Broadcast info SSIDs to nearby phones — no connection needed
🔒
Security
Mesh passphrase, node allowlist, rate limiting
🔌
System Setup
Apply WiFi AP, HTTPS, DNS, Bluetooth changes to the OS
Disclaimer: Omesh is an educational tool. The ciphers here are for learning — they are NOT secure for real-world use. You are responsible for complying with the laws of your country/region regarding data encryption and transport. Omesh takes no responsibility for how data is transmitted on your network.
Access Mode
Invite Codes
Share this code:
Tap to copy
All Members
Pending Business Claims
Loading...
Cipher Lab
Pick a cipher, type a message, and watch how encryption transforms your data byte by byte.
Before & After
PLAINTEXT (hex)
CIPHERTEXT (hex)
PLAINTEXT (ascii)
CIPHERTEXT (ascii)
Step-by-Step Trace
Each row shows one byte being transformed. Watch how the cipher changes each byte using the key.
Step
Visual
In
Out
Key
Char
Frequency Analysis
How often does each byte value appear? Good encryption should flatten this distribution.
Plaintext
Ciphertext
Challenge: Can You Break It?
Here's just the ciphertext. Can you figure out the original message and the key?
Your Own Encryption
Use any encryption program you want. Write it in any language — Python, C, Rust, a shell script, whatever. Omesh pipes your data through it before sending, and through it again on the other side to decrypt.
How it works:
1. Your program reads data from stdin
2. Encrypts (or decrypts) it however you want
3. Writes the result to stdout
4. Gets called with argv[1] = "encrypt" or "decrypt"
Both nodes need the same program + same key. Omesh never sees your plaintext on the wire — it's all opaque bytes to the mesh.
Registered External Ciphers
Loading...
Built-in Cipher Config
Or use one of the 10 built-in ciphers. Set different ciphers per peer or a global default.
Active Peer Configs
Loading...
Example: Simple XOR Cipher
#!/usr/bin/env python3
import sys
KEY = b"my-secret-key"
data = sys.stdin.buffer.read()
out = bytearray(len(data))
for i in range(len(data)):
out[i] = data[i] ^ KEY[i % len(KEY)]
sys.stdout.buffer.write(out)
Save this as a .py file, chmod +x it, and register it above. Both nodes need the same script + key.
Users
Add User
Beacon Broadcast
Broadcast info as WiFi SSIDs. Phones see these in WiFi settings with no connection needed. Signal bars show proximity to the tower.
Messages (max 28 chars each, up to 7). Phones see: "1/N your message"
SSID Preview (what phones see in WiFi list):
How it works: Each message becomes a separate WiFi SSID. A lost hiker opens their phone's WiFi settings and reads the messages. Signal strength (bars) shows if they're getting closer or farther from the tower. No app, no internet, no connection needed. Setup: Run scripts/beacon_broadcast.sh start on the Pi after saving. Requires hostapd (WiFi AP mode).
Node Configuration
Adjust resource limits for this node. Changes require a restart.
Mesh Security
Control who can join your mesh and how much they can do. Changes take effect after save (some require restart).
Mesh Passphrase
If set, only nodes with the same passphrase can discover and connect to each other. Think of it like a WiFi password for your mesh network. Leave blank to allow anyone.
Node Allowlist
Open mode: Any node that knows the passphrase (or any node if no passphrase) can join automatically. Approved mode: New nodes appear as "pending" and must be manually approved by you before they can participate.
Rate Limiting
Limits how many documents a single node can push to you per minute. Protects against a rogue node flooding your storage. Set to 0 to disable.
docs/minute (0 = unlimited)
Site Visibility
Control which sites are discoverable by other nodes on the mesh.
Pending Access Requests
Other nodes requesting access to your shared sites.
System Setup
Apply configuration changes to the operating system. This will configure WiFi AP, HTTPS certificates, DNS, and Bluetooth based on your saved settings.
Changes are applied by running omesh-apply.sh which reads ~/.omesh/config and configures hostapd, dnsmasq, nginx, and other system services as needed. This is idempotent — services only restart if their config actually changed.