Friday, March 14, 2008

An open-AP-finding robot

I wrote two little scripts to turn an ordinary Linksys WRT54G into an open-AP-finder. Yeah, I know this is questionable legally, etc etc. So is vandwelling (in most jurisdictions). Like I said, I try to seek out truly public networks. But I takes whatever I can find, and tread as lightly as possible.

These scripts work with OpenWRT (Kamikaze) on a revision 2.2 WRT54G. They require the "wl" tool which is a binary Linksys program that's also redistributed and included in OpenWRT.

Script #1 is called "parsescanresults":




#!/bin/sh

#$Id$

THRESHOLD=19

if [ "$1" ] ; then
THRESHOLD=$1
fi

while read i; do
#ssid line is foist
sstest=`echo "$i" | grep '^SSID' | cut -d':' -f 2`
if [ "$sstest" ]; then
SSID=$sstest
#gotta reset eerything now!
sntest=""
SNR=0
captest=''
weptest=''
capline=''
fi

#parse the RSSi and noise!
sntest=`echo "$i" | grep noise`
if [ "$sntest" ] ; then
snline=$sntest
sig=`echo "$snline" | cut -d':' -f 3 | cut -d' ' -f 2`
noise=`echo "$snline" | cut -d':' -f 4 | cut -d' ' -f 2`
let SNR="$sig - $noise"
fi


#caplien is third, also has bbssid in there, maybe useful
captest=`echo "$i" | grep Capability`
if [ "$captest" ] ; then
capline=$captest
weptest=`echo "$capline" | grep WEP`
if [ ! "$weptest" ]; then
#i only want the ones i could realistically associate with
if [ $SNR -ge $THRESHOLD ]; then
#i hate a certain pay network
echo "${SSID},${SNR}" | grep -v SSID_Of_Pay_Network_That_Annoys_Me
fi
fi
fi
done



The other is a daemon called "openleds". I start it from /etc/rc.d.



#!/bin/sh

#$Id$

set_led() {
local led="$1"
local state="$2"
[ -f "/proc/diag/led/$1" ] && echo "$state" > "/proc/diag/led/$1"
}

while true; do
#first reset everthang


wl scan -t passive
wl scanresults | parsescanresults > /var/log/netsinprogress
let opens=`wc -l < /var/log/netsinprogress`


if [ $opens -ge 1 ]; then
set_led dmz 1
cp /var/log/nets /var/log/lastfound
fi

if [ $opens -ge 2 ]; then
set_led dmz f
fi

if [ $opens -lt 1 ]; then
for i in dmz wlan; do
set_led $i 0
done
fi

cp /var/log/netsinprogress /var/log/nets

done



So I drive around, I try a parking space and look at the LED's on the Linksys. If the DMZ light is lit, I have an open AP within range. If the LED is flashing, I have two or more!

I want to set another LED to light when I have one of my preferred public networks within reach. Also need to parse the output of "wl scanresults" better to indicate those networks with good signal/noise ratio, or filter out those that don't have good reception.

This whole exercise feels temporary to me. I should just pay up for Sprint MetroPCS, but right now I can't afford it.

Far too many AP's are WEP these days. The more popular brands such as Netgear, 2WIRE, Apple, etc., all ship with WEP on by default. So the days of "wardriving" are pretty much over. Still, this helps for those of us in difficult financial situations-- the Linksys cost me US$35 used, I already had the pigtail cables around, and I made the antenna myself.

But connectivity is nowhere near as easy to find as it was 4-5 years ago the last time I tried anything like this. If this trend keeps up, I eventually will have no choice but to try to find money for Sprint or some kind of Metro service.

No comments: