A Shell script to enable and disable the Wi-Fi / Virtual Access Points via Telnet

2020-12_01_disappear-dlink.md

Disappear // D-Link

disappear-dlink.sh

Story

For whatever reasons, I am required to turn off the router / the Wi-Fi in the nighttime (past 10PM) and turn it back on in the daytime (say, after 6AM).

So, I thought to myself:

• I don't wanna turn it off.

• I wanna automate this thing.

• I wanna try to employ some concepts/protocols we learned about in the Network Administration class in college and stuff (Telnet, SNMP, MBSSID, etc.).

• The Wi-Fi is supposed to be turned off, but the actual objective of this "policy" is to disallow other users from using it during the night, so all I need to do is make it seem like I have actually did it.

• I'll just make the D-Link Wi-Fi disappear... that's what disappear-dlink.sh does.

Idea

• Create a Virtual Access Point with the same configurations as the original/Root AP (same SSID and password). This is the Light VAP.

• Make the Root AP inaccessible (rename and hide it and change its password).

• Create a Virtual Access Point for my own use and make it invisible. This is the Dark VAP. (Although, we could've just used the Root AP as the Dark VAP.)

• If it's the nighttime, disable the Light VAP, leaving only the Dark (V)AP.

• If it's the daytime, enable the Light VAP to let others connect.

Previously connected devices will just start using the newly created Light VAP instead of the original AP as though they both were part of an Extended Service Set.

Router Info

Router: D-Link DSL-125 / Firmware Version: V01.00.01

• It supports the Telnet and SNMP protocols.
• It supports MBSSID (4 virtual APs, to be exact).

AP#show version

Application Version:     V01.00.01  Build Date:   Dec 22 2017 11:37:04
SDK Version:            SDK V1.2.1  Build Date:                       
Hardware Version:          I1-4/16  MAC Address:     18:0F:76[WHATEVER]
SysUpTime:               0 9:35:29  Serial Number:           [WHATEVER]
ManufacturerOUI:            180F76  Manufacturer:                DLINK
ModelName:                 DSL-125  Description:               DSL-125
ProductClass:                DLINK
Flash Memory:                   4M  HW Flash Memory:                4M
RAM Memory:                    16M

Setup

Setup VAPs (Virtual Access Points) and then the "root AP".

• Note: In config wlan mbssid: broadcast = set visible, hidden set invisible.
  Example: <broadcast|hidden> vap 0

Choosing an SSID

I wanted to set the Dark VAP's SSID to "D-Link of Evil" (D is for "Daughter of Evil"), but had to change it to "D-Link_of_Evil" because D-Link disallows spaces in SSIDs.

An except from the web client:

// [...]
if (includeSpace(document.WlanMBSSID.ssid_v0.value))
{
    alert('Invalid SSID.');
    document.WlanMBSSID.ssid_v0.focus();
    return false;
}
// [...]

Choosing a Password

D-Link complains that "悪ノ物語//悪ノ娘" (lit. "Story of Evil//Daughter of Evil") contains illegal characters.

Ended up going with "akunomonogatari" (lit. "storyofevil").

Also, "Aku no Monogatari" written in kanji should be more than 8 "bytes," but the web interface complains that it does not meet the "minimum requirement of 8 characters".

var evilPassphrase = "悪ノ物語";
evilPassphrase.length === 4; // true, 4 characters
new Blob([ evilPassphrase ]).size === 12; // true, 12 bytes

This is the function used to validate the password on the web interface:

function isValidWPAPasswd(str)
{
  var patrn = /^[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~]{1}[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~\x20]{6,61}[a-zA-Z0-9!#$%&\'()*+,-./:;=?@[\\^_`{|}~]{1}$/;
  if (!patrn.exec(str))
    return false;

  if(str.indexOf("  ") != -1)
    return false;

  if(document.formEncrypt.pskValue.value.indexOf("  ", 0) != -1)
    return false;

  return true;
}

According to an (and the the only) answer to "Can a WPA key be shorter than 8 characters?" | Server Fault, it seems like the passphrase has to be in ASCII and 8 characters or more in length.

Setup Dark VAP

The SSID is "D-Link_of_Evil" (think, "Daughter of Evil"), while the password is "akunomonogatari" ("Story of Evil").

config wlan
# [cfig-wlan]$
mbssid vap 0 ssid D-Link_of_Evil authentication 1
mbssid hidden vap 0
mbssid enable vap 0

security vap0 wpa2-aes-psk passphase akunomonogatari

Setup Light VAP

Use the same configurations as the **Root AP, effectively creating an ESS.

Let's assume the root AP's SSID is "D-Link" and its passphrase is "12345678".

config wlan
# [cfig-wlan]$
mbssid vap 2 ssid D-Link authentication 1
mbssid broadcast vap 2
mbssid enable vap 2

security vap2 wpa2-aes-psk passphase 12345678

Setup Root AP

Change the SSID, use a random passphrase, and stop broadcasting the SSID. (You can do it using either the web interface or Telnet.)

Now that I think about it, this whole thing can be simplified if I used the Root AP as the "Dark (V)AP" and only one virtual AP: "Light VAP".

Alternative: Using 'Expect' implementations

What? See Expect - Wikipedia

• Expect

  • http://sourceforge.net/projects/expect/
  • http://expect.sourceforge.net redirects to https://core.tcl-lang.org/expect/index
  • apt show expect reports that they provide version 5.45.4-1

• SExpect

  • "Expect for Shells (sh, bash, zsh, ksh, ...)"
  • https://github.com/clarkwang/sexpect

• Empty

  • "Empty is a simple shell-friendly variant of "expect" tool"
  • http://empty.sourceforge.net
  • https://github.com/ierton/empty

Alternative: Using Telnet client APIs

• Apache Commons Net - Telnet package

  • https://commons.apache.org/proper/commons-net/apidocs/org/apache/commons/net/telnet/package-summary.html
  • https://www.codota.com/code/java/packages/org.apache.commons.net.telnet

• npm:telnet-client

  • https://github.com/mkozjak/node-telnet-client
  • NOTE: Promise-based API, 275 stars, 75 forks, last commit 2020-11

• React Native library?

• Android-specified library?

Misc.

• If we were connected via ethernet, we could simply turn off the WLAN, but we are actually connected via WiFi.

• Since changing WLAN settings restarts the WLAN interface, we try to keep it to the minimum.

• Automatically/periodically execute the script as a cron job:

*/30 * * * * /home/djalil/shall-not-despair/disappear-dlink.sh

---

# telnet (D-Link DSL-125)

# Turn off the wifi
# WARNING: There's no button on the router to turn it back on. To undo this,
#          I had to connect my laptop to the router using an ethernet cable.
config wlan basic disable

# Turn on the wifi
config wlan basic enable

disappear-dlink.sh

#!/bin/sh
###
## @file disappear-dlink.sh
## @author Abdeldjalil Hebal
## @date 2020-12-01
## @license WTFPL
##
## For the "what" and "why", see `2020-12-01_disappear-dlink.md`
## - Written in POSIX Shell (read: not using Bash-specific features).
## - Linted with https://www.shellcheck.net
##
## NOTES:
## NOTE 1: About  `2> /dev/null`
## To hide the "Connection closed by foreign host." so-called error.
## Errors such as executing a wrong command or attempting to login with a wrong username/password
## combination are still outputted to the stdout. For example:
##   - "cmd "nosuchcommandlol" error, expecting: [...]"
##   - "Bad username/Password"
## `telnet 192.168.1.1 2> /dev/null`
##
## NOTE 2: "This script is not DRY enough!"
## I know that `d_go_probe`, `d_go_dark`, and `d_go_light` share a lot in common and can be refactored,
## but there's no need to overcomplicate it now.
###

PROJECT_ID="disappear-dlink"
PROJECT_VERSION="2020-12-01"
PROJECT_NAME="Disappear // Dlink"

# D-Link Router login credentials
D_ROUTER_ADDRESS="192.168.1.1"
D_ROUTER_USER="admin"
D_ROUTER_PASS="obviouslynotadmin"

# The pre-configured VAPs
DARK_VAP_INDEX="0"
LIGHT_VAP_INDEX="1"

###
## Is it daytime?
##
## NOTE: I used `exit` instead of `return` to keep the script consistent:
##       The other "functions" run in subshells, no need to make this any different.
##
## @returns {boolean} true (0) if it is considered "daytime"; false (1) if it's "nighttime".
###
d_is_daytime() {
  # Current time (as in HH:MM, 24-hour format)
  _hh=$(date +"%H")
  #_mm=$(date +"%M")
  echo "HOUR: $_hh"
  # Light mode should be enabled between 6 AM and 10 PM.
  # Hour: [06; 22[
  if [ "$_hh" -ge 6 ] && [ "$_hh" -lt 22 ]; then
    exit 0
  else
    exit 1
  fi
}

###
## To ensure telnet has finished processing the command.
## @returns {void}
###
d_sleep() {
  sleep 3
}

d_send() {
  d_input="$1"
  # "In POSIX sh, echo flags are undefined." https://github.com/koalaman/shellcheck/wiki/SC3037
  #echo -ne "$d_input\r"
  printf "$d_input\r"
  d_sleep
}

d_login() {
  d_sleep
  d_send "$D_ROUTER_USER"
  d_send "$D_ROUTER_PASS"
}

###
## Get the SNMP record of the specified VAP (Virtual Access Point).
##
## @param {number} $1 VAP index
## @returns {string} contents of the SNMP record in addition to telnet junk
###
d_go_probe() {
  vap_index="$1"

  (
    d_login
    d_send "sh"
    d_send "show wlan-vap$vap_index config"
  ) | telnet "$D_ROUTER_ADDRESS" 2> /dev/null

}

###
## Is the VAP enabled?
##
## @param {number} $1 VAP index
## @returns {string} 'YES', 'NO', 'ERROR...'
###
d_is_enabled() {
  vap_index="$1"

  WLAN_DISABLED_LINE_REGEX='WLAN DISABLED:\s*[01]'
  WLAN_DISABLED_LINE_FALSE_REGEX='WLAN DISABLED:\s*0'

  d_probe_output=$(d_go_probe "$vap_index")
  d_wlan_disabled_line=$(echo "$d_probe_output" | grep "$WLAN_DISABLED_LINE_REGEX")

  # If nothing matched WLAN_DISABLED_LINE_REGEX, something went wrong!
  if [ -z "$d_wlan_disabled_line" ]; then
    echo "ERROR:\n$d_probe_output"
  # Is it enabled? (More like: "Is it not disabled?")
  elif (echo "$d_wlan_disabled_line" | grep "$WLAN_DISABLED_LINE_FALSE_REGEX" > /dev/null); then
    echo "YES"
  # Is it enabled?
  else
    echo "NO"
  fi

}

###
## Activate the "Dark" mode.
## "Turn off" the wi-fi by disabling the visible "Light" VAP.
###
d_go_dark() {
  echo "Activating Dark mode..."
  
  (
    d_login
    # First, ensure that our "Dark" VAP is enabled!
    #d_send "config wlan mbssid enable vap $DARK_VAP_INDEX"
    # Disable the "light" (virtual) access point.
    d_send "config wlan mbssid disable vap $LIGHT_VAP_INDEX"
  ) | telnet "$D_ROUTER_ADDRESS" 2> /dev/null

}

###
## Activate the "Light" mode.
## "Turn the wi-fi back on" by re-enabling the visibe "Light" VAP.
###
d_go_light() {
  echo "Activating Light mode..."
  
  (
    d_login
    d_send "config wlan mbssid enable vap $LIGHT_VAP_INDEX"
  ) | telnet "$D_ROUTER_ADDRESS" 2> /dev/null

}

main() {
  #echo
  #echo "$PROJECT_NAME"
  echo "$PROJECT_ID v$PROJECT_VERSION"
  echo
  
  dark_vap_enabled=$(d_is_enabled "$DARK_VAP_INDEX")
  light_vap_enabled=$(d_is_enabled "$LIGHT_VAP_INDEX")

  echo "Is 'Dark VAP' enabled? $dark_vap_enabled"
  echo "Is 'Light VAP' enabled? $light_vap_enabled"

  # Since I'm only connected to the router using wi-fi, at least the Dark VAP should be enabled
  # If my computer were connected via ethernet, this would not be required.
  if [ "$dark_vap_enabled" != "YES" ]; then
    echo "'Dark VAP' MUST be enabled"
    exit 1
  fi

  if (d_is_daytime); then
    echo "MODE: Light"
    test "$light_vap_enabled" = "YES" || d_go_light
  else 
    echo "MODE: Dark"
    test "$light_vap_enabled" = "NO"  || d_go_dark
  fi
}

main;