Freakquency

How to Increase Your Wi-Fi Signal

OK, this guy is dorky and the tin-foil hat/antenna he made is so ghetto BUT his thing on carrier waves and the CAT 5 wrapped cell phone - pure genius.

Labels: Geek, Hacking, WiFi

Hey, I was on TV!

So a long time ago, I was asked by my V.P. of Marketing at the time, Rich Mironov (One of the best Marketing guys I know, BTW), to assist our PR firm with a show they were putting together. Tactical to Practical on the History Channel. It is a show where in the first half hour they show the military doing something really cool and then, for the second half hour they show you how you, The average American, can do something similar with stuff you can pick up from Frys.

It was a fun shoot. I brought along a friend of mine, Jon Erikson, who wrote a fabulous book called the Art of Exploitation. One of the most well received books on security exploits I know of. He and I were to conduct an actual hack over wireless at a hotspot in downtown San Jose for the cameras.

Jon had a few prepared 'splots he wanted to run. One was a MitM attack with stream injection. I would search for, oh, lets say, "shrimp" at Google and he would substitute, say, "giant" for "shrimp" so all the returns from Google were about really big things. Kinda funny but a hard concept to convey in 15 minutes to a TV audience.

The other idea was pretty simple (read:LAME), I would log into my mail account and he would snarf my password and go read my mail. It came off OK and they kept it as the final for the show. It was fun to do and we got a ton of inquiries. I actually get about 15 minutes of airtime. So there is my Andy Warhol quote for the day. Here is the link: Bruce_on_TV

Labels: AirMagnet, Hacking, TV

T-Mobile WPA (Without nasty client sw)

I finally found a tip on the Internet about using t-mobile with WPA without the nasty t-mobile connection software. Those groovy geniuses at TheShmooGroup have a member who did it. The post follows from their forums .

Jouni Malinen jkmaline at cc.hut.fi

Sat Sep 3 13:33:19 MDT 2005
Some time ago, there were couple of questions on how to use wpa_supplicant with the WPA-enabled version of T-Mobile wireless network.

Finally, I had a suitable chance to test this a bit while waiting for my flight at SFO and the connection is indeed working fine. As a proof, this email is actually send over the WPA encrypted T-Mobile network ;-).

The SSID for the network is tmobile1x and it is configured for WPA-Enterprise with TKIP. Authentication is done using EAP-TTLS/PAP using the normal T-Mobile username/password. It was enough to just complete WPA authentication, i.e., no need to go to any web portal page. It took me some time (maybe five or so scan attempts) to find tmobile1x SSID even though I saw six or so APs with tmobile SSID at the same time. Anyway, once the correct SSID was found, association and authentication went through fine.

This network block worked fine (at least at SFO) with madwifi:
network={
ssid="tmobile1x"
key_mgmt=WPA-EAP
scan_ssid=1
identity="username"
password="password"
eap=TTLS
phase2="auth=PAP"
}

--
Jouni Malinen PGP id EFC895FA

I got this working with the Intel ProSet Wireless supplicant. Here are screen grabs of the setup, Insert your own T-Mobile username as required. Also, feel free to click the image for a larger version.