feat: add hashtag channel discovery tool

[Kpa-clawbot]

Channel Discovery Tool

Brute-force discovery of MeshCore hashtag channel names from captured GRP_TXT packets.

How it works

MeshCore hashtag channels derive encryption keys from SHA256("#channelname")[:16]. The channelHash in each packet is SHA256(key)[0] — a 1-byte fingerprint. This tool exploits this by:

1. Extracting undecrypted GRP_TXT packets from a CoreScope SQLite DB
2. Generating candidate #channel names from a 480+ word built-in wordlist
3. Filtering by channelHash match (1/256 false positive rate — fast pre-filter)
4. Verifying via full HMAC-SHA256 MAC check + AES-128-ECB decryption
5. Validating decrypted plaintext is printable UTF-8 with valid timestamp

CLI

channel-discover -db meshcore.db                      # scan DB
channel-discover -db meshcore.db -wordlist words.txt   # custom wordlist
channel-discover -db meshcore.db -name "#myguess"      # test single name
channel-discover -db meshcore.db -verbose              # show progress
channel-discover -db meshcore.db -json                 # JSON output

Sample output

$ channel-discover -db e2e-fixture.db -verbose
Found 85 undecrypted GRP_TXT packets across 17 unique channel hashes
  channelHash 0x93: 10 packets
  channelHash 0xC3: 26 packets
  channelHash 0x6E: 14 packets
  ...

Generated 480 candidate channel names
Hash precompute: 480 candidates → 35 hash matches (0.2 ms)

Channel Discovery Results
========================
Database: e2e-fixture.db
Undecrypted packets: 85 (17 unique channel hashes)
Candidates tested: 480
Hash matches: 35 (filtered by 1-byte channelHash)
Decryption attempts: 213
Time: 0.7 ms (678560 candidates/sec)

(No channels discovered against the fixture DB since those use custom names not in the default wordlist — the tool is designed to work against real-world deployments where common names like #general, #cascadia, etc. are likely.)

Performance

~680K candidates/sec on ARM. SHA256 + AES for each candidate is extremely cheap. A million-word wordlist would complete in ~1.5 seconds.

Built-in wordlist categories (480+ words)

• Mesh/radio terms (test, general, repeater, beacon, etc.)
• PNW/Cascadia locations (seattle, cascadia, rainier, etc.)
• US states and cities
• Tech/hacker terms
• Outdoor/prepper terms
• HAM radio brands and modes
• Common short words and patterns

Implementation notes

• Reuses the same HMAC-SHA256 + AES-128-ECB crypto from cmd/ingestor/decoder.go
• Standalone Go module with no dependencies beyond go-sqlite3
• Includes unit tests for key derivation, hash computation, and decryption validation

Implements channel discovery tool.