"The Predator" - Wireless Beast.
Posted on 1:25 PM by \\Camwi_003.exe*64
Picture this: You find yourself sitting in a hotel room that does not offer internet... As you look out the window, you spot that the three hotels & a Starbucks across the street advertising "Free Wireless Internet" -- if only you had known this when you booked! You fire up your wireless card, but the signal just is to weak to keep a consistent connection. What are you going to do?
Enter “The Predator”.
The predator is a modified wireless router connected to a high-powered antenna and running custom firmware to actively seek out open wireless connections. Once they are found, it will test them for internet connectivity and then join and repeat the one with the strongest signal to secured wireless connection that YOU control.
Materials Needed:
- (1) Buffalo WHR-HP-G54
(or other DD-WRT compatible Router with upgradeable SMA Male Reverse antenna) - (1) HyperLink 2.4GHz 14.5 Yagi Antenna with N-Female Connection.
*Note: If you plan on using this antenna ONLY for a “predator” order it with an Reverse Polarity SMA Plug. - (1) Reverse Polarity SMA Male to Male N-type adapter.
*Note: The use of adapters lowers the effective range of the antenna, however I preferred to order my antenna with a standard connector for re-use in the future. - (1) Sears’s Ultra-Cheap camera tripod
- Misc screws & Velcro mounting strips
Step 1 : Preparation
Create an “Working Directory” on your Workstation where you can store all required files. Windows users, I would suggest you make c:\predator and OSX/Linux users I would suggest ~/predator.
Windows users in a DOS prompt type:
cd\
mkdir predator
OSX/Linux users in a command terminal type:
cd ~
mkdir predator
Then download the “AutoAP” firmware into this directory. I-Hacked members can download this firmware directly from this link, others will need to download from Sourceforge. Once downloaded you should now have a file:
dd-wrt.V24_AAP-0130-generic.bin
Next, plug in your WHR-HP-G54 and connect your PC to it via a Cat5 network cable. It is important that you are directly connected and do not ever attempt to flash your router via a wireless connection.
If your WHR-HP-G54 is brand-new (or unmodified) its ip address will be 192.168.1.11. Verify that you can ping (or hit the web interface @ http://192.168.11.1) this address before moving to step two.
If your router has been modified it might have a different IP address, and I would suggest restoring it to its factory default settings before moving forward. To reset press the red INIT button on the bottom of the router for 15 seconds. Do not let go of the INIT button until the red DIAG lights up or flashes. The restore process can take up to two minutes.
Step 2 : TFTP Flash upgrading the firmware
On the computer that is directly connected to the router, open two command windows.
In the first command window, ping the router permanently
ping –t 192.168.11.1
(OSX/Linux hosts do not need the -t parameter)
and you should see if it responding, e.g. like this (notice the ttl=64)
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=2.90 ms
64 bytes from 192.168.11.1: icmp_seq=2 ttl=64 time=0.264 ms
64 bytes from 192.168.11.1: icmp_seq=3 ttl=64 time=1.44 ms
Now in the second command window, change directories to where you saved the AutoAP firmware. (cd\predator or cd ~/predator) Type out the following command, but DO NOT HIT ENTER:
tftp -i 192.168.11.1 put dd-wrt.V24_AAP-0130-generic.bin
Now, we need to put the router into tftp update ready mode by rebooting the router. When power is first applied to the router, it enters a debug mode where it will accept tftp upgrades. Pull and re-insert the power, and watch for it to enter the debug mode. In the ping window, you will see the ping response will stop momentarily, and then finally restart like this: (notice the ttl=128)
From 192.168.11.1 icmp_seq=1 Destination Host Unreachable
From 192.168.11.1 icmp_seq=2 Destination Host Unreachable
64 bytes from 192.168.11.1: icmp_seq=3 ttl=128 time=2.90 ms
64 bytes from 192.168.1.11: icmp_seq=4 ttl=128 time=3.50 ms
64 bytes from 192.168.11.1: icmp_seq=5 ttl=128 time=0.90 ms
Once it comes back, check to insure the TTL has changed to 128. If it is responding to your pings with 128 TTLs, the router is ready for the TFTP upgrade. Finally press enter on the command you typed out in the TFTP window. You may have to try it a couple times to get the timing down correctly. If the router does not come back with ttl=128 you may have to reset the device using the reset button.
When the upload is successful WAIT AT LEAST THREE MINUTES. (BE PATIENT! DON’T RESET THE ROUTER!) Seriously, go grab a beer or something -- let it set for awhile, the device needs to install the new custom firmware.
After the three minutes have passed, unplug and replug-in your router. The router will now be running a custom version of DD-WRT with AutoAP installed and responding at the IP address 192.168.1.1 (you may have to renew your ip address first to be in the 192.168.1.x subnet)
Step 3 : Configure the predator
Connect to the web-interface by opening your browser and going to http://192.168.1.1 and login with:
username: root
password: admin
Once the router returns, log in. We now need to enable "Universal Wireless Repeater Mode"
- Change Router Name to WPRED (or whatever you want to call it)
- Change Host Name to WPRED (or whatever you want to call it)
- Change "local IP address" to a unique subnet (different than device you wish to repeat), such as 192.168.69.1.
- Click SAVE. This should reboot the router. (if not, reboot it)
Point your browser to the new IP address (http://192.168.69.1) you chose in the previous step. (you may need to change/renew ip address) Login and go to tab "Security", sub-tab "Firewall": Uncheck all check boxes and THEN set Firewall to "disable". Save settings.
Next add a Virtual Interface, this will be the Wireless SSID that YOU will connect to. (bridged to the open access points)
- Set SSID to: IHPred (your choice)
*Note: The SSID with "predator" in its name seems to make neighbors with kids understandably uncomfortable, I would not suggest doing that. - Check SSID Broadcast (your choice)
- AP Isolation - Disabled
- Network Configuration (Bridged)
- Check "Enable AutoAP"
- Log type to your preference (html output) *See note below
- Scan Frequency to 60
- Max APs to Track to 10
- DHCP Renew Timeout to 15
- Find Open APs to Enable
- Internet Checking to Enable
- URL to check to www.google.com
- Enable WEP Checking to Enable (if you have WEP encrypted APs you want it to join)
- Add any WEP keys you have
- Add any BSSID or MAC addresses you do NOT want the AP to associate with
- Click SAVE.
Reboot your router. Wait for about 1 minute. At this point the router should be fully configured to be running in "Predator" mode. However before you start assembling it, take a few minutes to verify everything.
In one of your command windows, type:
telnet 192.168.69.1
(or whatever you set the IP address to)
Login using root/admin and type:
ps | grep autoap
/bin/autoap &
Make sure you hit the "Save Startup" button. (and not the "Save" button) Reboot the router, wait 1 minute and repeat the telnet "verification" step. Once you can verify that autoap is running on startup, you can unplug the router and move to the final step.
The Final Step is quite a big one and I will post it later.