disappear-dlink.sh
For whatever reasons, I am required to turn off the router / the Wi-Fi in the nighttime (past 10PM) and turn it back on in the daytime (say, after 6AM).
So, I thought to myself:
-
I don't wanna turn it off.
-
I wanna automate this thing.
-
I wanna try to employ some concepts/protocols we learned about in the Network Administration class in college and stuff (Telnet, SNMP, MBSSID, etc.).
-
The Wi-Fi is supposed to be turned off, but the actual objective of this "policy" is to disallow other users from using it during the night, so all I need to do is make it seem like I have actually did it.
-
I'll just make the D-Link Wi-Fi disappear... that's what
disappear-dlink.sh
does.
-
Create a Virtual Access Point with the same configurations as the original/Root AP (same SSID and password). This is the Light VAP.
-
Make the Root AP inaccessible (rename and hide it and change its password).
-
Create a Virtual Access Point for my own use and make it invisible. This is the Dark VAP. (Although, we could've just used the Root AP as the Dark
VAP.) -
If it's the nighttime, disable the Light VAP, leaving only the Dark (V)AP.
-
If it's the daytime, enable the Light VAP to let others connect.
Previously connected devices will just start using the newly created Light VAP instead of the original AP as though they both were part of an Extended Service Set.
Router: D-Link DSL-125 / Firmware Version: V01.00.01
- It supports the Telnet and SNMP protocols.
- It supports MBSSID (4 virtual APs, to be exact).
AP#show version
Application Version: V01.00.01 Build Date: Dec 22 2017 11:37:04
SDK Version: SDK V1.2.1 Build Date:
Hardware Version: I1-4/16 MAC Address: 18:0F:76[WHATEVER]
SysUpTime: 0 9:35:29 Serial Number: [WHATEVER]
ManufacturerOUI: 180F76 Manufacturer: DLINK
ModelName: DSL-125 Description: DSL-125
ProductClass: DLINK
Flash Memory: 4M HW Flash Memory: 4M
RAM Memory: 16M
Setup VAPs (Virtual Access Points) and then the "root AP".
- Note: In
config wlan mbssid
:broadcast
= set visible,hidden
set invisible.
Example:<broadcast|hidden> vap 0
I wanted to set the Dark VAP's SSID to "D-Link of Evil" (D is for "Daughter of Evil"), but had to change it to "D-Link_of_Evil" because D-Link disallows spaces in SSIDs.
An except from the web client:
// [...]
if (includeSpace(document.WlanMBSSID.ssid_v0.value))
{
alert('Invalid SSID.');
document.WlanMBSSID.ssid_v0.focus();
return false;
}
// [...]
D-Link complains that "悪ノ物語//悪ノ娘" (lit. "Story of Evil//Daughter of Evil") contains illegal characters.
Ended up going with "akunomonogatari" (lit. "storyofevil").
Also, "Aku no Monogatari" written in kanji should be more than 8 "bytes," but the web interface complains that it does not meet the "minimum requirement of 8 characters".
var evilPassphrase = "悪ノ物語";
evilPassphrase.length === 4; // true, 4 characters
new Blob([ evilPassphrase ]).size === 12; // true, 12 bytes
This is the function used to validate the password on the web interface:
function isValidWPAPasswd(str)
{
var patrn = /^[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~]{1}[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~\x20]{6,61}[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~]{1}$/;
if (!patrn.exec(str))
return false;
if(str.indexOf(" ") != -1)
return false;
if(document.formEncrypt.pskValue.value.indexOf(" ", 0) != -1)
return false;
return true;
}
According to an (and the the only) answer to "Can a WPA key be shorter than 8 characters?" | Server Fault, it seems like the passphrase has to be in ASCII and 8 characters or more in length.
The SSID is "D-Link_of_Evil" (think, "Daughter of Evil"), while the password is "akunomonogatari" ("Story of Evil").
config wlan
# [cfig-wlan]$
mbssid vap 0 ssid D-Link_of_Evil authentication 1
mbssid hidden vap 0
mbssid enable vap 0
security vap0 wpa2-aes-psk passphase akunomonogatari
Use the same configurations as the **Root AP, effectively creating an ESS.
Let's assume the root AP's SSID is "D-Link" and its passphrase is "12345678".
config wlan
# [cfig-wlan]$
mbssid vap 2 ssid D-Link authentication 1
mbssid broadcast vap 2
mbssid enable vap 2
security vap2 wpa2-aes-psk passphase 12345678
Change the SSID, use a random passphrase, and stop broadcasting the SSID. (You can do it using either the web interface or Telnet.)
Now that I think about it, this whole thing can be simplified if I used the Root AP as the "Dark (V)AP" and only one virtual AP: "Light VAP".
What? See Expect - Wikipedia
-
Expect
- http://sourceforge.net/projects/expect/
- http://expect.sourceforge.net redirects to https://core.tcl-lang.org/expect/index
apt show expect
reports that they provide version 5.45.4-1
-
SExpect
- "Expect for Shells (sh, bash, zsh, ksh, ...)"
- https://github.com/clarkwang/sexpect
-
Empty
- "Empty is a simple shell-friendly variant of "expect" tool"
- http://empty.sourceforge.net
- https://github.com/ierton/empty
-
Apache Commons Net - Telnet package
-
npm:telnet-client
- https://github.com/mkozjak/node-telnet-client
- NOTE: Promise-based API, 275 stars, 75 forks, last commit 2020-11
-
React Native library?
-
Android-specified library?
-
If we were connected via ethernet, we could simply turn off the WLAN, but we are actually connected via WiFi.
-
Since changing WLAN settings restarts the WLAN interface, we try to keep it to the minimum.
-
Automatically/periodically execute the script as a
cron
job:
*/30 * * * * /home/djalil/shall-not-despair/disappear-dlink.sh
# telnet (D-Link DSL-125)
# Turn off the wifi
# WARNING: There's no button on the router to turn it back on. To undo this,
# I had to connect my laptop to the router using an ethernet cable.
config wlan basic disable
# Turn on the wifi
config wlan basic enable