Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

6Mar/170

Free in flight Wifi

For the last year and a half I have been flying back and forth between Sweden and San Francisco. Most of the airlines I fly have in flight Wifi for a cost. Usually I think it's pretty reasonable money for the 11 hours or so I get a connection. But when ever I get bored I need a challenge and I have found several ways to get around the payment wall.

Most airlines are pretty bad at blocking things like SSH proxy's on unexpected ports or DNS tunneling. I realize that most people don't know how to do that or have a linux box around that responds to SSH on all different kind of ports. There is a few other tricks you can do as well.

Last time I flow from San Francisco to Frankfurt I found that I could either pay or login with my account. Since I had an  account since before I opted for the "Reset my password" link  and entered my e-mail. How would I be able to get my password? Didn't have any internet connection yet. Would they unblock the common ports for e-mail apps? No they unblocked everything for 20 minutes. Enough for me to download an audio book and chat with my wife on Skype. Then it blocked again...

But I forgot to download my password, right... So I did a reset again and chatted with my wife for another 20 minutes for free. Third time it directed me to call customer support but at least I got 40 minutes of free internet. After getting back to Sweden I Googled it, I couldn't have been the only one that found this, right?

Didn't find as much info as I thought I would on different travel forums that I frequent but there were a few posts. One similar to mine is this one GENIUS FLIGHT HACK: Free Wi-Fi on US Air, AA, Delta, and More! It's basicly the same principal but for downloading the airline app instead.

So if you just want to check something quickly or download something to listen to this is an easy way to get around the payment firewall. From a legal point of view I can't really see any issues since they allow you any type of internet access after sending the "Reset my password" form. Their mistake is to open up all ports instead of just e-mail ports and browsing to the most common webmails.

20Apr/160

Raspberry Pi: Wifi AP-client

You have a wifi connection but need an Ethernet connection or need to share it with several computers over Ethernet? That can be easily accomplished with a Raspberry Pi. Sometimes I need two different internet connection for testing different setups. In addition to my own internet connection there is community wifi in public areas in my apartment complex. Since I live right my the pool I can connect to that wifi at my window. To make it easy to use I wanted a router that I could use as my default gateway on any computer or server to access the secondary internet connection. To accomplish this I used a Raspberry Pi 2 with the latest version of Raspian.

Basic setup

I presume that people interesting in doing this kind of setup have the basic knowledge in setting up the Raspberry Pi, like expanding the file system and setting the root password. There are enough guides out there so I'm not going to cover that in this post. Instead we jump right into configuring the wifi. If you use a Raspberry Pi 3 you can use the built in wifi but this guide will work with any Raspberry Pi compatible dongle. Depending on the distance and quality of the signal you might need to opt for one with a better antenna.

If we run cat /etc/network/interfaces we can see that wlan0 refers to /etc/wpa_supplicant/wpa_supplicant.conf for configuration. So let's go ahead and edit that configuration file with sudo nano /etc/wpa_supplicant/wpa_supplicant.conf. The contents looks something like this:

country=GB
 ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
 update_config=1

You can change the country to where ever you are but in most cases you can just leave it be. Some countries use different channels and might need additional configuration. I went with the basic GB even though I'm in the US and it works fine. Then we need to add the configuration for our network, just append it at the end. This guide is for a WPA2 secured network and you should not use anything else for security reasons.

network={
    ssid="xxxxxx"
    psk="xxxxxx"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP
    auth_alg=OPEN
}

Here is a basic outline of what these parameters are for:

SSID - Name of the network you want to connect to.
PSK - Password for the network.
PROTO - RSN = WPA2, WPA = WPA1.
KEY_MGMT - WPA-PSK = Preshared key (regular wifi password setup), WPA-EAP = Authentication via enterprise authentication server.
PAIRWISE - CCMP = AES cipher (WPA2), TKIP = TKIP cipher (WPA1).
AUTH_ALG - OPEN = WPA2

Save that file and exit nano, now we can restart the connection and see that it works.

sudo wpa_action wlan0 stop
sudo ifup wlan0

It will take a while for the DHCP to finish. Then we can check the status in with sudo wpa_cli status. Now we want to make sure that the Raspberry Pi actually uses the internet connection from the wifi and not the local one. Also I want a static ip-address on the Raspberry Pi since it's going to be a router. In raspbian jessie this can't be done from /etc/network/interfaces anymore so we need to add these two lines to /etc/dhcpcd.conf.

interface eth0
static ip_address=192.168.0.2/24

This will make the IP-address 192.168.0.2, subnet mask will be 255.255.255.0 and the lack of default gateway will route all internet traffic over the wifi. I also disable ipv6 since my internal network uses that and I don't want any traffic to spill over that connection. sudo nano /etc/sysctl.conf and add this line at the end:

net.ipv6.conf.all.disable_ipv6 = 1

Then reload the settings and reboot the Raspberry Pi to get the new network settings.

sudo sysctl -p
sudo reboot

Setup forwarding

After reconnecting to the new ip-address we need to enable forwarding. sudo nano /etc/sysctl.conf again and add this line:

nnet.ipv4.ip_forward = 1

And then reload the settings

sudo sysctl -p

Configure IPtables

Then we need to setup iptables to take care of forwarding, NAT and also security.

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Setup NAT from internal network (eth0) out onto the wifi (wlan0).

sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

Allow all traffic from inside to outside.

sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT[/bash]

Allow all established connection back in (let the response through).

sudo iptables -A INPUT -i lo -j ACCEPT

Allow loopback traffic. This is very important otherwise some services will not work on the Raspberry Pi.

sudo iptables -A INPUT -i eth0 -p icmp -j ACCEPT

Allow ping from the local network.

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

Allow SSH from internal network.

sudo iptables -A INPUT -i eth0 -p tcp --dport 10000 -j ACCEPT

Allow webmin from local network (see below).

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow responses to traffic we initialized.

sudo iptables -P FORWARD DROP
sudo iptables -P INPUT DROP

Lock it down, disallowing all traffic we didn't specify above

sudo apt-get install iptables-persistent
sudo systemctl enable netfilter-persistent

We make the iptable rules we just added persistent after reboot, just answer yes on the questions in the install. The second command will make it persistent after reboot. If you change any iptable rules after this just run the command below to save them. A reference to iptables can be found here http://ipset.netfilter.org/iptables.man.html

sudo netfilter-persistent save

Now our new router is ready to rock! Just change the local clients default gateway to 192.168.0.2 and you will go out to the internet over the new connection.

Install additional packages

Since I'm going to use this for testing purposes I want quick access to config of iptables for example. For this I want to install webmin which is a web based UI for configuring different services on Linux systems. First we need to add the webmin repository to our sources list, so sudo nano /etc/apt/sources.list and add these two lines at the end.

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

Install the repository key so the packages can be verified.

wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc

Then update and install.

sudo apt-get update
sudo apt-get install webmin

Now you can browse to https://192.168.0.2:10000 and login with your pi account. There are extensive documentation for this software online so I'm not going deeper into it in this post but it's an easy way to change the configuration of your box without the need to SSH into it each time. I also want speedtest-cli installed so I can test the speed of the connection. It's just a CLI implementation of the speedtest.net website so you can test the connection speed.

install speedtest-cli for testing as well

 

5Apr/160

Comcast Xfinity: Disable XfinityWiFi

Never liked the additional SSID xfinitywifi that my Comcast router broadcasts. What ever Comcast writes on their site of course it effects my bandwidth and my overall wifi performance. If you login to your customer pages at xfinity.com there is an option to disable it (outlined here). I also disabled my own wifi since the 2.4Ghz band is way to crowded where I live but still the wifi radio is running in the router and quite frankly I don't trust Comcast on this issue. So why not just disable it all together and especially if your not using it? If you are still using any $50 wifi router will give you much better performance so just use that instead!
Continue reading...