Last active
February 26, 2024 02:29
-
-
Save noelhibbard/62351b87a8077209c1118b65833c4128 to your computer and use it in GitHub Desktop.
AT&T Modem Bypass using ripped certs on pfSense
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sh | |
# | |
# NOTES | |
# ================== | |
# - You must place your certificates (ca.pem, client.pem, private.pem) in /cf/conf/pfatt/wpa . | |
# - You must make this script executable (chmod +x /cf/conf/pfatt/pfatt_supplicant.sh). | |
# - Create an earlyshellcmd to launch /cf/conf/pfatt/pfatt_supplicant.sh | |
# - ngeth0 will be your WAN interface and it needs to be configured to have the | |
# same MAC as your ATT provided RG. | |
# - Make sure ONT_IF is unmanaged by pfSense | |
# | |
# CONFIG | |
# ================== | |
# ONT_IF Physical interface connected to the ONT. | |
# EAP_SUPPLICANT_IDENTITY MAC address associated with your own ATT provided RG, NOT the RG which you extracted the certs from. | |
ONT_IF="re0" | |
EAP_SUPPLICANT_IDENTITY="XX:XX:XX:XX:XX:XX" | |
##### DO NOT EDIT BELOW ################################################################################# | |
/usr/bin/logger -st "pfatt" "starting pfatt..." | |
/usr/bin/logger -st "pfatt" "configuration:" | |
/usr/bin/logger -st "pfatt" " ONT_IF = $ONT_IF" | |
/usr/bin/logger -st "pfatt" " EAP_SUPPLICANT_IDENTITY = $EAP_SUPPLICANT_IDENTITY" | |
# Netgraph cleanup. | |
/usr/bin/logger -st "pfatt" "resetting netgraph..." | |
/usr/sbin/ngctl shutdown waneapfilter: >/dev/null 2>&1 | |
/usr/sbin/ngctl shutdown laneapfilter: >/dev/null 2>&1 | |
/usr/sbin/ngctl shutdown $ONT_IF: >/dev/null 2>&1 | |
/usr/sbin/ngctl shutdown o2m: >/dev/null 2>&1 | |
/usr/sbin/ngctl shutdown vlan0: >/dev/null 2>&1 | |
/usr/sbin/ngctl shutdown ngeth0: >/dev/null 2>&1 | |
/usr/bin/logger -st "pfatt" "your ONT should be connected to pyshical interface $ONT_IF" | |
/usr/bin/logger -st "pfatt" "creating vlan node and ngeth0 interface..." | |
/usr/sbin/ngctl mkpeer $ONT_IF: vlan lower downstream | |
/usr/sbin/ngctl name $ONT_IF:lower vlan0 | |
/usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether | |
/usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }' | |
/usr/sbin/ngctl msg ngeth0: set $EAP_SUPPLICANT_IDENTITY | |
/usr/bin/logger -st "pfatt" "enabling promisc for $ONT_IF..." | |
/sbin/ifconfig $ONT_IF ether $EAP_SUPPLICANT_IDENTITY | |
/sbin/ifconfig $ONT_IF up | |
/sbin/ifconfig $ONT_IF promisc | |
/usr/bin/logger -st "pfatt" "starting wpa_supplicant..." | |
WPA_PARAMS="\ | |
set eapol_version 2,\ | |
set fast_reauth 1,\ | |
ap_scan 0,\ | |
add_network,\ | |
set_network 0 ca_cert \\\"/cf/conf/pfatt/wpa/ca.pem\\\",\ | |
set_network 0 client_cert \\\"/cf/conf/pfatt/wpa/client.pem\\\",\ | |
set_network 0 eap TLS,\ | |
set_network 0 eapol_flags 0,\ | |
set_network 0 identity \\\"$EAP_SUPPLICANT_IDENTITY\\\",\ | |
set_network 0 key_mgmt IEEE8021X,\ | |
set_network 0 phase1 \\\"allow_canned_success=1\\\",\ | |
set_network 0 private_key \\\"/cf/conf/pfatt/wpa/private.pem\\\",\ | |
enable_network 0\ | |
" | |
WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -i$ONT_IF -B -C /var/run/wpa_supplicant" | |
# Kill any existing wpa_supplicant process. | |
PID=$(pgrep -f "wpa_supplicant") | |
if [ ${PID} > 0 ]; | |
then | |
/usr/bin/logger -st "pfatt" "terminating existing wpa_supplicant on PID ${PID}..." | |
RES=$(kill ${PID}) | |
fi | |
# Start wpa_supplicant daemon. | |
RES=$(${WPA_DAEMON_CMD}) | |
PID=$(pgrep -f "wpa_supplicant") | |
/usr/bin/logger -st "pfatt" "wpa_supplicant running on PID ${PID}..." | |
# Set WPA configuration parameters. | |
/usr/bin/logger -st "pfatt" "setting wpa_supplicant network configuration..." | |
IFS="," | |
for STR in ${WPA_PARAMS}; | |
do | |
STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" | |
RES=$(eval wpa_cli ${STR}) | |
done | |
# Create variables to check authentication status. | |
WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" | |
IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2" | |
/usr/bin/logger -st "pfatt" "waiting for EAP authorization..." | |
# Check authentication once per 5 seconds for 25 seconds (5 attempts). Continue without authentication if necessary (no WAN). | |
i=1 | |
until [ "$i" -eq "5" ] | |
do | |
sleep 5 | |
WPA_STATUS=$(eval ${WPA_STATUS_CMD}) | |
if [ X${WPA_STATUS} = X"Authorized" ]; | |
then | |
/usr/bin/logger -st "pfatt" "EAP authorization completed..." | |
IP_STATUS=$(eval ${IP_STATUS_CMD}) | |
if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ]; | |
then | |
/usr/bin/logger -st "pfatt" "no IP address assigned, force restarting DHCP..." | |
RES=$(eval /etc/rc.d/dhclient forcerestart ngeth0) | |
IP_STATUS=$(eval ${IP_STATUS_CMD}) | |
fi | |
/usr/bin/logger -st "pfatt" "IP address is ${IP_STATUS}..." | |
/usr/bin/logger -st "pfatt" "ngeth0 should now be available to configure as your WAN..." | |
break | |
else | |
/usr/bin/logger -st "pfatt" "no authentication, retrying ${i}/5..." | |
i=$((i+1)) | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Testing this script, the kernel models required aren't loaded, and I had to add them....
I also had to add ${ONT_IF} syntax in most places to avoid script errors - but that might have just been command line testing.