#288710 - 24/10/2006 19:46
Airport Wireless Connections, a fun hack.
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
With all the traveling I've been doing over the past year, I've started to get annoyed at airports that don't have free wireless.
You know the drill: You open up the laptop, and it shows an unencrypted access point with five bars of signal strength. You cheer, only to find that the first web page that comes up is asking you for your credit card.
It's rarely worth it to me to pay $7.95 just to log in and check my email. That's just highway robbery.
Sometimes, you can connect to the airport wireless system, and usernames and passwords like "foobar" will work, but I've actually only done that trick successfully once.
So here's something fun to try. I read about this somewhere, and thought it would be a lot harder to do than it was. Turns out it worked like a charm, was easy to do, and I haven't got the slightest moral compunctions about doing it, for reasons which I shall explain below.
Okay, when you get that page that charges you $7.95, how does it authenticate you? Usually, by your wireless card's MAC address. And what do you do with that connection? You check your email, you answer it maybe, perhaps you surf the empeg BBS for 5 minutes, then your plane starts boarding and you have to shut down your laptop. You've still got an hour and a half of time left on that $7.95, and it's sitting there unused, like a parking meter with time left after you've pulled out of the parking spot.
I have no compunctions about grabbing that parking spot with time left on the meter. Do you? Here's how to do the 802.11 ethernet equivalent of snagging the parking spot (windows XP directions given):
- Before you leave on your trip, copy the ethereal installer to your laptop's hard disk. (And the installer for the Winpcap driver if ethereal still needs it to function... I have an older version of ethereal, I dunno if they've streamlined the product lately or not.)
- Connect to the wireless router.
- Surf to any web page so that the "enter your credit card number" screen appears.
- Install Winpcap and Ethereal. Packet sniff the wireless card for a moment. Promiscuous mode, with name-resolution turned off.
- Sort the data by Source Address.
- Some of those addresses will be MAC addresses instead of IP addresses. Copy them down.
- Supposedly, you're supposed to keep sniffing until you stop seeing one of those addresses, thus indicating that they've finished using their connection and the parking spot is now empty. I was in a hurry, and actually just went straight on to the next step, and I'm hoping to discuss the potential repercussions of doing this later in the thread.
- Go to your 802.11 card's advanced properties, and where the property of "Network address" says "Not Present", change it to one of the MAC addresses you just copied down. On my network card, I had to remove the colons and put it in uppercase, yours may be different. (Note: Some network cards don't have this option in their driver. There are supposedly third party tools that will help you spoof your mac address in that case. I never needed to try them.)
- The icon on the task bar will disappear and reappear, indicating that XP has reset the network card and is obtaining a new DHCP address. When it indicates it's connected, try surfing and see if you still get the payment options screen. If not, try another MAC address in the wireless card's properties.
- Lather, rinse, repeat until you get a working connection.
I did this in the Detroit airport yesterday, and it literally took me about three minutes to do, and that's counting the time it took me to install Winpcap and Ethereal.
Now, the first MAC address I tried didn't work. I'm assuming that was someone who tried to surf but didn't pay for the service. The second MAC address worked spotty, with timeouts and broken connections. Lots of red X's where graphics were supposed to be. I'm assuming this was someone who was still using the connection, and our browsers were fighting over who gets to keep the returned packets. I disconnected this and tried a third MAC address, which worked perfectly and with no lost data. I'm assuming this was someone who had just shut down, or at least had stopped surfing at that moment.
So does anyone have any better idea of what would happen if I used the MAC address of an existing, active user? Would it behave like the second address I tried in my example above?
|
Top
|
|
|
|
#288711 - 24/10/2006 19:55
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Tony that is an excellent hack! Thanks!
|
Top
|
|
|
|
#288712 - 24/10/2006 20:36
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
Yup, your suspicions are correct on the poorly loading pages. When I was in middle school when they rolled out The Internet, the Novel consultant configured every last machine in the library with the same IP address and had exactly the same symptoms. I fixed it in short order. Eventually they hired me to help, but I still didn't get paid half as much as the Novel consultant.
Matthew
|
Top
|
|
|
|
#288713 - 24/10/2006 21:03
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
Mmn... and I'll be at an airport next month ;-) The thoughts have gone through my head about this sort of thing, but I am rarely around those sorts of places. Another idea is that if the hotspot has fully open DNS then you can tunnel over that.
|
Top
|
|
|
|
#288714 - 24/10/2006 21:07
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
carpal tunnel
Registered: 17/01/2002
Posts: 3996
Loc: Manchester UK
|
I suppose this all works on the assumption that you don't 'log out' of whatever service you're using after you've finished before some prick tries to hop on your connection.
_________________________
Cheers,
Andy M
|
Top
|
|
|
|
#288715 - 24/10/2006 21:24
Re: Airport Wireless Connections, a fun hack.
[Re: andym]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
Quote: the assumption that you don't 'log out' of whatever service you're using
The services I'm talking about don't have a logout at all. Once you've paid (or once you've authenticated, assuming you've got some kind of prearranged connection), then the router simply lets your MAC address past it for the next two hours.
|
Top
|
|
|
|
#288716 - 24/10/2006 21:34
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
carpal tunnel
Registered: 17/01/2002
Posts: 3996
Loc: Manchester UK
|
Ah right, never come across ones like that. They've always had a login/countdown timer/logout procedure.
Very useful if you use it regularly for short periods like I used to when I had weekly visits to London and spent a lot of time in stations waiting for trains. I could make £10's worth of access last several weeks.
_________________________
Cheers,
Andy M
|
Top
|
|
|
|
#288717 - 24/10/2006 22:00
Re: Airport Wireless Connections, a fun hack.
[Re: andym]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
This scenario is like using the rest of somebody's 1hr parking ticket when they have only used 20 minutes of it. Except rather than them handing it to you as they leave, you are picking it out the bin
|
Top
|
|
|
|
#288718 - 25/10/2006 00:24
Re: Airport Wireless Connections, a fun hack.
[Re: matthew_k]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Aw, man. Novell "professionals" were the worst. I had several similar experiences telling them how to do their jobs, and them getting paid beaucoup money for my work.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#288719 - 25/10/2006 10:54
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
old hand
Registered: 14/08/2001
Posts: 886
Loc: London, UK
|
Isn't that tantamount to stealing?
_________________________
Mk2a RioCar 120Gb - now sold to the owner of my old car Rio Karma - now on ebay...
|
Top
|
|
|
|
#288720 - 25/10/2006 11:47
Re: Airport Wireless Connections, a fun hack.
[Re: g_attrill]
|
veteran
Registered: 25/04/2000
Posts: 1529
Loc: Arizona
|
Quote: This scenario is like using the rest of somebody's 1hr parking ticket when they have only used 20 minutes of it. Except rather than them handing it to you as they leave, you are picking it out the bin
I'm not sure if it is picking it out of the trash as much as taking it from inside the car. The access points I've used had a one year period in which to use the time you purchased. I still have about 2.5 hours waiting for me next time I'm at the Heathrow Hilton. I wouldn't be exactly 'happy' about getting there and having to repurchase a block because somebody figured they had the right to use what I purchased.
|
Top
|
|
|
|
#288721 - 25/10/2006 11:52
Re: Airport Wireless Connections, a fun hack.
[Re: Tim]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14496
Loc: Canada
|
Quote:
Quote: This scenario is like using the rest of somebody's 1hr parking ticket when they have only used 20 minutes of it. Except rather than them handing it to you as they leave, you are picking it out the bin
I'm not sure if it is picking it out of the trash as much as taking it from inside the car. The access points I've used had a one year period in which to use the time you purchased. I still have about 2.5 hours waiting for me next time I'm at the Heathrow Hilton. I wouldn't be exactly 'happy' about getting there and having to repurchase a block because somebody figured they had the right to use what I purchased.
Odds are good that your year-long plan isn't strictly based on MAC address. But I suppose somebody could still siphon off a few hours worth before needing to reauthenticate.
Cheers
|
Top
|
|
|
|
#288722 - 25/10/2006 11:54
Re: Airport Wireless Connections, a fun hack.
[Re: furtive]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14496
Loc: Canada
|
Quote: Isn't that tantamount to stealing?
Yes. And the prices they charge are tantamout to gouging, an equally bad sin.
Cheers
|
Top
|
|
|
|
#288723 - 25/10/2006 12:43
Re: Airport Wireless Connections, a fun hack.
[Re: mlord]
|
carpal tunnel
Registered: 30/04/2000
Posts: 3810
|
There's a fairly simple counter-measure to prevent this sort of theft: they could pop up an SSL-based browser window on the corner of your computer that phones home once per minute. Once the window is closed, the connection is terminated. They do something vaguely like this with NoCatAuth. As to the ethics of the hijack... you're on your own with that one. I figure market forces will eventually correct the situation. If you're the hard-charging business traveller, you'll shell out for a nationwide cellular data card (maybe $70/month, for all you can eat). So long as that's cheaper than airport wireless, the business traveller will go with the cellular solution. That leaves people for whom the wireless is non-essential, and they'll vote with their feet.
|
Top
|
|
|
|
#288724 - 25/10/2006 13:40
Re: Airport Wireless Connections, a fun hack.
[Re: furtive]
|
carpal tunnel
Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
|
Quote: Isn't that tantamount to stealing?
I don’t think, I don’t think I’m explaining this very well. Um, the 7-Eleven, right? You take a penny from the tray.
From the crippled children?
No, that's the jar. I'm talking about the tray, the pennies for everybody.
Oh, for everybod-- Okay.
Yeah, well, those are whole pennies.
Right.
Alright? I'm just talking about fractions of a penny here. Okay? But we do it from a much bigger tray and we do it a couple of million times.
_________________________
~ John
|
Top
|
|
|
|
#288725 - 25/10/2006 14:08
Re: Airport Wireless Connections, a fun hack.
[Re: JBjorgen]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14496
Loc: Canada
|
It's a bit of a special case by normal american thinking: where's the victim? The girl who just shut off her machine to board the plane isn't losing anything. The wireless provider has already been paid for the full access interval.. no victim, not really a moral crime.
|
Top
|
|
|
|
#288726 - 25/10/2006 14:36
Re: Airport Wireless Connections, a fun hack.
[Re: mlord]
|
old hand
Registered: 27/02/2003
Posts: 777
Loc: Washington, DC metro
|
Quote: It's a bit of a special case by normal american thinking: where's the victim? The girl who just shut off her machine to board the plane isn't losing anything. The wireless provider has already been paid for the full access interval.. no victim, not really a moral crime.
The wireless provider is the victim, whether you agree with the pricing structure or not. (Personally, I think it's crass highway robbery, but that's a supply and demand problem. That's why I have legal internet tethering from my phone.) Their business model depends on a certain number people to decide to pony up.
I would submit that someone tech savvy enough to steal an internet connection is also one of those more likely to want it enough to pay.
It's roughly analogous to pirating music. The pirated copy doesn't cost them "real" money, yet most of us agree that it's wrong.
-jk
|
Top
|
|
|
|
#288727 - 25/10/2006 14:58
Re: Airport Wireless Connections, a fun hack.
[Re: jmwking]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14496
Loc: Canada
|
Quote:
It's roughly analogous to pirating music. The pirated copy doesn't cost them "real" money, yet most of us agree that it's wrong.
Ah another victim of RIAA propoganda.
The better analogy might be thus: I purchase a CD album for one track. I rip the one track for my empeg, and then give the CD to you. You rip all of the other tracks for your empeg, but NOT the one that I wanted.
-ml
|
Top
|
|
|
|
#288728 - 25/10/2006 15:16
Re: Airport Wireless Connections, a fun hack.
[Re: JBjorgen]
|
old hand
Registered: 07/01/2005
Posts: 893
Loc: Sector ZZ9pZa
|
Quote: Alright? I'm just talking about fractions of a penny here. Okay? But we do it from a much bigger tray and we do it a couple of million times.
This sounds familiar. Yeah, they did that in Superman 3.
|
Top
|
|
|
|
#288729 - 25/10/2006 15:36
Re: Airport Wireless Connections, a fun hack.
[Re: mlord]
|
veteran
Registered: 25/04/2000
Posts: 1529
Loc: Arizona
|
Quote: It's a bit of a special case by normal american thinking: where's the victim? The girl who just shut off her machine to board the plane isn't losing anything.
How about the girl that just shut off her machine to visit the bathroom with the full intention of coming back and continuing what she was doing? Would the system allow her MAC back on the system if one already exists on it?
|
Top
|
|
|
|
#288730 - 25/10/2006 15:53
Re: Airport Wireless Connections, a fun hack.
[Re: mlord]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
Quote: It's a bit of a special case by normal american thinking: where's the victim? The girl who just shut off her machine to board the plane isn't losing anything. The wireless provider has already been paid for the full access interval.. no victim, not really a moral crime.
Presumably, if Tony was getting the red Xs on his browser window, someone else was also getting them. Packets which were supposed to go to the person he was spoofing were going to him, and vice versa. After he found an "unused" MAC address he was fine, but since there's no reliable way to know what MACs are truly in use (or, in Tony's analogy, which parking spaces were empty and were going to be empty for the rest of the time period) it seems to me doing this is a bit of a "moral crime" because it degrades service someone else paid for so you can get service for free.
|
Top
|
|
|
|
#288731 - 25/10/2006 15:55
Re: Airport Wireless Connections, a fun hack.
[Re: Tim]
|
addict
Registered: 23/01/2002
Posts: 506
Loc: The Great Pacific NorthWest
|
From what was mentioned in the "How to" thread it sounds like she would be allowed back on but the system would not operate correctly. Your example is the same one I was thinking of......a user that has paid and has stopped using for some reason and than wishes to log back on.
|
Top
|
|
|
|
#288732 - 25/10/2006 16:17
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
OK, here is my take....
I'm all for getting stuff for free, but I also believe that if you want something bad enough and someone has been kind enough to provide it, you should stump up the cash.
In my opinion what Tony desribes here is a crime, I'm not worried about who is the victim, all I know is if I wanted WiFi at the airport that badly and someone has put in place that service, however faceless and highly priced it may be, they the asking price should be paid in full.
Put yourselves in the place of the people who have set up the service, imagine if you made your living that way, I think you would see it differently. It's people abusing the service, which again in my opinion Tony was, that keep the price high, can everyone remember how expensive mobile calls were?
The same goes for the music argument, I download music I admit that, but I also buy the stuff I really like, I'm not stupid enough to buy music I will never listen to again, and I may wait until the price comes down but I do buy it. People make their living from it, and should be rewarded if they do it well.
How would you feel if someone parked on your drive while you were out at work without asking? I mean you weren't using it, but does it make it right for me to? I don't think so.
Cheers
Cris.
|
Top
|
|
|
|
#288733 - 25/10/2006 16:38
Re: Airport Wireless Connections, a fun hack.
[Re: Tim]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
Quote: I'm not sure if it is picking it out of the trash as much as taking it from inside the car. The access points I've used had a one year period in which to use the time you purchased. I still have about 2.5 hours waiting for me
As I've explained earlier in the thread, I'm not talking about that kind of access point. You're talking about the kind where you can logout and keep using up the same timechunk at a later date.
I'm talking about the kind where you pay once, and get access for a flat two-realtime-hours after the moment you paid, and the time expires while you're half way through your next flight.
|
Top
|
|
|
|
#288734 - 25/10/2006 16:40
Re: Airport Wireless Connections, a fun hack.
[Re: Tim]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
Quote: How about the girl that just shut off her machine to visit the bathroom with the full intention of coming back and continuing what she was doing? Would the system allow her MAC back on the system if one already exists on it?
I'm guessing it would, and then we'd both get the red X's again, and I'd disconnect that MAC address and go hunting for another unused address.
|
Top
|
|
|
|
#288735 - 25/10/2006 18:17
Re: Airport Wireless Connections, a fun hack.
[Re: sein]
|
pooh-bah
Registered: 06/04/2005
Posts: 2026
Loc: Seattle transplant
|
Quote:
Quote: Alright? I'm just talking about fractions of a penny here. Okay? But we do it from a much bigger tray and we do it a couple of million times.
This sounds familiar. Yeah, they did that in Superman 3.
Sort of relevant, anyway.
_________________________
10101311 (20GB- backup empeg) 10101466 (2x60GB, Eutronix/GreenLights Blue) (Stolen!)
|
Top
|
|
|
|
#288736 - 25/10/2006 19:14
Re: Airport Wireless Connections, a fun hack.
[Re: Cris]
|
carpal tunnel
Registered: 13/02/2002
Posts: 3212
Loc: Portland, OR
|
Quote: How would you feel if someone parked on your drive while you were out at work without asking? I mean you weren't using it, but does it make it right for me to? I don't think so.
I'm fine with that. It might not be "right", but that doesn't make it "wrong", either. That's the problem with "victimless crimes". I'm not using my spot, so if you need it, go ahead -- no skin off my back. Just be aware that if I come home from work early, and you're not around to move it real quick like, it'll get towed.
In Tony's example, the service he's talking about is literally like a parking meter by the curb-side. You put money in the meter when you park beside it, and the meter starts ticking down time. You can park there as long as the meter has time left on it. If you leave before your time is up, you don't get a refund from the parking meter. The person who takes that spot after you is under no obligation to give you the money for the time left on the meter. The person also has no obligation to put the full amount of money they "should" have owed into the meter, either. Is it "right" that you had to pay for service you didn't use, or that the person after you got to park for free (or for a discount), thanks to you? Is that "wrong"?
How is what Tony did any different than driving around the block, waiting 'til someone leaves, and taking the spot to see if there's any time left on the meter? The only difference that I can see is that there's no physical object to signify that the space is taken, and so Tony might end up parking on top of someone else. That's not good, since the other person doesn't get the service they payed for, but if there were a reliable way of detecting that a specific MAC address has gone away for good, then what's the issue?
On a semi-side note, what happens if I were to pay the connection fee, and then use my laptop as a wireless router with NAT and DHCP, giving everyone in the terminal free access? Is that "wrong", too? It may not be what the service provider intended, but tough noogies, eh?
|
Top
|
|
|
|
#288737 - 25/10/2006 19:26
Re: Airport Wireless Connections, a fun hack.
[Re: mlord]
|
old hand
Registered: 27/02/2003
Posts: 777
Loc: Washington, DC metro
|
Quote: Ah another victim of RIAA propoganda.
The better analogy might be thus: I purchase a CD album for one track. I rip the one track for my empeg, and then give the CD to you. You rip all of the other tracks for your empeg, but NOT the one that I wanted.
-ml
Of a time, that would have been fine as "fair use". Regrettably, the DMCA fuzzed the equation more than a bit.
-jk
|
Top
|
|
|
|
#288738 - 25/10/2006 19:44
Re: Airport Wireless Connections, a fun hack.
[Re: canuckInOR]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Quote: The only difference that I can see is that there's no physical object to signify that the space is taken, and so Tony might end up parking on top of someone else. That's not good, since the other person doesn't get the service they payed for
And that's the only issue I have. It's as if Tony were a blind driver and decided that the best way to see if there was a parking space was to drive his car into the space. If he got in, great. If he hit another car, oh well. And the people coming back are also blind, ramming into his car that's in their assigned space.
Quote: if there were a reliable way of detecting that a specific MAC address has gone away for good, then what's the issue?
But there is no reliable way. Someone idle is completely invisible.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#288739 - 25/10/2006 20:19
Re: Airport Wireless Connections, a fun hack.
[Re: canuckInOR]
|
pooh-bah
Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
|
Or a similar case - in London, a day ticket is often cheaper than the commute cost, so you regularly see people giving away their ticket for free once they have made their final journey of the day. Technically wrong, but morally right:-)
_________________________
Rory MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi MkII, 240Gb in Mark Lord dock MkII, 80Gb SSD in dock
|
Top
|
|
|
|
#288740 - 25/10/2006 21:13
Re: Airport Wireless Connections, a fun hack.
[Re: frog51]
|
carpal tunnel
Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
|
And let us not forget that there has been at least one conviction in the UK for theft of WiFi bandwidth (though the guy in question did repeatedly sit outside someone house using their connection).
_________________________
Remind me to change my signature to something more interesting someday
|
Top
|
|
|
|
#288741 - 25/10/2006 21:47
Re: Airport Wireless Connections, a fun hack.
[Re: andy]
|
old hand
Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
|
Quote: And let us not forget that there has been at least one conviction in the UK for theft of WiFi bandwidth (though the guy in question did repeatedly sit outside someone house using their connection).
It's only illegal if you get caught
|
Top
|
|
|
|
#288742 - 26/10/2006 02:41
Re: Airport Wireless Connections, a fun hack.
[Re: tfabris]
|
carpal tunnel
Registered: 17/12/2000
Posts: 2665
Loc: Manteca, California
|
This would seem to be akin to eating somebody else's leftovers at the restaurant.
_________________________
Glenn
|
Top
|
|
|
|
#288743 - 26/10/2006 13:58
Re: Airport Wireless Connections, a fun hack.
[Re: canuckInOR]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
Quote: How is what Tony did any different than driving around the block, waiting 'til someone leaves, and taking the spot to see if there's any time left on the meter?
The difference is you don't have to pretend to be someone else to use up money in a meter, a better example would be one of the UK type parking ticket machines which issues a ticket with part of your number plate on, so you can't give your space away. If this was the right thing to do the WiFi company would leave a connection open for anyone to use until the time is up, but they don't the connection is clearly only for the person who has paid.
Quote: On a semi-side note, what happens if I were to pay the connection fee, and then use my laptop as a wireless router with NAT and DHCP, giving everyone in the terminal free access?
Then you would probably be in breach of the term and conditions, most SP's don't allow you to share your connection with people you don't know. To read more about this issue look up the Fon service, lots of interesting debate there!
Cheers
Cris.
|
Top
|
|
|
|
#288744 - 26/10/2006 14:00
Re: Airport Wireless Connections, a fun hack.
[Re: frog51]
|
pooh-bah
Registered: 06/02/2002
Posts: 1904
Loc: Leeds, UK
|
Quote: Technically wrong, but morally right:-)
No just wrong, the tickets are clearly labled as non-transferable.
I bet the people who do this are also the same ones who complain about high ticket prices and poor service, no wonder with people ticket dodging.
Cheers
Cris.
|
Top
|
|
|
|
|
|