Monday, February 24, 2014

Modifying coova chilli to allow anonymous users for a private hotspot using automatic MAC addresses

So I spent a lot of time looking for a way to allow anonymous users to a coova chilli hotspot. Anonymous in the sense that a user can just click a button and get 30 min Internet access without having to type a password and what not. It made complete sense to use the MAC address as the users ID, but this only worked if you entered the MAC already. And NO where did I find that you could accept any new MAC address as a new user. Eventually I learnt enough about coova chilli to do this myself. The trick is to change the function dologin in the haserl script /etc/chilli/www/ (use your password instead of XXXX) to

dologin() {
    res="$(echo "select username from radcheck where username ='$REMOTE_MAC';" | mysql -u root -pXXXX radius)"
    if [ "$res" = "" ]
        echo "insert into radcheck (username, attribute, op, value) values ('$REMOTE_MAC', 'Cleartext-Password', ':=', 'password');" | mysql -u root -pXXXX radius
        echo "insert into radusergroup (username, groupname) values ('$REMOTE_MAC', '30min');" | mysql -u root -pXXXX radius
#    url=$(chi_login_url "$FORM_username" "$FORM_password" "$FORM_userurl")
    url=$(chi_login_url "$REMOTE_MAC" "password" "$FORM_userurl")
    cat <<ENDHTML
<meta http-equiv="refresh" content="0;url=$url"/>
    wisprLoginResultsURL "$url" 

Once you have done this, every time a new device logs into your web page, the script will check if the MAC address exists or not. If not it will require any username. I changed my login page to just be a button and made the other fields hidden, like so edit /etc/chilli/www/login_form.tmpl :

  --  The login form

<div id="login-form">
<!--  <td>Usernamebb</td> -->
  <td><INPUT NAME="username" VALUE="user1" TYPE="hidden"></td>
<!--  <td>Password</td> -->
  <td><INPUT NAME="password" VALUE="password" TYPE="hidden" TYPE="password"></td>
  <td colspan="2" nowrap align="center">
    <input type="submit" name="button" value="Login & Accept Terms">

Wednesday, February 12, 2014

Hacking a hermes pro router to get a isdn line working

So I had an issue that a Hermes Pro/S+ router died. This is used by pharmacy software (more specifically Apotheken Software) to get order supplies from the supplier. Now of course when we asked the support company for some help, they immediately said that would be 1000 euros please. In fact they did not want to tell us the price. They just wanted to charge directly. And they did not offer any other options.

So instead i ordered a Hermes Pro/SH online from ebay. So it arrived. Cool! Then i found out that it did not have an IP written down. For anyone that may know, that means its not really easily configurable. The next way to do this was over the V24 port. This is a serial port and should connect easily to your PCs COM port. That's if u still have one:). Basically a Ethernet to 9 pin serial port cable is necessary. Now looking online, they did exist, but that meant ordering a cable and we did not really have the time for that. So a i decided to make my own. Just cut open a Ethernet cable and join it to 9 pin serial cable (USB adapter which i bought for my laptop).

So i did this following the standard that exists for Ethernet to 9 pin serial. Then i fired up putty to telnet into the router, but nothing:( my heart sank. So much time and still no solution. And the business needs this to run properly...  so i head home a bit unhappy. On the way i remember one point of data i got from the sales guy. That was that the Hermes router was built from an old Cisco router. So i start googling a Cisco V24 port router. I find a page detailing the mapping for Cisco. And what do u know, its not the same as the standard that i tried before! So i do some rewiring and fire up putty again. I have never been so happy to see a login screen! This was the result: