teff Posted March 19, 2012 Share Posted March 19, 2012 I would be interested to know if this would work? I have an android phone and tablet, I already run openvpn over ssl on both to force traffic through my home "server" (its a eeepc 701 running debian) but this takes a few seconds to reconnect on a connection change. I use juice defender to manage my wifi on both devices, and although I could disable its control over wifi I wanted to have to do minimal connection management. So I did some research and it seems androids gives highest priority to the most recently created wifi profile. I created a new profile with a random SSID that shouldn't exist in the wild and then created a tasker profile that triggers when it connects, pops up an alert and disables wifi. Should this trigger as expected? Profile Pineapple Wifi Connected "SSID=randomssid" > Launch task Pineapple Task Pineapple # Set the local variable wific to the output of the system variabl wifi info (SSID, MAC, Channel, Speed of the currently connected network) Variable Set > %wific = %WIFII Wifi Net > Disconnect Vibrate Notify "PINEAPPLE DETECTED!" # Write the current date, time, location (from gsm network) and output of wifi info (when disconnected from wireless it will have the info for all AP's in range) Write File > pineapple.txt >> ================= %DATE - %TIME %LOCN %WIFII # Turn the wifi off here because the popup blocks task from continuing. Wifi Off # popup a custom scene and pass wific to it (my scene has a dismiss button and a enable wifi just in case) Popup > Text1=%wific Quote Link to comment Share on other sites More sharing options...
digininja Posted March 19, 2012 Share Posted March 19, 2012 No idea if the actual script works but the concept seems pretty good. I've not used tasker, I'm guessing it is just a simple scripting app, if so the only problem I could see is how often it runs, too often and it will drain your battery quickly and may (not sure) disconnect you from your existing connection to try for the new random one. Not often enough and you could be connected for a while before you notice. It also only takes fractions of a second for automated scripts to notice the network connection is up and call home, if any of those have clear text credentials in them they may slip out before your script detects what is going on. A very good attempt, better than anything else I've seen but maybe not perfect and I can't think of a usable perfect solution if you want to be able to use open wifi. Quote Link to comment Share on other sites More sharing options...
teff Posted March 19, 2012 Author Share Posted March 19, 2012 No idea if the actual script works but the concept seems pretty good. I've not used tasker, I'm guessing it is just a simple scripting app, if so the only problem I could see is how often it runs, too often and it will drain your battery quickly and may (not sure) disconnect you from your existing connection to try for the new random one. Not often enough and you could be connected for a while before you notice. It also only takes fractions of a second for automated scripts to notice the network connection is up and call home, if any of those have clear text credentials in them they may slip out before your script detects what is going on. A very good attempt, better than anything else I've seen but maybe not perfect and I can't think of a usable perfect solution if you want to be able to use open wifi. Tasker is pretty efficient for most things and I'm pretty sure that the "wifi connected" trigger is from a system intent, so triggers pretty much instantaneously and should not be polling in between. Script definitely works and triggers, I temporarily added the open test network to my router and hardly had chance to look before it went off, I just wasn't sure if this would work well against a pineapple or similar device :) I've also been pretty careful about the apps I have installed and I am pretty certain the ones that do have internet access are at least using SSL by default. I've wondered lately how possible it would be to modify a rom so that it can restrict a specified group of apps to only use the a certain network adapter. "Insecure" apps could only be allowed connections through the OpenVPN tun adapter then. I think that if the pineapple were not to respond to the first attempt to connect by a client then it should completely negate this, its likely most people have more than one wireless profile and with android especially it will just kick through to the next most recently added profile and try to connect on that instead, but I presume this would screw up deauth attacks. I think I can get round this though by having Tasker check the SSID and MAC against a text file and trigger if it doesn't have the AP on file or the MAC is different then disable until the user has validated it is a valid AP that can be added to the file. I could add location data in too, but it is not helpful for the "BT Openzone" or "BT Fon" networks where they exists all over the place and certainly would be a pain if you connect to anything portable you carry around. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 19, 2012 Share Posted March 19, 2012 If it is event based then it should work OK. I was going to suggest recording MAC against SSID but as you say, that isn't practical if you are using common public hotspots like Openzone or Starbucks. Quote Link to comment Share on other sites More sharing options...
teff Posted March 19, 2012 Author Share Posted March 19, 2012 (edited) edit: arse, it doesnt append a new line character when it does a write line. actually I was using ';' where I should have had ','. Should work now edit2: also the scene doesn't update when the button is pressed, not sure why. edit3: fixed the scene updating by calling show scene instead of pop up dialog. I think I have something fairly functional, though a native app might be more appropriate: Profile: Pineapple: Wifi Connected: * > Launch Task: Pineapple Tasks: Pineapple: # Clear the global %SSIDMAC Variable Clear %SSIDMAC # Launch task to fetch the SSID and MAC of the connected AP Task: getSSIDMAC # Launch task to check whether SSID and MAC exist in the database # and if they match known combination. Return %isdb, # 1 = AP exists, 0 = AP doesnot exist Task: CheckSSIDDB return %isdb # if the AP does not exist If %isdb <> 1 # turn off wifi WiFi Set Off # notify user Vibrate Notify "Pineapple or Unknown AP!" # log to file Append file Pineapple.txt >> ==================== %DATE - %TIME %LOCN %wific ---------------- %WIFII # popup the Pineapple scene to allow the user # to add it if safe. (blocks continuation of task # until the user closes the scene) Show Scene Pineapple scene > Show as Activity or Dialog # Destroy the scene Destroy Scene Pineapple End If getSSIDMAC Variable Set %wific To %WIFII # split %wific at all instances of "<<<" # produces %wific1, %wific2 Variable split %wific splitter "<<<" # set %ssid to everything after "<<<" Variable Set %ssid to %wific2 # split %ssid at "Mac:" Variable split %ssid splitter "Mac:" # split with no splitter to clean up the # whitespace %ssid12 contains just the ssid Variable split %ssid1 # set %mac to everything after "Mac:" Variable Set %mac To %ssid2 # split at "IP" Variable split %mac splitter "IP" # split again to clear whitespace, mac will be in %mac12 Variable split %mac1 # set the global %SSIDMAC to ssid,mac Variable Set %SSIDMAC to %ssid12,%mac12 CheckSSIDDB # create counter Variable set %linen = 1 # set label loop label Loop: # read line number %linen in to variable %line Read Line %linen from file ssid.txt to %line # if %line == "EOF" the AP does not exist if %line == EOF return 0 # split %line at ',' to give %line1 = SSID and %line2 = MAC Variable Split %line splitter ';' # split %SSIDMAC at ',' to give %SSIDMAC1 = SSID # and %SSIDMAC2 = MAC Variable Split %SSIDMAC splitter ',' # do the SSID match? if %line1 == %SSIDMAC1: # if so then do the the MAC's match? Return 1 if they do if %line2 == %SSIDMAC2 return 1 End If # if there is no match increment the counter Variable Set %linen = %linen + 1 # and loop to the next line Goto label Loop Scene Pineapple: ----------------------------------- Pineapple or unknown AP Detected! Text Box ----------------------------------- %SSIDMAC Text Box ----------------------------------- file:\\/mnt/sdcard/ssid.txt WebView ----------------------------------- _______________ | Enable AP | Button |_______________| ----------------------------------- Button: Write line %SSIDMAC to end of ssid.txt Enable Wifi Refresh Webview Update Text1: AP Added! Hide button Edited March 21, 2012 by teff Quote Link to comment Share on other sites More sharing options...
teff Posted March 21, 2012 Author Share Posted March 21, 2012 If anyone wants the source files from Tasker I will happily attach them. Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted April 1, 2012 Share Posted April 1, 2012 yes pls.appreciate the time and effort everybodys does on this site. Quote Link to comment Share on other sites More sharing options...
teff Posted April 2, 2012 Author Share Posted April 2, 2012 (edited) Will do, though still having issues with it, think there is a bit of an issue with file locking from the dialog popup. If the network is approved the wireless is enabled and it connects to the network again, this causes the pineapple task to rerun but still detect an unknown network. Edited April 2, 2012 by teff Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 3, 2012 Share Posted April 3, 2012 Easiest way is to turn off wifi! :P Honestly, you actually use public wifi? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.