Introduction: A Grey Hat

About: I have a background in digital electronics, and am very interested in computers. I love things that blink, and am in awe of the physics associated with making blue LEDs.

Well, from my profile coupled with a quick web search, anybody can find out that I'm an Information Technology Security Consultant. That's my day job, I try not to post much about it, as quite frankly, security is predictable. Clocks are *much* more fun, and to be completely honest, the small business that has grown from my Instructable post about the Word Clock has dealt with lots of my free time, so I haven't been giving back so much to the community.

That has changed - Recently, I was going to attend a short confrence and there was a bit of an email discussion about the dress standard. Do we wear Top Hat and Tails, or jeans and tee shirts? If we have to dress up, should the hats be black - Surely not, as because were the good guys, the hats should probably be white? So many choices. Colloquially, we know that White Hat hackers are the good guys, and the Black Hats are the naughty ones, but life isn't always quite that cut and dry.

Here I introduce my 'Grey Hat' - A top hat that looks white, but actually isn't pure and pristine.

"WHAT?????" I hear you say...... HOW ON EARTH IS A WHITE HAT GREY????

Well, I have an easy answer for that - How about when it is secretly a FREE WIFI access point that acts as a community service. Connect to it (It's advertised clearly as "FreeWIFI"), and it will do its best to let you know that Free Wifi may not always be what you expect by delivering a friendly cat video.

If you visit - you get a cat video.

If you go to - you get a cat video.

Even if you hit you guessed it - get a cat video.


Here you go - I present The Grey Hat!

Step 1: First - You Need a Top Hat and a Mounting Board

The email conversation happened on Tuesday and I knew I had to move quickly if my dream was to become a reality.

To eBay first...An Australian Based Hat Vendor was identified, and a White Top Hat was procured for about $20 - Now to wait for a day or so for it to arrive...

Yay - It is here - Australia Post was particularly efficient! I try to keep it local :-)

First step - measure the size of the place where the mounting plate will live inside the hat. In my case, it was an oval of about 184mm x 150mm - I decided to add 2.5mm all round to ensure it was a snug fit, and I laser cut a oval of 189x155 into some scrap 3mm black acrylic I had in the scrap pile here.

Next, I verified that the plate fit correctly. DON'T PUSH IT DOWN - it is hard to remove when it gets wedged in place.

Step 2: Add the Electronics

Next, I grabbed a Raspberry Pi, a battery, and a Voltage Regulator board I had in the workshop.

I placed them around the plate, looking at where they needed to go so that they wouldn't interfere with each other, then I carefully drilled 3mm holes for the PI and 6mm holes for the battery.

I used 3mm screws to mount the PI, and hot melt glue to mount the regulator.

Next, I attached the battery with a cable tie.

I added a couple of cables to the voltage regulator so that I could connect it to the PI, and the battery. My battery was a Turnigy 2200ma 3S LIPO that was in the workshop, providing about 11 volts - the regulator was set to drop that to 5v for the PI.

A couple of measurements let me know that the PI consumes about 600mA, meaning that the unit should run for about 3 or 4 hours on a fully charged battery - Well and truly long enough

Step 3: Load the Software

The beautiful thing about Raspberry Pis is that they let us all stand on the shoulders of giants. Really truly giants who have done cool things before us!

Everything tricky that I needed in software had already been done before.

Essentially, the Raspberry Pi runs an access point, using 'hostapd', delivers spurious name search records by using 'dnsmasq' and then redirects everybody to a simple web page using 'nginx'.

That web page page contains a bit of text, and a link to a cat video.

Install the software by simply typing the following at a console prompt on the pi:

apt-get install hostapd dnsmasq nginx

And the software will be loaded

Step 4: Configuring Hostapd

Next, I configure hostapd to turn the Pi into a free open access point:

sudo touch /etc/hostapd/hostapd.conf

Edit the file /etc/hostapd/hostap.conf to contain the following;





Finally, I edited hostapd's initialisation file (/etc/init.d/hostapd) to let it know where the configuration is by including the following text:


That sets up the wifi hotspot for us.

Step 5: Configure Dnamasq

Next, I configured dnsmasq to set up a DNS server that resolves all lookups to our fictitious raspberry pi's web server:

1. Edit /etc/dnsmasq.conf to include the following information at the end of the file;







Step 6: Configuring the Network

Next, I configured the network setup on the Pi by editing /etc/network/interfaces so it looked like this:

auto lo

iface lo inet loopback

iface eth0 inet dhcp

iface wlan0 inet static address



pre-up iptables-restore < /etc/iptables.rules

The last line was especially important, as I didn't want any of the people at the confrence to hack into mny Pi and adjust its configuration.

Step 7: Configuring Iptables

Next, I made it so that it was difficult for others to connect to my Pi from the wireless connection by creating some iptables rules - simply cut and paste the following;


sudo iptables -F
sudo iptables -i wlan0 -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -i wlan0 -A INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -i wlan0 -A INPUT -p udp --dport 53 -j ACCEPT

sudo iptables -i wlan0 -A INPUT -p udp --dport 67:68 -j ACCEPT

sudo iptables -i wlan0 -A INPUT -j DROP

sudo sh -c "iptables-save > /etc/iptables.rules"

This will create the file the contains the basic rules that prevent anybody accessing the ssh port on our PI via the wireless connection.

Step 8: Create the Web Page for People to See

Next, I needed to create the web page that people could see.

I simply edited the file /usr/share/ngix/www/index.html to have the following text

Free Wifi isn't always free

Enjoy a Free kitten video with your Free WIFI

Sometimes White Hats are not so white :-)

Then I got a random cat video from YouTube using a random video download service (I saved it as a mp4 file) and I saved that as kitten.mp4 in the directory /usr/share/ngix/www/

Step 9: Set Things to Automatically Start at Bootup

All of these services have to be configured to autostart when the PI boots. Just type the following;

sudo update-rc.d nginx defaults

sudo update-rc.d hostapd defaults

sudo update-rc.d dnsmasq defaults

Step 10: Final Results

It was a HIT!

I got the the conference, and within 30 minutes, there was some general chatter about a cat video....

After a while, I confessed and there was lots of interest - in all 73 people downloaded the video, and learnt that free WiFi may not be what they expected. I thought that was an awesome result.

So - Go and make your own Gray Hat - remember to charge your battery first and make sure that you keep your video nice :-)

Step 11: Parts Required

1 Top Hat

1 Raspberry Pi

1 8Gb SS Card

1 WiFi Dongle

1 Voltage Regulator

1 LIPO Battery

2 3mm x 12mm Screws

2 3mm Nuts

1 Cable Tie


Hot Melt Glue


Battery connector to suit your battery

1 26 way crimp connector

A couple of hours of spare time.

Raspberry Pi Contest

Participated in the
Raspberry Pi Contest