Connecting an Android phone to TCD's WiFi network?

partyatmygaff

I've read that ISS restrict access to the WiFi network to prevent smartphones and tablets from connecting. I'm sure there's a way to get around the restriction though. Does anyone know how exactly they restrict access?

According to that guide they have posted online to get local access you need to authenticate with 802.1x and PEAP which Android supports. The problem appears to be with that security test you have to run to get access to TCDconnect and the Internet. I'd imagine that all that passing that test does is add your laptop's MAC address to a whitelist of some sort.

Assuming all of that's true, would I be right in saying that all I need to do is:

1. Connect to TCDwifi as normal on my phone
2. Connect to TCDwifi on my laptop, pass the security test and get access to the internet.
3. Spoof my phone's MAC to match my laptop's and login to TCD connect on my phone?


Seems like an awful lot of work to do something so simple but having WiFi access on my phone instead of relying on 3G all day is worth the hassle.

I love Joan Burton

partyatmygaff wrote: »

I've read that ISS restrict access to the WiFi network to prevent smartphones and tablets from connecting. I'm sure there's a way to get around the restriction though. Does anyone know how exactly they restrict access?

According to that guide they have posted online to get local access you need to authenticate with 802.1x and PEAP which Android supports. The problem appears to be with that security test you have to run to get access to TCDconnect and the Internet. I'd imagine that all that passing that test does is add your laptop's MAC address to a whitelist of some sort.

Assuming all of that's true, would I be right in saying that all I need to do is:

1. Connect to TCDwifi as normal on my phone
2. Connect to TCDwifi on my laptop, pass the security test and get access to the internet.
3. Spoof my phone's MAC to match my laptop's and login to TCD connect on my phone?


Seems like an awful lot of work to do something so simple but having WiFi access on my phone instead of relying on 3G all day is worth the hassle.

Is it worth getting caught and barred from the network altogether? Best left alone i think

blubloblu

Do they actually give a reason why they have this policy in place?

partyatmygaff

blubloblu wrote: »

Do they actually give a reason why they have this policy in place?

I'd imagine it's because of that security test you have to run to get internet access.

That and the headache of hundreds of people asking them to help connect their phones as well as their laptops probably.

andrew

partyatmygaff wrote: »

I've read that ISS restrict access to the WiFi network to prevent smartphones and tablets from connecting. I'm sure there's a way to get around the restriction though. Does anyone know how exactly they restrict access?

According to that guide they have posted online to get local access you need to authenticate with 802.1x and PEAP which Android supports. The problem appears to be with that security test you have to run to get access to TCDconnect and the Internet. I'd imagine that all that passing that test does is add your laptop's MAC address to a whitelist of some sort.

Assuming all of that's true, would I be right in saying that all I need to do is:

1. Connect to TCDwifi as normal on my phone
2. Connect to TCDwifi on my laptop, pass the security test and get access to the internet.
3. Spoof my phone's MAC to match my laptop's and login to TCD connect on my phone?


Seems like an awful lot of work to do something so simple but having WiFi access on my phone instead of relying on 3G all day is worth the hassle.

Yep, thats what I've been planning on doing next year anyway.

I love Joan Burton wrote: »

Is it worth getting caught and barred from the network altogether? Best left alone i think

How could one get caught? And is a complete barring from the network an inevitable consequence of being caught?

partyatmygaff

andrew wrote: »

Yep, thats what I've been planning on doing next year anyway.

So it's just a matter of connecting with 802.1x/PEAP and then going ahead with the security pass/MAC spoof?

How could one get caught? And is a complete barring from the network an inevitable consequence of being caught?

The chances of getting caught are slim to none. There's few (If any) ways of detecting a spoofed MAC address. All the people managing the network will see is a laptop which passed their security test running on their network.

The only way you could get caught is if they actually intercepted a few packets from your connection and analysed them and then somehow found a way to differentiate between Android and Linux. That's difficult enough as it is without taking in to account the fact ISS won't notice anything odd about your connection that would prompt them to intercept any packets. All they'll see is a Linux laptop in the middle of a few hundred other clients.


So in short the chance of being caught is none.

ED E

You do realise the spoofed mac is fake but still registered in your name right....

partyatmygaff

Lethal_Bullet wrote: »

You do realise the spoofed mac is fake but still registered in your name right....

There's nothing fake about it. I'll be using my laptop's actual MAC address.

andrew

partyatmygaff wrote: »

There's nothing fake about it. I'll be using my laptop's actual MAC address.

I presume this means that you couldn't connect your phone and Laptop to the network at the same time, right? Or perhaps you could connect, but it might be noticeable if two machines with the same MAC are connected at the same time?

Squeeonline

For what is supposedly the best university in the country, it is an awfully bad way of dealing with student internet access. I bet they only support windows (and at a push, OSX)

partyatmygaff

I've just got an excellent idea. Most phones that are based on Linux (Android/WebOS/Meego) can run an ARM build of Ubuntu using chroot. With any luck, the security test application may run and pass on Ubuntu ARM which will make MAC spoofing unnecessary. I'm almost sure this method will work, I just need to wait until Monday to test it out.

Jonathan

partyatmygaff wrote: »

The chances of getting caught are slim to none. There's few (If any) ways of detecting a spoofed MAC address. All the people managing the network will see is a laptop which passed their security test running on their network.

It is trivial to select all MAC addresses from a database where a MAC address matches a certain OUI. Spoofing your laptop's MAC address on your phone permanently seems a bit silly just to access TCD wifi.


EDIT: This thread has also been discussed at length before. This post in particular.

Krolchatka

partyatmygaff wrote: »

I've just got an excellent idea. Most phones that are based on Linux (Android/WebOS/Meego) can run an ARM build of Ubuntu using chroot. With any luck, the security test application may run and pass on Ubuntu ARM which will make MAC spoofing unnecessary. I'm almost sure this method will work, I just need to wait until Monday to test it out.

Most phone's bootloaders are locked, and hardware they use is extreemly properitary. Drivers for touchscreens/wifi modules/gsm antenas and most other hardware on your phone won't be included in standart ubuntu ARM (or even Debian! (shock!)) kernel. Heck, it wont be even around as properitary blob. You'll have to crack open the original firmware on your phone and extract the drivers yourself.Or write them yourself. Than you'll have to adapt UI to tiny screens that phones have. Plus on number of android phones bootloaders are not yet cracked and hence its impossible to run a custom android firmware, nevermind a compleetly different system (android=/= your average desktop linux).

Jonathan

Krolchatka wrote: »

Most phone's bootloaders are locked, and hardware they use is extreemly properitary. Drivers for touchscreens/wifi modules/gsm antenas and most other hardware on your phone won't be included in standart ubuntu ARM (or even Debian! (shock!)) kernel. Heck, it wont be even around as properitary blob. You'll have to crack open the original firmware on your phone and extract the drivers yourself.Or write them yourself. Than you'll have to adapt UI to tiny screens that phones have. Plus on number of android phones bootloaders are not yet cracked and hence its impossible to run a custom android firmware, nevermind a compleetly different system (android=/= your average desktop linux).

A chroot runs on native hardware inside the existing operating system. Nothing to do with the bootloader.

partyatmygaff

Krolchatka wrote: »

partyatmygaff wrote: »

I've just got an excellent idea. Most phones that are based on Linux (Android/WebOS/Meego) can run an ARM build of Ubuntu using chroot. With any luck, the security test application may run and pass on Ubuntu ARM which will make MAC spoofing unnecessary. I'm almost sure this method will work, I just need to wait until Monday to test it out.

Most phone's bootloaders are locked, and hardware they use is extreemly properitary. Drivers for touchscreens/wifi modules/gsm antenas and most other hardware on your phone won't be included in standart ubuntu ARM (or even Debian! (shock!)) kernel. Heck, it wont be even around as properitary blob. You'll have to crack open the original firmware on your phone and extract the drivers yourself.Or write them yourself. Than you'll have to adapt UI to tiny screens that phones have. Plus on number of android phones bootloaders are not yet cracked and hence its impossible to run a custom android firmware, nevermind a compleetly different system (android=/= your average desktop linux).

Hence why I'm using chroot to run Ubuntu.

Gae

Folks, the best way to do it is not to spoof your phone's mac address or do anything to the phone itself. Just find out what the phone's mac address is, spoof your laptop's mac address so it matches the phone, and then run the security software on the laptop. That will register the phone's mac address on the network. After that, put your laptop's mac address back the way it was, run the security again, and then you have your laptop's mac address registered as well.

ethernet

This is most frustrating.

They should just let TCD students use eduroam on campus for mobile devices but no, blocked for TCD students instead. Grrr!

andrew

Has anyone had any success with the MAC spoofing?

Also, I tried connecting with my phone and it told me that the phone's operating system wasn't valid. If the network authenticates based upon a list of approved OS's each time one logs in, then I doubt that MAC spoofing could work.

partyatmygaff

andrew wrote: »

Has anyone had any success with the MAC spoofing?

Also, I tried connecting with my phone and it told me that the phone's operating system wasn't valid. If the network authenticates based upon a list of approved OS's each time one logs in, then I doubt that MAC spoofing could work.

I haven't attempted it yet. Hardly any free time at all

I did manage to try the chroot method though. It worked perfectly well on my HP Touchpad. I didn't try it out on my phone yet though.

andrew

partyatmygaff wrote: »

I haven't attempted it yet. Hardly any free time at all

I did manage to try the chroot method though. It worked perfectly well on my HP Touchpad. I didn't try it out on my phone yet though.

Any chance you could explain the chroot method? Or post a link to a tutorial or something? I've got a touchpad and getting it online would be class.

partyatmygaff

andrew wrote: »

Any chance you could explain the chroot method? Or post a link to a tutorial or something? I've got a touchpad and getting it online would be class.

Very easy.

First things first, connect to TCDWifi using the Wireless settings. You'll need to manually add it. The network name is TCDwifi (Case sensitive I think) and the network type is Enterprise. Enter your username and password as normal for TCD and you'll be connected to TCD's WiFi.

Next step is the chroot. I could explain it myself but it's already here at WebOS internals. Once you've got the chroot up and running and you've got LXDE installed, you'll need to install Firefox as Chromium isn't supported for some reason on TCD's network.

To do that, open a terminal window in Ubuntu and use the command 'sudo apt-get install firefox' to install Firefox. Once that's done start Firefox and proceed to register yourself on the network as normal. That's all there is to it.

If you need any help or clarification, just reply to this post.

Mark200

andrew wrote: »

Has anyone had any success with the MAC spoofing?

Also, I tried connecting with my phone and it told me that the phone's operating system wasn't valid. If the network authenticates based upon a list of approved OS's each time one logs in, then I doubt that MAC spoofing could work.

It only checks the OS when registering. I did the whole spoof thing last year and it worked. Also - if you can change your phone's browser's user agent, change it to Linux and try then.

paulck1

Hi All,

It's very easy, a friend of mine just walked me through it and my phone's now connected.
1) Download the browser Dolphin onto your android phone.

2) go to Menu-More-Settings-user agent and select this as custom.

3) Change the custom user agent to 'Linux'

4) On your android phone go Settings-wireles and networks-wifi settings- and scroll down to the bottom of the page. Here click Add Wi-Fi Network

5)Type in TCDwifi as the name and security WPA Enterprise (or possibly 802.1x EAP)

6) Under identity give your username and under password give your password. Leave the other fields blank.

7) Once its connected (could take a while of connecting and reconnecting) boot up dolphin. It will think your a Linux computer. Just follow the on screen instructions and your done!!:)

Hope this helps and God bless!:)