I don't have internet, argh!

The things a person would do for WiFi

Running airmon learns me that there are 20+ discoverable networks in the neighbourhood. Too bad that they're all WPA2-protected, of VERY poor signal strength, and have no detectable associated clients. People in France have some special modemrouters that are called livebox'es and freebox'es. They are WPA2 protected by default with insane passwords like 9997AD9E3E13A6DD79E6C77241. This is a 26-character hex string: it makes me wonder if this password is some sort of hash of a few customer specific properties (eg. client ID) rather than being randomly generated. Anyhow, even if I manage to capture a WPA handshake, I would still need a dictionary with 16^26 entries (4.36e+22) in order to crack it succesfully (provided that that person hasn't changed the login). Hypothetically of course, because WiFi hacking is illegal.

Mind you: of course I went knocking next door, but I couldn't find someone with an AP that is reachable by me. Except for Bart's ...  strangely I'm still able to capture his WiFi although he lives in a different wing of the residence... And by "being able to capture" I mean taking the laptop in my hands, go stand at the doorstep about 6 meters away from my desk, and tilt it in the right direction.

Don't throw away old hardware

When it comes to technical devices, I'm a hoarder. It might be the only good explanation why I brought my old HTC HD2, my old Nokia 3120c, a Raspberry Pi, and an old D-link DI-524 with me to France. Knowing that I can capture WiFi at the doorstep, I was thinking how I could use all of those things to make some sort of WiFi repeater so I could access Bart's internet at my desk.

I tried a few setups:

WiFi → HD2 → Bluetooth → Laptop

The HTC HD2 captures the WiFi signal at the doorstep, and has a bluetooth DUN server running (BlueDUN). I would then be able to connect my laptop using bluetooth to the HD2. Sadly the desk was too far away for bluetooth to work fast and reliable.

WiFi → HD2 → USB → Raspberry Pi → Ethernet → DI-524 → WiFi → Laptop

The HTC HD2 captures the WiFi signal at the doorstep, is connected via USB to the Raspberry Pi. Then the Raspberry Pi is connected via Ethernet to the old D-link router, which I will connect to via WiFi. Sadly the old D-link router didn't appear to work anymore (it sort of did until I put it in a different subnet, but now all of a sudden it won't boot anymore, can't be reset anymore, and basically turned into a piece of garbage).

Since the DI-524 was dead, I connected the Raspi directly to my laptop via Ethernet. Now how does this setup work?

WiFi → HD2 → USB → Raspberry Pi → Ethernet → Laptop

Setting up the devices

The HTC HD2 still had a WP7 ROM on it. Since I know my way a bit better with Android, I flashed it a NAND ROM called "Sense of Eclipse".

After booting it up, native USB tethering seemed to be not working.

I tried a  different approach: a tool called Azilink, which is basically an implementation of an OpenVPN server for Android. I would have to run the OpenVPN client on my laptop, while tunneling the connection through the RasPi. The RasPI needed an ARM-compiled version of the Android debugging tool "adb" (you may find a precompiled binary at XDA). Surprisingly, the RasPi had no trouble recognizing the USB device, and I was able to forward the tcp ports. Sadly Azilink crashed each time after succesfully tunneling a few 100 bytes.  Their bugtracker on google code is full of messages, but they all remained unanswered.

So for a few days I had a working solution:

On the HD2, there was a SOCKS proxy server running on port 5555. Again with the adb-tool from XDA, I executed "adb forward tcp:5555 tcp:5555". This would make the proxy server port locally available on the Raspberry Pi on port 5555. I was now able to connect from my laptop using SSH "ssh -L5555:localhost:5555". Now all that is left, is making the browser use the SOCKS server at localhost port 5555.

Using Proxifier or SocksCap (which forces all your connections to go through the proxy), it becomes a bit easier. I still didn't have UDP though

Although I had internet now, it remained a pain to be bound by the Ethernet cable: I wasn't able to sit at my desk. The easy solution may be buying an extra Ethernet cable, but I decided to buy a WiFi dongle from LDLC instead that can be put into access point mode. I bought the D-link DWA-121, which is a dongle that is said to work with the Raspberry Pi.

A WiFi repeater

WiFi → HD2 → USB → Raspberry Pi → (USB) WiFi

Now we arrive at the real thing: an actual WiFi repeater.

First of all, I installed a new ROM on the HD2 that had working native USB tethering (NexusHD2-CM9). This way, I would be able to eliminate the SOCKS server and turn the Raspberry Pi into a WiFi router. Running speed tests on the HD2 now showed that the WiFi connection was wonky. I couldn't find the "Improve Wi-Fi performance" mode in the settings, so installed an app from the market called "WIFI High Performance". This improved WiFi latency and speeds drastically. I now enabled native USB tethering.

Using the adb shell, I found out that USB tethering was enabled on a new subnet 192.168.42.0/24, with the HD2 having 192.168.42.129 as IP.

root@raspberrypi:/home/pi# adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
# ip route
192.168.1.1 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.17 metric 314
192.168.42.0/24 dev usb0 proto kernel scope link src 192.168.42.129
default via 192.168.1.1 dev wlan0

With the WiFi dongle plugged in, and with the newly available usb interface on the Raspberry Pi, I had the following interfaces available:

root@raspberrypi:/home/pi# ifconfig -s | cut -d' ' -f1 | tr '\n' ',' | sed 's/,\(.*\),$/s: \1\n/'
Ifaces: eth0,lo,usb0,wlan0

With usb0 being the connection to the HD2 and wlan0 being the WiFi dongle, I had to make some modifications to the /etc/network/interfaces file:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.15.1 # For if I need to connect via Ethernet to the Raspi again
netmask 255.255.255.0
iface wlan0 inet static
address 192.168.60.1 # Wireless clients
netmask 255.255.255.0
allow-hotplug usb0
iface usb0 inet static
address 192.168.42.130
gateway 192.168.42.129 # IP of the HD2
netmask 255.255.255.0
up sysctl -w net.ipv4.ip_forward=1
up route add default gw 192.168.42.129 dev usb0

That is actually my whole file. I removed the gateway from eth0, so it would take the gateway to the usb0 device instead. It needs IP forwarding to be enabled as well, so I added that to the ifup command (net.ipv4.ip_forward=1). I removed all other directives from the wlan0 configuration as well.

I now set up "hostapd" which is a package that will allow to use the dongle in AP mode. My /etc/hostapd/hostapd.conf looks as follows:

interface=wlan0
driver=rtl871xdrv
ssid=PirateAP
hw_mode=g
channel=3
macaddr_acl=0
auth_algs=3
wmm_enabled=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=piratesown
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
beacon_int=100

It needs a bit more set up than that (read the full tutorial on elinux). I needed a modified binary of hostapd as well. I configured udhcpd (a micro dhcp daemon) to use the subnet 192.168.60.0/24 as shown above in the interfaces file.

Somehow I wasn't able to connect to the RasPi via WiFi. The connection got aborted each time. After debugging, I found out that wpa_supplicant was still active (though it shouldn't be, because the WiFi dongle is in host mode, and not in client mode). I decided to remove the wpasupplicant package altogether so it wouldn't cause me any more problems.

After that, I added the following rules to iptables, to take care of the routing between the different devices:

iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -i wlan0 -j ACCEPT

The RasPi is now behaving as a router 🙂 !

If you're going to be setting this up yourself, you're gonna have to find a way to get the packages installed on your RasPi first (adb, hostapd udhcpd).