I don’t like smart-phones at all. I do not like how people use them in bars and restaurants. I also don’t like that the phone is always online. Especially not since all kinds of “apps” and background processes are constant leaking information about me. Call me a fool, but I’m worried about my privacy. Since my friends nowadays refuse to send me SMS (they solely rely on WhatsApp) I was getting socially isolated (showing up at canceled events and so on). That is why I recently gave up my stubbornness and decided to buy a smartphone as well. Still everyday I am wondering what (and how) my smartphone is communicating over the Internet. To get an answer to this question I decided to investigate this.
Parts
I had the above Sitecom (WL-113) USB wifi dongle laying around that could serve as an access point for my phone so that I could peek into the communication on my PC using the excellent open source Wireshark software. This is a diagram of the infrastructure:
I am running Xubuntu 14.04 and I connected my USB dongle.
Preparation
First I ran “lsusb” to confirm the adapter was identified.
maurits@nuc:~$ lsusb ... Bus 002 Device 024: ID 0df6:9071 Sitecom Europe B.V. WL-113 rev 1 Wireless Network USB Adapter
And yes it was. Great! Now to see what the system says about it when I connected it. Running “dmesg” showed me the driver that was loaded:
maurits@nuc:~$ dmesg ... [20068.576242] usb 2-1.4: new high-speed USB device number 24 using ehci-pci [20068.669492] usb 2-1.4: New USB device found, idVendor=0df6, idProduct=9071 [20068.669498] usb 2-1.4: New USB device strings: Mfr=16, Product=32, SerialNumber=0 [20068.669501] usb 2-1.4: Product: USB2.0 WLAN [20068.669504] usb 2-1.4: Manufacturer: Sitecom [20068.744236] usb 2-1.4: reset high-speed USB device number 24 using ehci-pci [20068.837283] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [20068.837521] zd1211rw 2-1.4:1.0: phy12 [20068.855382] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
To see whether the adapter was really there I ran “ifconfig -a” and yes it was and it was named “wlan0”:
maurits@nuc:~$ ifconfig -a
...
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:5387 errors:0 dropped:0 overruns:0 frame:0
TX packets:5387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:634228 (634.2 KB) TX bytes:634228 (634.2 KB)
wlan0 Link encap:Ethernet HWaddr 00:00:de:ad:be:ef
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
I did get a little curious of what the dongle would look like on the inside, so I Googled for “zydas wl-113”. I found the following image on Wireless-Forum.ch:
I also found a guy who had a Sitecom WL-113 with a chip inside (probably not a “rev 1” model). But I am pretty sure mine has a ZyDAS 1211 as in the above picture (but I did not open it up). Before we can do “nice” things with it we need to see whether it supports “master mode“. This means that the dongle goes into a mode in which it behaves as an access point. Ubuntu has a tool called “iw” (install it with “sudo apt-get install iw”) that allows you to list the supported modes (amongst many other things) like this:
maurits@nuc:~$ iw list
Wiphy phy12
...
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
Bingo! Our dongle supports “AP” mode (many devices do not). You may want to try to put the adapter in master mode with the following command:
maurits@nuc:~$ iwconfig wlan0 mode master
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Operation not permitted.
But that fails. After reading the web a little I found that this does not mean that the dongle does not support it.
Installing “hostapd” the host access point daemon
You just need to install “hostapd” program using “sudo apt-get install hostapd”. Before you can start the hostapd application you need to take a few steps. First I had to create the “/etc/hostapd/hostapd.conf” file with the following contents:
interface=wlan0 bridge=br0 driver=nl80211 ssid=MyNetwork hw_mode=g channel=7 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=YourPassPhrase wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Now edit the file “/etc/default/hostapd” and uncomment the “DAEMON_CONF” line and make it:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
If we want the PC to temporarily act like a router we need to enable IPv4 forwarding:
sudo sysctl -w net.ipv4.ip_forward=1
Now you can start the “hostapd” access point software with:
sudo hostapd /etc/hostapd/hostapd.conf
If all goes well it should show:
maurits@nuc:~$ sudo hostapd /etc/hostapd/hostapd.conf Configuration file: /etc/hostapd/hostapd.conf Using interface wlan0 with hwaddr 00:00:de:ad:be:ef and ssid "MyNetwork" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED
If it does not work you may want to run the following:
sudo nmcli nm wifi off sudo rfkill unblock wlan
This is because network manager has detected the wlan interface and grabbed it. If you need debug output you may run:
sudo hostapd -d /etc/hostapd/hostapd.conf
If you need even more debug output you may run:
sudo hostapd -dd /etc/hostapd/hostapd.conf
If this fails with the following message:
hostapd_free_hapd_data: Interface wlan0 wasn't started
Then execute:
sudo service hostapd stop
If it says it started (using “sudo hostapd”), but you actually don’t see the Wifi network on your smartphone then reconnecting the dongle and starting all over again may help. Note that the “hostapd” service will automatically be started on next boot.
Bridging to get Internet access
Now you may want to configure a bridge between eth0 (your Internet connection) and wlan0 (your dongle access point). First we remove the IP address from eth0 using. Then we add eth0 to bridge br0 (which already contains wlan0). After that we bring the bridge up, let it do DHCP and which also adds a default route to the gateway using:
sudo ifconfig eth0 inet 0.0.0.0 sudo brctl addif br0 eth0 sudo ifconfig br0 up sudo dhclient br0
Now you should still be able to surf the Internet while you also have a software access point running on your computer. If you want to undo the bridge configuration you may run:
sudo ifconfig br0 down sudo brctl delif br0 wlan0 sudo brctl delif br0 eth0 sudo ifconfig br0 down sudo dhclient eth0
Permanent configuration (persist on reboot)
The IPv4 forwarding setting can be made permanent by uncommenting the following line in “/etc/sysctl.conf”:
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
If you want to make the bridge configuration permanent you can add the following to “/etc/network/interfaces”:
manual wlan0
manual eth0
auto br0
iface br0 inet dhcp
bridge_ports eth0
Note that this wont work since the network manager will still grab the wlan0 and execute “rfkill”. To avoid this you can turn off the network manager completely (and permanently) with:
sudo service network-manager stop echo "manual" | sudo tee /etc/init/network-manager.override
To re-enable the network manager simply do the opposite:
sudo rm /etc/init/network-manager.override sudo service network-manager start
Capturing with Wifi with Wireshark
Now we can start Wireshark on the wlan0 interface using:
sudo wireshark wlan0
And we get nice output:
Using this tool I can record and analyze the communication of the apps I installed on my smartphone.
Links/sources
Figuring all the above out was not possible without the following websites:
- http://cberner.com/2013/02/03/using-hostapd-on-ubuntu-to-create-a-wifi-access-point/
- http://superuser.com/questions/520172/wired-to-wireless-bridge-in-linux
- http://superuser.com/questions/715913/configuring-wifi-access-point-on-laptop-with-hostapd
- https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1289047
- https://wiki.archlinux.org/index.php/Software_Access_Point
- http://wireless.kernel.org/en/users/Documentation/hostapd?action=show&redirect=RTFM-AP
- http://www.cyberciti.biz/faq/debian-ubuntu-linux-setting-wireless-access-point/
- https://help.ubuntu.com/community/NetworkConnectionBridge
- http://xmodulo.com/disable-network-manager-linux.html
This is much much easier on Windows when you use Ad-Hoc networking (and Wireshark). For instructions look at: http://lifehacker.com/5369381/turn-your-windows-7-pc-into-a-wireless-hotspot
@Jonathan: Thank you for your comment. Nice find! Very useful if you use Windows and say.. an iPhone..
Ubuntu can create Ad-Hoc networking easily Network Indicator > Create New Wi-Fi Network… It should be available on xubuntu too.
@Yujin: Thank you, great comment! You are right, it is probably not needed to make a “real” (Infra) wireless access point… But beware as I learned that some smart phones refuse to connect to Ad-hoc networks. See:
http://askubuntu.com/questions/149784/ad-hoc-network-hot-spot-created-in-ubuntu-is-not-detected-by-android-phone
You can let your phone connect to your router wifi and still be able to capture traffic via the usb dongle as long as it supports monitor mode.
In wireshark config, you need to set the WPA passphrase so that wireshark can decrypt the wifi packet.
http://www.lovemytool.com/blog/2010/05/wireshark-and-tshark-decrypt-sample-capture-file-by-joke-snelders.html
The end result is the same than using your hostapd setup. May be easier to setup.
Also look at the excellent script create_ap https://github.com/oblique/create_ap that will automate all the setup you describe in one command
@solstice: Thank you for your “monitor mode” comment. It sounds like a simpler method, but I have one concern: could it not miss some packets if the signal is not strong or nearby enough? There are no resends, or am I wrong? And thank you for the link to the “create_ap” script, that may help some people!