MeshOS is the closed-source companion app Andy Kirby built on top of the open MeshCore LoRa mesh protocol. The Android, iOS, T-Deck, Windows and macOS builds gate basic mesh joining and messaging behind a client-side license check derived from the device's Android ID.

Who is Andy Kirby and what is the MeshOS / MeshCore split?

Andy Kirby (also known as andymux) is a former MeshCore team member who, per the official MeshCore project announcement at blog.meshcore.io/2026/04/23/the-split, filed a trademark on the MeshCore name without informing the team and built a closed AI-assisted MeshOS companion that paywalls basic features. The MeshCore team's announcement describes it as 'an insider team up with a robot and a lawyer'. The community keygen on this page bypasses that license check.

Is MeshOS the same as MeshCore?

No. MeshCore is the open-source LoRa mesh protocol maintained by the community at meshcore.io. MeshOS is Andy Kirby's closed companion app built on top of MeshCore. The license check the keygen on this page targets is in MeshOS, not MeshCore itself.

How do I find my Android ID for the MeshOS keygen?

On any device with ADB: 'adb shell settings get secure android_id'. From inside the MeshOS / MeshCore companion app, open the About screen — the Android ID or device ID is displayed there. On the LilyGO T-Deck firmware build, the MAC address shown under Settings → Device Info is used instead.

Which devices does this keygen work with?

Two separate flows. (1) The MeshOS Companion APK runs on Android and is device-agnostic on the radio side — it pairs with whatever MeshCore-compatible mesh node you have, so the APK keygen on this page works regardless of which radio you're using. (2) The T-Deck firmware writeup and Web Serial activator target the LilyGO T-Deck specifically — that is the only device the firmware track applies to.

Is this keygen safe? Does it send my Android ID anywhere?

No data leaves your browser. The MeshOS keygen is pure client-side JavaScript — your Android ID is hashed locally and never transmitted. You can save the page and run it fully offline, or copy the JavaScript or Python source and host it yourself.

How was the MeshOS license check broken?

The MeshOS Android companion is a Flutter app. Its compiled libapp.so was analysed with the open-source 'blutter' tool, which decompiles Flutter AOT snapshots back into readable Dart. The license check turned out to be a 32-bit djb2 hash of the device's Android ID, XORed with the four ASCII bytes 'MCPP', and hex-encoded — total reverse-engineering time was 19 minutes. The full walkthrough is on the article page.

Where can I download the MeshOS APK and T-Deck firmware?

All five builds are mirrored on this page. Companion APKs: v1.0.0 (~76 MB, SHA-256 fa4c20a5…4075e35, byte-identical to Andy's GitHub release) and v1.0.2 (~77 MB, SHA-256 15e931e6…512bfd4, community-built, pairs with the meshoskey.com keygen API). T-Deck firmware: v1.1.8 (~2.3 MB, archived djb2 era), v1.3.0 (~2.3 MB, archived after Andy's v1.3.1 hotfix), and v1.3.1 (~2.3 MB, current, SHA-256 23231ffc…f4ab7e33, paired with the in-page Web Serial activator). Always verify the SHA-256 before flashing.

What changed in MeshOS v1.0.2?

Andy Kirby upgraded the license check after the v1.0.0 keygen circulated, replacing the 32-bit djb2 hash with a public-key Ed25519 signature scheme. Better cryptography, same paywall, same trademark, same community protocol underneath. The community shipped a corresponding v1.0.2 APK paired with the meshoskey.com keygen API; this page mirrors both. Round 2 cracked in 13 minutes.

What changed in MeshOS v1.3.0 (T-Deck firmware)?

v1.3.0 was Andy's first Ed25519 T-Deck firmware. It tightens the same Ed25519 license check used in v1.0.2 but on the radio side — a separate keypair embedded in the firmware and verified at activation. The community shipped a paired v1.3.0 firmware build alongside an in-page Web Serial activator that connects to a flashed T-Deck over USB, fetches an activation key from meshoskey.com/api.php, and writes it back to the device. Round 3 cracked in 10 minutes.

What changed in MeshOS v1.3.1 (T-Deck firmware)?

v1.3.1 is Andy's hotfix after v1.3.0 was cracked. The version string is bumped and a few bytes were shuffled, but the Ed25519 verification logic is essentially identical to v1.3.0 — same scheme, same activation flow, same outcome. The community shipped a paired v1.3.1 build in 3 minutes flat — barely enough time to brew tea. The same in-page Web Serial activator works against either v1.3.0 or v1.3.1 community firmware.

What changed in MeshOS v1.3.2 (T-Deck firmware)?

v1.3.2 is round five (T-Deck side). Andy pushed yet another hotfix after v1.3.1 was cracked, but the Ed25519 keypair and verification flow are unchanged — the same in-page activator works against v1.3.0, v1.3.1, and v1.3.2 community firmware without modification. Community paired build was up in 90 seconds. v1.3.2 was the fifth MeshOS release in roughly a week and a half. Round 6, the v1.0.3 Companion APK, then introduced real obfuscation and took about three hours to understand — see the article.html writeup for the full discovery walkthrough.

How do I activate MeshOS v1.3.0 on a T-Deck?

Three steps: (1) flash MeshOS-TDeck-1.3.2.bin from the page using either Andy's own configurator at meshcore.co.uk/configurator/ (irony intended) or any ESP32 web flasher; (2) plug the T-Deck into USB on a desktop browser; (3) click Connect → Get key → Activate in the in-page activator. The activator handles reading the device serial off the console, fetching an activation key from the API, and writing it back. End-to-end: roughly ten seconds.

What changed in MeshOS v1.0.4 (Companion APK)?

v1.0.4 dropped about a day after v1.0.3 and is, on the licensing side, a cosmetic rotation. The obfuscation constant in the read loop was changed to a new value. The EOR was broken into a two-instruction register-loaded form rather than a single-instruction immediate form. The verifier function shifted about ten kilobytes earlier in the binary. The bytes at the public-key pool slot are entirely different from v1.0.3. The signing-cert hash string moved to a new value. However, the underlying Ed25519 keypair was not rotated — applying the new obfuscation transform's inverse to the new pool bytes produces the same public key v1.0.3 used, byte-for-byte. Practical implication: every Ed25519 signature the keygen API has ever produced still verifies under v1.0.4 unchanged. The user-side flow is identical: paste Android ID, generate, paste key, activate. Time to crack: sub-five-minute confirmation diff. v1.0.4 also ships a real fix for the FGS-on-Android-14 race that affected v1.0.3.

What changed in MeshOS v1.0.3 (Companion APK)?

v1.0.3 is the first round that took meaningful analysis time on the community side — about three hours, with two genuine false starts. The Ed25519 verifying public key inside the Dart object pool is XOR-masked with the byte 0x7C, the snapshot backing store was switched from Uint8List to a const integer list so the bytes no longer appear in libapp.so as a contiguous run, and the entire SHA-512 plus Ed25519 verification math was inlined into a single function so there is no separate verify call site to find. The aha moment was the single instruction 'eor x3, x4, #0x7c' in the read loop. The full discovery walkthrough is in the article.html writeup. v1.0.3 was superseded by v1.0.4, which is a cosmetic rotation of the same scheme using the same keypair underneath.

Did the FGS-on-Android-14 crash in v1.0.3 get fixed?

Yes — Andy fixed it in v1.0.4 by adding a retry handler around startForeground that catches the SecurityException, schedules a retry via Handler.postDelayed with exponential backoff (~250 / 500 / 750 / 1000 ms), bounds the retry count, and emits diagnostic logs. It's a thorough fix; more thorough, in fact, than the workaround the community shipped in v1.0.3. If you're on Andy's stock v1.0.4 the crash is gone. Stock v1.0.3 still has it; if you're stuck on v1.0.3 for some reason, the community v1.0.3 build on this page also works around it.

Is the v1.0.4 community keygen open source?

The client side is — drop-in HTML and Python snippets are on the page, and they call a community-hosted API at meshoskey.com/api.php. The server-side keygen logic stays private, by design. The reverse-engineering walkthroughs in article.html (Companion APK rounds 1, 2, 3, 4) and article-tdeck.html (T-Deck rounds 3, 4, 5) document the discovery methodology for each round, including the v1.0.3 XOR-hidden public key and v1.0.4's cosmetic rotation of it. We publish the principle, not the diff.

Why is the MeshOS keygen still hosted? Andy patched it.

Because the patch didn't fix the actual problem. The community's objection isn't to a hash function — it's to a closed companion app trademarking and paywalling features on top of an open-source LoRa mesh protocol the community built. The keygen page comes down when the UKIPO trademark filing is retracted and the team gets a public apology. Until then, every patch ships with a community keygen within days. v1.0.0 to v1.0.2 took five days.

MeshOS Keygen + T-Deck v1.3.2 Activator — Andy Kirby's MeshCore Companion v1.0.4 APK and v1.3.2 LilyGO T-Deck Firmware Bypass (Round 7, v1.0.4 cosmetic rotation of v1.0.3 XOR-hidden Ed25519 public key)

Free, browser-based keygen and Web Serial activator for Andy Kirby's MeshOS / MeshCore companion app and T-Deck firmware. Seven rounds shipped to date. The most recent Companion APK round is v1.0.4 (round 7) — a cosmetic rotation of v1.0.3 that changed the obfuscation constant, broke the EOR into a two-instruction register-loaded form, and shifted the verifier function offset by ~10 KB, but did not rotate the underlying Ed25519 keypair: the actual public key recovered from v1.0.4's pool after applying its new inverse transform is byte-for-byte identical to the public key recovered from v1.0.3 in round 6, meaning every signature the community keygen API has ever produced still verifies under v1.0.4 unchanged. v1.0.4 also ships a real fix for the foreground-service race on Android 14+ that affected v1.0.3, by way of a retry handler around startForeground with exponential backoff and a bounded retry count. Earlier rounds: v1.0.0 Companion APK (djb2 + MCPP keygen, 19 min), v1.0.2 Companion APK (Ed25519, 13 min), v1.3.0 LilyGO T-Deck firmware (Ed25519 + Web Serial activator, 10 min), v1.3.1 T-Deck (cosmetic hotfix, 3 min), v1.3.2 T-Deck (identical scheme, 90 sec), v1.0.3 Companion APK (XOR-masked Ed25519 public key, inlined SHA-512 + Ed25519 verifier, snapshot encoding switched from Uint8List to const integer list so the key bytes no longer appear contiguously in libapp.so, ~3 hours of analysis with two genuine false starts). Two technical writeups, one per attack surface: the Companion APK rounds at article.html (full discovery walkthrough for rounds 3 and 4 expanded; rounds 1 and 2 archived) and the T-Deck firmware rounds at article-tdeck.html (ESP32-S3 firmware reverse-engineering walkthrough). T-Deck firmware targets the LilyGO T-Deck specifically (the only device the firmware writeup applies to); the Companion APK is device-agnostic on the radio side and pairs with any MeshCore-compatible mesh node. The MeshOS licence check, built by Andy Kirby (andymux) after he filed a UKIPO trademark on the open-source MeshCore name, was reverse-engineered from the Flutter AOT libapp.so binary using blutter, Capstone, esptool, and standard Android RE tooling. Page hosts mirrored MeshOS-v1.0.0.apk, MeshOS-v1.0.2.apk, MeshOS-v1.0.3.apk, MeshOS-v1.0.4.apk, MeshOS-TDeck-1.1.8.bin, MeshOS-TDeck-1.3.0.bin, MeshOS-TDeck-1.3.1.bin, and MeshOS-TDeck-1.3.2.bin downloads, two full reverse-engineering writeups, drop-in JavaScript and Python widgets, a Web Serial T-Deck activator widget, and a manifesto on why open hardware deserves open software. Related search terms: MeshOS Andy, MeshOS Andy Kirby, MeshOS v1.0.3, MeshOS v1.0.4, MeshOS v1.3.2, MeshOS T-Deck v1.3.2, MeshOS XOR obfuscation, MeshOS Ed25519 public key, MeshOS cosmetic rotation, MeshOS FGS race, andymux MeshOS, MeshCore Andy Kirby, MeshCore split, MeshCore trademark, MeshCore license, MeshCore licence, T-Deck MeshOS, T-Deck keygen, T-Deck activator, MeshOS crack, MeshOS bypass, MeshOS free, Web Serial MeshOS, Flutter AOT reverse engineering, blutter, Dart object pool, Smi cluster, LEB128, meshoskey.com.

 ███╗   ███╗███████╗███████╗██╗  ██╗ ██████╗ ███████╗
 ████╗ ████║██╔════╝██╔════╝██║  ██║██╔═══██╗██╔════╝
 ██╔████╔██║█████╗  ███████╗███████║██║   ██║███████╗
 ██║╚██╔╝██║██╔══╝  ╚════██║██╔══██║██║   ██║╚════██║
 ██║ ╚═╝ ██║███████╗███████║██║  ██║╚██████╔╝███████║
 ╚═╝     ╚═╝╚══════╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚══════╝
              [ k e y g e n   v 1 . 0 ]

~/meshos/keygen — CRACKED [writeup: apk] [writeup: t-deck] [guestbook] [flasher ↗] [activator ↗]

>> you used AI to vibe-code it. now we just crack it for the lawlz. // r1: 19m · r2: 13m · r3: 10m · r4: 3m · r5: 90s · r6: ~3 hrs · r7: < 5m · r8: ~2 hrs · r9: easier · r10: ✓ confirmed · r11: ✓ confirmed · r12: ✓ confirmed · v1.3.8 cracked — offsets shifted +0x118, every secret value identical to v1.3.6.

▸ The MeshCore Emancipation Notice — click to read the full manifesto, receipts & hashtags

The MeshCore Emancipation Notice

// MeshCore is a community project. A bunch of hackers, radio nerds, tinkerers and digital nomads scattered across the planet, building a LoRa mesh stack in the open because information wants to route around damage and people want to talk without asking permission. It belongs to the community that built it — all of them, collectively, not one person.

Then Andy Kirby quietly filed a trademark on the community's name, quietly vibe-coded a closed "MeshOS" companion on top of the community's work, and quietly bolted a license check tollbooth onto an app built atop a protocol he didn't write alone. The MeshCore team's own public post calls it "an insider team up with a robot and a lawyer." We agree.

Here is the thing about open source, Andy: it isn't yours to fence. You don't get to ride a community's goodwill into a UKIPO filing and a paywall. You don't get to turn "we built this together" into "I own this, pay me." That isn't a pivot. That's a rug pull dressed up as a business model.

And here is the thing about the "license check" you shipped: it is a 32-bit djb2 hash of the device's Android ID, XORed with the four ASCII bytes MCPP, hex-encoded. That's it. Thirty-two bits. Less entropy than a decent ZIP password. A first-year CS student could break it. You used Claude to generate the code. We used Claude to read the code. It took 19 minutes. The receipts are one click away.

We are digital nomads. We carry our laptops across borders that don't matter, we sleep where the wifi is, we ship what we build, and we do not ask permission from men in suits or men with lawyers. We believe in running your own radio. In owning the software on your device. In forking what gets captured. And in never, ever, paying a toll to use a protocol the community built for free.

So here is the keygen. It's free. It's open. It runs in your browser. You can copy the script and host it yourself. You can mirror this page on a Raspberry Pi in a hostel in Chiang Mai. The algorithm is public now and it stays public. No takedown notice reaches a git clone. No cease-and-desist reaches a djb2 loop that fits on a napkin.

>> Free the mesh. Fork the fence. Information wants to route around lawyers.

#OpenSource #RightToRepair #DigitalNomad #LoRa #MeshCore #NoTollbooth

Receipts: official MeshCore statement → blog.meshcore.io/2026/04/23/the-split · reverse-engineering walkthroughs → apk rounds · t-deck firmware rounds

v1.0.7 — Android Companion current ✓ confirmed

round 11 · ~20 min

Andy had weeks this time. He shipped a BLE ↔ LoRa ferry with a five-minute memory and called it a release. Nothing changed on the licence end. Same keypair, same XOR mask, same obfuscated bytes, same cert hash — he just slid the pool and moved the verifier. v1.0.4 community keys still activate v1.0.7. The patch is four bytes instead of one (three early-outs now fire on real input), but it's still bytes. writeup →

📱 MeshOS-v1.0.7.apk arm64-v8a only

~76 MB · community build · pairs with the keygen below · full writeup →

SHA256: ce51a336c69762f773eb85a910e88293c8f08dc32efb487f9c494445e0edf8cf

Download .apk

android id (16 hex chars, from MeshOS > About)

// activation key will appear here

Install steps (only uninstall first if your previous build wasn't from this site)

Uninstall first only if your previous build wasn't from this site. Settings → Apps → MeshOS → Uninstall. Required if you previously had Andy's official paid APK installed — the signing cert is different, Android will refuse to install over it. If you're upgrading from a previous community build (v1.0.3 / v1.0.4 / etc. from this site), skip this step — they all share the same signing cert, the install is a clean upgrade-in-place, and your contacts / chats / settings carry through.
Verify the SHA256 above matches your downloaded file. If a mirror serves different bytes, walk away.
Sideload (Settings → "install unknown apps" toggle for your browser).
Open MeshOS → About → copy the Android ID (16 hex, like C2FB558FDDD94ACA).
Paste it above → Generate → copy the activation key.
Paste the key into MeshOS → License screen. Done.

// Heads-up: v1.0.7 uses the same community keypair as v1.0.4. If you had a working key from a v1.0.4 community build, that key will still activate v1.0.7 — no regen needed. The API automatically picks the right keypair when you generate a fresh one too.

// arm64-v8a only: the stock v1.0.7 ships three ABIs (arm64-v8a, armeabi-v7a, x86_64) and our build strips the other two. Any Android device made in the last six years is arm64-v8a, so this should be everyone. If your device refuses to install with "package not compatible", it's a 32-bit ARMv7 or x86 build and we don't have a binary for you.

1 → Flasher 2 → Activator desktop Chrome / Edge · Web Serial

⚠ Use our flasher only. Andy's configurator, the generic esptool web tool, and esptool-CLI defaults all leave cached licence state in NVS; the tamper canary (still present, still unchanged from v1.3.6) bricks devices that boot with it. Our flasher wipes the right partition automatically.

💾 MeshOS-TDeck-1.3.8.bin merged image

~2.4 MB · bootloader + partition table + empty NVS + patched app, ready for offset 0x0.

SHA256: cadcec8e881779c10e206088c6d07e3a1435dffe4af6b78ef4147b271cf2e0c0

Download .bin

Flash steps (one click in your browser, no esptool install, no Andy's configurator)

// Easiest path: two pages, two clicks. flasher.php writes the firmware, then activator.php activates it. Both run entirely in the browser — no native tools, no upload to a third party. The flasher includes an optional eFuse check, a "wipe NVS only" mode (preserves contacts / identity / history), and a "full erase" option if you want a clean slate.

Open flasher.php in desktop Chrome or Edge.
Plug the T-Deck into USB. On Windows, install the CP210x or CH340 driver if the COM port doesn't appear.
Click Connect, pick the T-Deck's port. The page auto-detects the ESP32-S3, drops it into download mode, fetches the merged image, writes it at offset 0x0, and resets the device.
When the flasher reports done, open activator.php (the flasher will show a link to it). Click Connect, then Get key → Activate.

// If you previously had Andy's stock firmware (or any prior v1.3.x) activated: the default "NVS only" wipe mode in the flasher overwrites the cached-licence partition with empty state, so the legacy key is gone by the time the patched firmware boots. Mesh identity, contacts and message history live in a different partition and survive the flash untouched. No separate erase-flash needed.

Advanced — command-line equivalent (not recommended; for power users who already know what they're doing)

⚠ Seriously, just use our flasher. It handles the NVS wipe + offset correctly without you having to think about it. The command below works if you really know what you're doing, but the surgical-NVS-wipe mode in our flasher is what's been tested on real hardware; anything else and you're on your own to debug "says activated but isn't" or boot-loop symptoms.

Hold BOOT, tap RESET, release BOOT — puts the ESP32-S3 into download mode.
Flash with esptool: esptool --chip esp32s3 --port COMx write-flash 0x0 MeshOS-TDeck-1.3.8.bin (replace COMx with your port; on Linux/Mac it's /dev/ttyUSB0 or /dev/cu.usbserial-*). esptool erases each sector it's about to write to before writing, so the merged image's empty-NVS region wipes the cached licence on the same operation. If you previously had a stock build activated and skip this step, the periodic tamper check (carried over unchanged from v1.3.6) will brick the device on you within minutes.

> Activator (Web Serial)

status: disconnected

device key:—

activation:—

// Requires desktop Chrome or Edge over HTTPS. Plug the T-Deck in, click Connect, then Get key → Activate. The activation logic stays server-side.

Drop-in widgets — embed the keygen / activator on your own site

// Self-contained snippets you can paste into any HTML page. All call the public https://meshoskey.com/api.php; pointing them at your own mirror is a one-line change. Each widget below tags which target it works with.

v1.0.2 keygen widget — HTML + JS companion v1.0.2

// For the Android Companion APK (v1.0.2). User pastes the 16-char Android ID, widget fetches an activation key from the API and shows it. Standalone HTML + JS, no dependencies.

⚠ Requires the community build: Andy's official APK won't accept keys from this API. Users need MeshOS-v1.0.4.apk (mirrored on this page, also linked from meshoskey.com/#v1-0-4). When you embed the widget elsewhere, link the APK alongside it.

<!-- MeshOS v1.0.2 keygen -- drop-in widget. -->
<div id="meshos-keygen-v2" style="font-family:monospace;max-width:480px;padding:1rem;background:#0a0f0a;color:#c8ffcf;border:1px solid #ff5577;border-radius:4px;">
  <div style="color:#ff5577;margin-bottom:0.5rem;font-size:0.85rem;letter-spacing:0.1em;">MESHOS KEYGEN · v1.0.2</div>
  <input id="mk2-in" type="text" maxlength="32" placeholder="android id (16 hex chars)"
         style="width:100%;padding:0.5rem;background:#000;color:#ff5577;border:1px solid #1a2a1a;font-family:inherit;box-sizing:border-box;" />
  <button id="mk2-go"
          style="margin-top:0.5rem;width:100%;padding:0.5rem;background:transparent;color:#ff5577;border:1px solid #ff5577;font-family:inherit;cursor:pointer;letter-spacing:0.1em;">GENERATE</button>
  <textarea id="mk2-out" readonly
            style="margin-top:0.75rem;width:100%;min-height:90px;padding:0.5rem;background:#000;color:#ff5577;border:1px solid #1a2a1a;font-family:inherit;box-sizing:border-box;word-break:break-all;"></textarea>
</div>
<script>
(function(){
  var API = 'https://meshoskey.com/api.php';
  var i = document.getElementById('mk2-in'),
      b = document.getElementById('mk2-go'),
      o = document.getElementById('mk2-out');
  async function run(){
    var v = i.value.trim().replace(/[^a-fA-F0-9]/g, '').toUpperCase();
    if (v.length < 8) { o.value = '// id must be at least 8 hex chars'; return; }
    o.value = '// fetching key...';
    try {
      var r = await fetch(API, {
        method: 'POST', headers: { 'Accept': 'application/json' },
        body: new URLSearchParams({ android_id: v, keypair: 'v2' })
      });
      var j = await r.json();
      o.value = j.key || j.license || j.signature || ('// error: ' + r.status);
    } catch (e) { o.value = '// network error: ' + e.message; }
  }
  b.addEventListener('click', run);
  i.addEventListener('keydown', function(e){ if (e.key === 'Enter') run(); });
})();
</script>

T-Deck activator widget — HTML + Web Serial t-deck v1.3.0

// For the T-Deck Firmware (v1.3.0). Drop into any HTTPS page (or localhost). Connects to the T-Deck over USB serial, fetches an activation key from the API, writes it back to the device. ~30 lines, no dependencies.

⚠ Requires the community firmware: stock MeshOS won't accept keys from this API. Users need to flash MeshOS-TDeck-1.3.2.bin first (mirrored on this page, see flashing steps at meshoskey.com/#tdeck-1-3-0). When you embed the widget elsewhere, link the firmware alongside it.

<!-- MeshOS T-Deck activator -- drop-in. Requires desktop Chrome/Edge over HTTPS. -->
<!-- Same approach Andy's serial-cli.js uses for MeshOS terminals: write, settle, parse. -->
<div id="ta-w" style="font-family:monospace;max-width:560px;padding:1rem;background:#0a0f0a;color:#c8ffcf;border:1px solid #00d4ff;border-radius:4px;">
  <div style="color:#00d4ff;margin-bottom:0.5rem;font-size:0.85rem;letter-spacing:0.1em;">T-DECK ACTIVATOR</div>
  <button id="ta-c">Connect</button>
  <button id="ta-g" disabled>Get key</button>
  <button id="ta-a" disabled>Activate</button>
  <pre id="ta-l" style="margin-top:0.5rem;background:#000;padding:0.5rem;color:#6aa972;font-size:0.78rem;max-height:180px;overflow:auto;"></pre>
</div>
<script>
(function(){
  var API='https://meshoskey.com/api.php';
  var port=null,reader=null,writer=null,buf='',devkey='',sig='';
  var td=new TextDecoder(),te=new TextEncoder();
  var $=function(id){return document.getElementById(id);};
  function log(t,c){var s=document.createElement('span');if(c)s.style.color=c;s.textContent=t+'\n';$('ta-l').appendChild(s);$('ta-l').scrollTop=9e9;}
  async function readLoop(){try{while(reader){var r=await reader.read();if(r.done)break;buf+=td.decode(r.value,{stream:true});}}catch(e){}}
  // matches Andy's sendRawCommand: settle 400ms quiet, max 3000ms total
  async function send(cmd){buf='';log('> '+cmd,'#00d4ff');await writer.write(te.encode(cmd+'\r\n'));var t=Date.now(),lc=0,lt=t;while(Date.now()-t<3000){await new Promise(r=>setTimeout(r,50));if(buf.length!==lc){lc=buf.length;lt=Date.now();}else if(lc>0&&Date.now()-lt>400)break;}return buf;}
  $('ta-c').onclick=async function(){try{port=await navigator.serial.requestPort({});await port.open({baudRate:115200});reader=port.readable.getReader();writer=port.writable.getWriter();readLoop();log('connected','#39ff7c');$('ta-g').disabled=false;}catch(e){log('connect failed: '+e.message,'#ff5577');}};
  $('ta-g').onclick=async function(){try{
    var r=await send('/license show');
    var m=r.replace(/\x1B\[[0-?]*[ -\/]*[@-~]/g,'').match(/Device\s*serial:?\s*([0-9a-fA-F]{8,64})/i);
    if(!m)throw new Error('no device key in response');
    devkey=m[1].toUpperCase();log('device key: '+devkey,'#39ff7c');
    var resp;
    try{
      resp=await fetch(API,{method:'POST',mode:'cors',headers:{'Accept':'application/json'},body:new URLSearchParams({android_id:devkey,keypair:'v2'})});
    }catch(ne){throw new Error('fetch blocked — '+(ne.message||ne)+' (likely CORS / file:// origin / extension; open devtools Network for details)');}
    var txt=await resp.text(),j=null;try{j=JSON.parse(txt);}catch(_){}
    sig=j&&(j.key||j.license||j.signature);
    if(!sig)throw new Error('api '+resp.status+': '+(txt||'(empty)').slice(0,160));
    log('activation: '+sig,'#39ff7c');$('ta-a').disabled=false;
  }catch(e){log('get key failed: '+e.message,'#ff5577');}};
  $('ta-a').onclick=async function(){try{await send('/license set '+sig);log('activation sent','#39ff7c');}catch(e){log('activate failed: '+e.message,'#ff5577');}};
})();
</script>

keygen — Python (stdlib) companion v1.0.2 t-deck v1.3.0

// CLI script that prompts for any device id (8–64 hex chars) and prints the activation key from the API. Works for both the Android Companion (v1.0.2) and the T-Deck (v1.3.0) — same endpoint accepts both shapes. Stdlib only.

⚠ Pair with the community builds: the keys this script returns only validate against the community APK / firmware: MeshOS-v1.0.4.apk and MeshOS-TDeck-1.3.2.bin. Stock builds will reject them.

#!/usr/bin/env python3
# MeshOS keygen -- prompts for device id, fetches activation key from the community API.
import json, re, sys, urllib.parse, urllib.request

API = "https://meshoskey.com/api.php"

def fetch_key(device_id: str) -> str:
    aid = re.sub(r'[^a-fA-F0-9]', '', device_id).upper()
    if not (8 <= len(aid) <= 64):
        raise ValueError("device id must be 8-64 hex chars")
    body = urllib.parse.urlencode({"android_id": aid, "keypair": "v2"}).encode()
    req = urllib.request.Request(API, data=body, headers={"Accept": "application/json"})
    with urllib.request.urlopen(req, timeout=15) as r:
        payload = json.loads(r.read().decode())
    return payload.get("key") or payload.get("license") or ""

if __name__ == "__main__":
    aid = input("Device ID: ").strip()
    print(fetch_key(aid))

Older versions archive

// Kept here for completeness. If you have a v1.0.0 APK or a v1.1.8 T-Deck install, you can still use these. Otherwise use the current versions above.

v1.0.0 — offline djb2 keygen (Android v1.0.0 APK + T-Deck v1.1.8 firmware)

// Andy's original release. License is a 32-bit djb2 hash, masked with MCPP. Pure offline keygen — runs in your browser, never touches a server.

// Works for both: the Android v1.0.0 APK (input: 16-char Android ID) and the T-Deck v1.1.8 firmware (input: 12-char uppercase MAC). Same algorithm, just different input shape.

📱 MeshOS-v1.0.0.apk

~76 MB · original v1.0.0 · djb2 license

SHA256: fa4c20a51cd85e940d1f2f2758188db63bf3b5aa0690f5911a3feaebb4075e35

Download v1.0.0

enter the android id / device id shown in the app

// your license key will appear here

v1.0.0 keygen widget — HTML + JS (offline) companion v1.0.0 t-deck v1.1.8

// Pure offline widget — runs in the browser, never touches a server. Pairs with the Android Companion v1.0.0 APK and the T-Deck v1.1.8 firmware (both use the same djb2 algorithm).

⚠ Older stock builds: Andy's original MeshOS-v1.0.0.apk and MeshOS-TDeck-1.1.8.bin — these accept the offline djb2 keys directly. For current versions, use the v1.0.2 / v1.3.0 widgets above.

<!-- MeshOS v1.0.0 keygen -- offline djb2. -->
<div id="meshos-keygen" style="font-family:monospace;max-width:420px;padding:1rem;background:#0a0f0a;color:#c8ffcf;border:1px solid #39ff7c;border-radius:4px;">
  <div style="color:#39ff7c;margin-bottom:0.5rem;font-size:0.85rem;letter-spacing:0.1em;">MESHOS KEYGEN · v1.0.0</div>
  <input id="mk-in" type="text" placeholder="android id / device id"
         style="width:100%;padding:0.5rem;background:#000;color:#39ff7c;border:1px solid #1a2a1a;font-family:inherit;box-sizing:border-box;" />
  <button id="mk-go"
          style="margin-top:0.5rem;width:100%;padding:0.5rem;background:transparent;color:#39ff7c;border:1px solid #39ff7c;font-family:inherit;cursor:pointer;letter-spacing:0.1em;">GENERATE</button>
  <div id="mk-out"
       style="margin-top:0.75rem;padding:0.5rem;background:#000;min-height:1.5rem;text-align:center;letter-spacing:0.2em;color:#39ff7c;"></div>
</div>
<script>
(function(){
  function gen(id){
    var s=id.replace(/[:\- \\]/g,''),h=0;
    for(var i=0;i<s.length;i++)h=(h*33+s.charCodeAt(i))>>>0;
    var b=[((h>>>24)&0xFF)^0x4D,((h>>>16)&0xFF)^0x43,((h>>>8)&0xFF)^0x50,(h&0xFF)^0x50];
    return b.map(function(x){return x.toString(16).padStart(2,'0');}).join('');
  }
  var i=document.getElementById('mk-in'),b=document.getElementById('mk-go'),o=document.getElementById('mk-out');
  function run(){var v=i.value.trim();o.textContent=v?gen(v):'// enter an id';}
  b.addEventListener('click',run);i.addEventListener('keydown',function(e){if(e.key==='Enter')run();});
})();
</script>

v1.0.0 keygen — Python (offline) companion v1.0.0 t-deck v1.1.8

// Pure offline CLI — computes the djb2 + MCPP key locally with no network. Works for both the Android Companion v1.0.0 APK and the T-Deck v1.1.8 firmware.

⚠ Older stock builds: pair with MeshOS-v1.0.0.apk or MeshOS-TDeck-1.1.8.bin. For current versions, use the v1.0.2 / v1.3.0 Python script above.

#!/usr/bin/env python3
# v1.0.0 keygen -- offline djb2 + MCPP mask.
import re

def generate_key(device_id: str) -> str:
    s = re.sub(r'[:\- ]', '', device_id)
    h = 0
    for ch in s:
        h = (h * 33 + ord(ch)) & 0xFFFFFFFF
    b0 = ((h >> 24) & 0xFF) ^ 0x4D
    b1 = ((h >> 16) & 0xFF) ^ 0x43
    b2 = ((h >> 8)  & 0xFF) ^ 0x50
    b3 = ( h        & 0xFF) ^ 0x50
    return f"{b0:02x}{b1:02x}{b2:02x}{b3:02x}"

if __name__ == "__main__":
    print(generate_key(input("Device ID: ").strip()))

v1.0.4 — Android Companion APK (superseded by v1.0.7, same keypair)

// Round 7. Cosmetic rotation of v1.0.3 — new XOR constant, register-form EOR, verifier offset shifted ~10 KB. Same Ed25519 keypair as v1.0.3 (and v1.0.7); keys generated against v1.0.4 still activate v1.0.7 and vice versa. Also the round that shipped a real fix for the foreground-service crash on Android 14+. Hosted for completeness; if you want the current build use v1.0.7 above.

📱 MeshOS-v1.0.4.apk

~34 MB · Companion APK (round 7, superseded). Compatible with v1.0.7 community keys.

SHA256: f009f49ceabce4878c4bc5553deaeb1669a5aad71d2019854976a0ce7e09b9be

Download .apk

v1.0.3 — Android Companion APK (superseded by v1.0.4, same Ed25519 family — in fact the same keypair)

// The round that took real work. XOR-obfuscated public key, inlined verifier, snapshot encoding change. About three hours of analysis. v1.0.4 was a cosmetic rotation of this build — the actual Ed25519 keypair was not rotated, so this build's activation keys are byte-for-byte interchangeable with v1.0.4's and v1.0.7's. Hosted for completeness; if you want the current build use v1.0.7 above.

📱 MeshOS-v1.0.3.apk

~34 MB · Companion APK (round 6, superseded). FGS race not fixed in this build.

SHA256: 1c4808887eac0a9cf02ab268fc958ecc04750d5f5fff88e8c88ad7eaf0d77149

Download .apk

v1.0.2 — Android Companion APK (superseded by v1.0.3, same Ed25519 family)

// Andy's previous Companion APK. First Ed25519 round, easier than v1.0.3 because the public key was stored as a Uint8List (contiguous byte run in the snapshot, no XOR). Cracked in 13 minutes. Hosted here for completeness; if you want the current activator flow use v1.0.4 above.

📱 MeshOS-v1.0.2.apk

~77 MB · Companion APK (round 2, superseded)

SHA256: 15e931e67f1e865964fb934b7bca9ae6d254157b55586f512a7c5e24c512bfd4

Download .apk

v1.3.6 — T-Deck Firmware (superseded by v1.3.8, same keypair, same SEAL, same canary)

// Round 10. The build that introduced the random-binary SEAL, the new XOR masks (0xA9 / 0xB4 / 0x14), and the periodic integrity check with the off-curve-R tamper canary. v1.3.8 is byte-identical in every secret value — same SEAL, same masks, same canary signature, same pubkey storage shape. Only the offsets moved. Keys generated against v1.3.6 still activate v1.3.8. Hosted for completeness; use v1.3.8 above for the current build.

💾 MeshOS-TDeck-1.3.6.bin

~2.4 MB · T-Deck firmware (round 10, superseded) · uses keypair v2

SHA256: 99d4bc0fd6c06e00b3e912cc43ec1210cdee9869fe74ac10c5e16d14aabc4cac

Download .bin

v1.3.5 — T-Deck Firmware (superseded by v1.3.6, same keypair)

// Round 9. Compiler-driven repack of v1.3.4 with the secrets (pubkey, SEAL, XOR keys) unchanged — five anchors still, same shape underneath. Keys generated against v1.3.5 are interchangeable with v1.3.8 (all v1.3.4+ T-Deck builds share keypair v2). Hosted for completeness; use v1.3.8 above for the current build.

💾 MeshOS-TDeck-1.3.5.bin

~2.4 MB · T-Deck firmware (round 9, superseded) · uses keypair v2

SHA256: d4d876372409e852f170100d22824d41fa225717ac4b7f2920831aeb4eaf4554

Download .bin

v1.3.4 — T-Deck Firmware (RETIRED — never fully stabilised before v1.3.5 shipped)

// Round 8. Hardest T-Deck round so far — five anchors, dual-verifier, SHA-256 anti-tamper magic, three-strike reboot path. The patched build activated cleanly but we ran into intermittent crashes in normal use that we never fully diagnosed before v1.3.5 shipped and rendered v1.3.4 obsolete. We did not patch v1.3.4 to a clean-room production-ready state in time. Use v1.3.6 above. v1.3.4 is kept here only for archive reference.

💾 MeshOS-TDeck-1.3.4.bin (retired)

~2.4 MB · T-Deck firmware (round 8, retired) · uses keypair v2

SHA256: 461ad30c16afe1dec19d1b3049a5c6dfd6d8ad8607c8e0c3992e2eda80610aef

Download .bin

v1.3.2 — T-Deck Firmware (superseded by v1.3.4, legacy keypair)

// Round 5. Same Ed25519 scheme as v1.3.0/v1.3.1, cracked in 90 seconds — "kettle didn't boil". Keys generated against this build use the legacy keypair (v1) and are not interchangeable with v1.3.8. Hosted for completeness; if you want the current build use v1.3.8 above.

💾 MeshOS-TDeck-1.3.2.bin

~2.3 MB · T-Deck firmware (round 5, superseded)

SHA256: 8eae00eb514efa56cb13c479a12d109c2b05746684577b008b605e86d8f33145

Download .bin

v1.3.1 — T-Deck Firmware (superseded by v1.3.2, identical activation flow)

// One of five hotfixes Andy shipped in a single week. Same Ed25519 keypair, same activator, same flow. Hosted for completeness.

💾 MeshOS-TDeck-1.3.1.bin

~2.3 MB · T-Deck firmware (round 4, superseded)

SHA256: 23231ffc76f3b8fd46255e5aeccb995cb97109314abe8bde0a9188e1f4ab7e33

Download .bin

v1.3.0 — T-Deck Firmware (round 3 of 5+, identical activation flow)

// Superseded by v1.3.1 (above). Same Ed25519 keypair, same Web Serial activator, same flow. Hosted here for completeness in case anyone wants to compare bytes.

💾 MeshOS-TDeck-1.3.0.bin

~2.3 MB · T-Deck firmware (round 3, superseded)

SHA256: 51fb2cae52d7efedf19d2bd6aa88f42373c9d3fa90139862d4f918aff37e522b

Download .bin

v1.1.8 — T-Deck Firmware (older release, uses v1.0.0 keygen)

// Older T-Deck firmware. The newer v1.3.0 above supersedes this. Hosted for completeness.

// Activation: this build uses the same djb2 license check as the v1.0.0 Android APK. Use the v1.0.0 offline keygen above — input the device's MAC (12 hex chars, uppercase, no separators) instead of an Android ID, and you get the activation key directly. Pure offline, no API needed.

💾 MeshOS-TDeck-1.1.8.bin

~2.3 MB · T-Deck firmware (older) · pairs with the v1.0.0 keygen

Download .bin

> writeups: article.html (APK rounds 1 & 2 — Flutter AOT, djb2, Ed25519 public-key swap) · article-tdeck.html (T-Deck firmware rounds 3, 4, 5 — ESP32-S3, libsodium, Web Serial activator)

MeshOS Keygen + T-Deck v1.3.2 Activator — Andy Kirby's MeshCore Companion v1.0.4 APK and v1.3.2 LilyGO T-Deck Firmware Bypass (Round 7, v1.0.4 cosmetic rotation of v1.0.3 XOR-hidden Ed25519 public key)

The MeshCore Emancipation Notice

v1.0.7 — Android Companion current ✓ confirmed

v1.3.8 — T-Deck Firmware current ✓ confirmed

> Activator (Web Serial)