Name Full Name [ndlr: fix 06-10] given how it is wildly broadcasted and easy to intercept.

Let's keep going, the second IP is actually the Firechat server and message are sent through an SSL connection to the port 4176. And now comes the big surprise that is, if I simply connect to this IP using OpenSSL, then plenty of messages starts raining :

[nameless@archlinux:~] [sam. oct. 04 08:48:06] 
% openssl s_client -host 209.237.236.194 -port 4176
CONNECTED(00000004)
depth=0 C = US, ST = California, L = San Francisco, O = "Open Garden, Inc", CN = firechat.opengarden.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Open Garden, Inc", CN = firechat.opengarden.com
verify return:1
[... Open SSL Connexion Log message ...]]

{"firechat":"Everyone","t":33.188826,"name":"Dhiraj Chainani","user":"themagicalteddy","msg":"this is cool","uuid":"K@)&:6p3]t%xW#{p","loc":"Singapore","st":1412402798}
{"t":247027.21875,"name":"plop","uuid":"*y7H[:hScJ43&X>d","user":"plopinou","msg":"It is","firechat":"Everyone","loc":"Singapore","st":1412402856}
{"t":72723.0703125,"name":"Lance Wong","uuid":"[Q$|p6fwHJ<:(bE=","user":"lancey","msg":"hello","firechat":"Everyone","loc":"Singapore","st":1412402869}
{"loc":"Woodlands","firechat":"Everyone","t":488.515361,"name":"Eugene","user":"cybercat","msg":"Wat make u cool","uuid":"a7!^x_Nvn<(1,Md;","st":1412402888}
{"t":247153.59375,"name":"plop","uuid":">BC.y4iS.poVSa,S","user":"plopinou","msg":"It just is","firechat":"Everyone","loc":"Singapore","st":1412402982}
{"t":247672.375,"name":"plop","uuid":"v:t{qA|@Y}Gn? <+","user":"plopinou","msg":"LOREM IPSUM","firechat":"Everyone","loc":"Singapore","st":1412403501}
{"t":248317.859375,"name":"plop","uuid":".qdWMiU%^IA,G}~u","user":"plopinou","msg":"Anybody ?","firechat":"Everyone","loc":"Singapore","st":1412404146}
{"t":4886.49169921875,"name":"MeeSiamMaiHum","uuid":"[Y$S ?-yW(b-g1gL","user":"maihum","msg":":-)","firechat":"Everyone","loc":"Singapore","st":1412404580}
{"name":"Lim Chee Aun","t":101.390309,"uuid":"y%VV+CJl5*b<","msg":"Test","firechat":"Everyone","user":"cheeaun","loc":"Singapore","st":1412404734}
{"name":"Valerie","t":25.014198,"uuid":"'DYJkO9s.{}ax}","msg":"😄😄😄😄","firechat":"Everyone","user":"lerie86","loc":"Singapore","st":1412404860}

As we can see from the image Above :

  • Every message we sent to the room "Everyone" is easily intercepted by just connecting to the server with OpenSSL
  • message sent by bluetooth to the "Everyone" room to a Firechat app are not Forwarded to the Internet (see how the message from generalol are not received on the SSL).

Both my Android phone and my Laptop are connected to the Internet using my broadband modem. If now I configure both of them to use my VPN in order to get to the Internet from France, we then receive message from French people:

[nameless@archlinux:~] [sam. oct. 04 08:48:06] 
% openssl s_client -host 209.237.236.194 -port 4176
[... Open SSL Connexion Log message ...]]
{"firechat":"Everyone","t":2329.514754,"name":"Jbmdb","user":"jbmdb13","msg":"Tu as instagram ?","uuid":"q$){>5=xx_f0)oK%","loc":"Martigues","st":1412404607}
{"loc":"Saint-Paulien","firechat":"Everyone","t":514.790329,"name":"Morgane","user":"morgane17","msg":"Non dsl","uuid":"u+Fo32Txr%n,5bB{","st":1412404634}
{"name":"Bastian","t":493.515672,"uuid":"bzk&jZEmZR($","msg":"Slt tlm","firechat":"Everyone","user":"bastain37","loc":"Amboise","st":1412404770}
{"firechat":"Everyone","t":2493.639984,"name":"Jbmdb","user":"jbmdb13","msg":"Ouki ni snap je pari ?","uuid":"Q>2nQxbGNW`KF@n","loc":"Martigues","st":1412404771}

Conclusion

Wireless device such as bluetooth or WiFi have so much more to offer than just providing a mobility area to the Internet. It is good news to see application like FireChat popularising this exciting communication paradigm. However in the current state FireChat suffer from several flows that makes it unsuitable for an event like "Umbrella Revolution". First the application is closed source and its internal mechanism are pretty difficult to understand at first. It is hard to fully comprehend wether a message goes public or stay locally. The lack of information regarding this matter makes it irresponsable to ask users to fill in their full name before using the application.

During the study, we stressed that not only every message sent are broadcasted locally (both Bluetooth and Wifi) regardless of the room, but we also show how easy it was to intercept and send information from/to Firechat users. Given the political context of the Umbrella Revolution, I would advise people to stop using Firechat or at least try to avoid leaking any information that could link to their real identity.

0.0 ·
0
What's Next
Trending Today
The Myth of Positivity: Why Your Pain Holds a Mighty Purpose
umair haque · 15,768 views today · Of all the great myths of contemporary life, one of the most toxic is positivity. It says: there are negative and positive emotions, and only the positive ones are worth...
Stunning Summary of US Imperialism and Native Resistance... on MSNBC!
4 min · 11,959 views today · On The Last Word with Lawrence O'Donnell on MSNBC, Lawrence explains why a protest by Native Americans in North Dakota reminds us of the history American always tries to forget.
Standing Rock Wisdom: How Sacred, Nonviolent Activism Has the Power to Succeed
Charles Eisenstein · 6,654 views today · I am told by Native American friends active at Standing Rock that the elders are counseling the Water Protectors to undertake each action prayerfully and to stay off the...
Seven Must-Have Skills for the 21st Century
Tommy Lehe · 4,899 views today · We live in a world that moves faster than we do. Trying to keep up can be an overwhelming task that at times feels hopeless, like we are falling further and further behind—but...
Veterans at Standing Rock Ask Forgiveness for War Crimes Against Tribal Nations
Jen Hayden · 4,392 views today · Jon Eagle Sr., Tribal Historic Preservation Officer at Standing Rock Sioux Tribe has reported something wholly unexpected happened at the Standing Rock Reservation today. The...
Why People Cling to Old Beliefs
1 min · 4,038 views today · Cognitive psychologist and neuroscientist at McGill University, Daniel Levitin, explains why people can be so stubborn when it comes to false beliefs. This behavior is...
The Other Way of Knowing
Lilian Na’ia Alessa · 3,477 views today · Western science and Indigenous worldviews are often seen as incompatible, with the Indigenous view usually being far less valued by society at large. But an inside look at...
DREAM: A Spoken Word Meditation For When Life Is Kicking Your Ass
4 min · 3,129 views today · If life is kicking your ass and the general un-coolness of everybody on planet erf is making you want to off yourself, TALK to someone: 800-273-8255 (national suicide...
Forget Air Force One, Pentagon Wastes Billions and Billions Every Month
Nadia Prupis · 3,115 views today · President-elect Donald Trump's focus on single Boeing contract ignores enormous waste of bloated Pentagon budget
Solar is Already Producing More Energy Than Oil, Says Major Scientific Review
Nafeez Ahmed · 2,996 views today · And is twice as powerful than previously thought
13 Crises That We All Must Face
George Monbiot · 2,515 views today · We face (at least) 13 major crises, some of which are immediate. It’s time for some hard thinking about how we confront them.
Dear Activists, Maybe It's Time to Admit That We've Got It All Wrong
Mickey Z. · 2,322 views today · “The first step in the revolution is eye contact.” - Alicen Grey
A Hauntingly Beautiful Short Film About Life and Death
5 min · 2,232 views today · The Life of Death is a touching handdrawn animation about the day Death fell in love with Life.
How a White Supremacist Became a Civil Rights Activist
Araz Hachadourian · 2,141 views today · The story of a KKK leader’s transformation shows us that we need not live forever with the kind of violence we saw in Charleston this month.
Andy Goes In - Working Undercover in a Factory Farm
10 min · 2,066 views today · He's a $10/hr farmhand, and his name isn't Andy. Andy Goes In is a compelling 10-minute documentary short about a Mercy For Animals undercover investigator. The vast majority...
15 Films Inspiring and Illuminating the 'New Story' Revolution
Tim Hjersted · 1,531 views today · Charles Eisenstein is one of the first people I heard talk about the "new story," synthesizing a diverse movement that has been emerging for the last several decades. When I go...
Sean Carroll - The Meaning of Life
7 min · 1,459 views today · The world keeps happening in accordance with its rules; it's up to us to make sense of it and give it value. Sean Carroll Music: Moby - God Moving Over the Face of the Waters
Satish Kumar on "What Is a Sacred Place?"
3 min · 1,372 views today · Satish Kumar brings a Hindu, Buddhist and Jain perspective to the definition of "sacred place." We found his explanation so compelling that we edited a three-minute piece...
Amanda Abbington Introduces iAnimal - 42 Days in the Life of Chickens
4 min · 1,319 views today · Shot undercover in British factory farms and slaughterhouses, this immersive 360° video gives you a birds-eye view of what happens to chicken from farm to plate.
Sky Roosevelt-Morris: The Secret of Indigenous Resiliency
2 min · 1,235 views today · Activist Sky Roosevelt-Morris is of the Shawnee and White Mountain Apache Nations. She is a member of the Leadership Council of the American Indian Movement of Colorado. In...
Load More
Like us on Facebook?
Firechat and Nearby Communication