Curious Cab3 / Base3 information to share

My guess is that the app is using some combination of hardware ID, well-known IP addresses, and maybe an expected API response of some sort to detect the base on the network.

The API response should allow the app to positively identify a base if implemented properly.

If the app only uses hardware ID and/or IP, a lot of things on a big network (like the Wi-Fi on a cruise ship) might look like the Base3 to the app.

If the app uses an API call where it expects a response from the Base3 but it still gets confused and looks like it connects when there is none, I have two hypotheses.

1) The API that the Base3 uses is a common one that other software uses and something on the network also uses that common API.

2) There is some sort of nefarious "honeypot" on the network that detects (based on the API request) and formulates a response to trick the app. This is a common technique for stealing credentials.

The way Lionel could prevent this is by using a asymmetric public-private key pair on the Base3 and app.

@stangtrain posted:

For whatever reason, in the evening, I opened the Cab3 app and selected Base3. The app searched and then actually reported to be connected to some phantom Base3!

The Captain has a model train layout in his stateroom!

Maybe you should check out Cabin 435.

If you're savvy try running some OSINT tools on the guest network. You might be surprised at what you can find!

Don't use the Cab3 throttle when you are in iceberg waters!  You might be connecting to Main Control!

When looking for the Base3, the Cab3 scans IPs looking for an open port 5000.  That port is used by UPnP services and other 3rd party services such as my Synology NAS management port.

While a connection to the LCS WiFi's port 5000 requires a followup query to establish whether the a Base is present on the port, the Cab3 logic seems content to open the port without verifying whether the port is provided by a Base3 service.  Dave Olsen is aware of this issue.

Maybe I’ll delete the app until I get home! We are sailing near icebergs as it is. No need to give fate any extra temptation!

@stangtrain posted:

Maybe I’ll delete the app until I get home! We are sailing near icebergs as it is. No need to give fate any extra temptation!

Talk about something that would be hard to explain!

"I was just trying to run my trains and the ship rammed an iceburg!"

@gunrunnerjohn posted:

Talk about something that would be hard to explain!

"I was just trying to run my trains and the ship rammed an iceburg!"

yes here is the banner: Ship hit iceberg, man seen swimming from seen of collision clutching some type of electronic jamming device with a glowing "L". Authorities want to speak with this man...............

More of the same: While flying home from the destination port in St. John's Newfoundland Canada, I had the (brave) brilliant (maybe stupid) idea to open the Cab3 App and when I clicked on "Base3" it indicated that it was "connected"!!

Needless to say, I immediately closed the App!!

@stangtrain posted:

More of the same: While flying home from the destination port in St. John's Newfoundland Canada, I had the (brave) brilliant (maybe stupid) idea to open the Cab3 App and when I clicked on "Base3" it indicated that it was "connected"!!

I'm impressed that you survived the plane crash!!!