Introduction: A Grey Hat
Well, from my profile coupled with a quick web search, anybody can find out that I'm an Information Technology Security Consultant. That's my day job, I try not to post much about it, as quite frankly, security is predictable. Clocks are *much* more fun, and to be completely honest, the small business that has grown from my Instructable post about the Word Clock has dealt with lots of my free time, so I haven't been giving back so much to the Instructables.com community.
That has changed - Recently, I was going to attend a short confrence and there was a bit of an email discussion about the dress standard. Do we wear Top Hat and Tails, or jeans and tee shirts? If we have to dress up, should the hats be black - Surely not, as because were the good guys, the hats should probably be white? So many choices. Colloquially, we know that White Hat hackers are the good guys, and the Black Hats are the naughty ones, but life isn't always quite that cut and dry.
Here I introduce my 'Grey Hat' - A top hat that looks white, but actually isn't pure and pristine.
"WHAT?????" I hear you say...... HOW ON EARTH IS A WHITE HAT GREY????
Well, I have an easy answer for that - How about when it is secretly a FREE WIFI access point that acts as a community service. Connect to it (It's advertised clearly as "FreeWIFI"), and it will do its best to let you know that Free Wifi may not always be what you expect by delivering a friendly cat video.
If you visit news.com - you get a cat video.
If you go to slashdot.com - you get a cat video.
Even if you hit SuperSecretWorkEmailSystemThatWeProtectByRelyingOnObsfication.com you guessed it - get a cat video.
Oh - And I LOG EVERYTHING!
Here you go - I present The Grey Hat!
Step 1: First - You Need a Top Hat and a Mounting Board
The email conversation happened on Tuesday and I knew I had to move quickly if my dream was to become a reality.
To eBay first...An Australian Based Hat Vendor was identified, and a White Top Hat was procured for about $20 - Now to wait for a day or so for it to arrive...
Yay - It is here - Australia Post was particularly efficient! I try to keep it local :-)
First step - measure the size of the place where the mounting plate will live inside the hat. In my case, it was an oval of about 184mm x 150mm - I decided to add 2.5mm all round to ensure it was a snug fit, and I laser cut a oval of 189x155 into some scrap 3mm black acrylic I had in the scrap pile here.
Next, I verified that the plate fit correctly. DON'T PUSH IT DOWN - it is hard to remove when it gets wedged in place.
Step 2: Add the Electronics
Next, I grabbed a Raspberry Pi, a battery, and a Voltage Regulator board I had in the workshop.
I placed them around the plate, looking at where they needed to go so that they wouldn't interfere with each other, then I carefully drilled 3mm holes for the PI and 6mm holes for the battery.
I used 3mm screws to mount the PI, and hot melt glue to mount the regulator.
Next, I attached the battery with a cable tie.
I added a couple of cables to the voltage regulator so that I could connect it to the PI, and the battery. My battery was a Turnigy 2200ma 3S LIPO that was in the workshop, providing about 11 volts - the regulator was set to drop that to 5v for the PI.
A couple of measurements let me know that the PI consumes about 600mA, meaning that the unit should run for about 3 or 4 hours on a fully charged battery - Well and truly long enough
Step 3: Load the Software
The beautiful thing about Raspberry Pis is that they let us all stand on the shoulders of giants. Really truly giants who have done cool things before us!
Everything tricky that I needed in software had already been done before.
Essentially, the Raspberry Pi runs an access point, using 'hostapd', delivers spurious name search records by using 'dnsmasq' and then redirects everybody to a simple web page using 'nginx'.
That web page page contains a bit of text, and a link to a cat video.
Install the software by simply typing the following at a console prompt on the pi:
apt-get install hostapd dnsmasq nginx
And the software will be loaded
Step 4: Configuring Hostapd
Next, I configure hostapd to turn the Pi into a free open access point:
sudo touch /etc/hostapd/hostapd.conf
Edit the file /etc/hostapd/hostap.conf to contain the following;
interface=wlan0
driver=nl80211
ssid=FreeWiFi
channel=6
Finally, I edited hostapd's initialisation file (/etc/init.d/hostapd) to let it know where the configuration is by including the following text:
DAEMON_CONF=/etc/hostapd/hostapd.conf
That sets up the wifi hotspot for us.
Step 5: Configure Dnamasq
Next, I configured dnsmasq to set up a DNS server that resolves all lookups to our fictitious raspberry pi's web server:
1. Edit /etc/dnsmasq.conf to include the following information at the end of the file;
log-facility=/var/log/dnsmasq.log
address=/#/10.0.0.1
interface=wlan0
dhcp-range=10.0.0.10, 10.0.0.250,12h
no-resolv
log-queries
Step 6: Configuring the Network
Next, I configured the network setup on the Pi by editing /etc/network/interfaces so it looked like this:
auto lo
iface lo inet loopback
iface eth0 inet dhcp
iface wlan0 inet static address 10.0.0.1
netmask 255.255.255.0
broadcast 255.0.0.0
pre-up iptables-restore < /etc/iptables.rules
The last line was especially important, as I didn't want any of the people at the confrence to hack into mny Pi and adjust its configuration.
Step 7: Configuring Iptables
Next, I made it so that it was difficult for others to connect to my Pi from the wireless connection by creating some iptables rules - simply cut and paste the following;
.
sudo iptables -F
sudo iptables -i wlan0 -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -i wlan0 -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -i wlan0 -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -i wlan0 -A INPUT -p udp --dport 67:68 -j ACCEPT
sudo iptables -i wlan0 -A INPUT -j DROP
sudo sh -c "iptables-save > /etc/iptables.rules"
This will create the file the contains the basic rules that prevent anybody accessing the ssh port on our PI via the wireless connection.
Step 8: Create the Web Page for People to See
Next, I needed to create the web page that people could see.
I simply edited the file /usr/share/ngix/www/index.html to have the following text
Free Wifi isn't always free
Enjoy a Free kitten video with your Free WIFI
Sometimes White Hats are not so white :-)
Then I got a random cat video from YouTube using a random video download service (I saved it as a mp4 file) and I saved that as kitten.mp4 in the directory /usr/share/ngix/www/
Step 9: Set Things to Automatically Start at Bootup
All of these services have to be configured to autostart when the PI boots. Just type the following;
sudo update-rc.d nginx defaults
sudo update-rc.d hostapd defaults
sudo update-rc.d dnsmasq defaults
Step 10: Final Results
It was a HIT!
I got the the conference, and within 30 minutes, there was some general chatter about a cat video....
After a while, I confessed and there was lots of interest - in all 73 people downloaded the video, and learnt that free WiFi may not be what they expected. I thought that was an awesome result.
So - Go and make your own Gray Hat - remember to charge your battery first and make sure that you keep your video nice :-)
Step 11: Parts Required
1 Top Hat
1 Raspberry Pi
1 8Gb SS Card
1 WiFi Dongle
1 Voltage Regulator
1 LIPO Battery
2 3mm x 12mm Screws
2 3mm Nuts
1 Cable Tie
Wire
Hot Melt Glue
Wire
Battery connector to suit your battery
1 26 way crimp connector
A couple of hours of spare time.