WARdriving/WARsitting

free WiFi

Bash script for automatic connect to free WiFis

I've made the bash script open-wifi-auto-connect.sh which scanns for WiFis and connects to the first open WiFi it can find and which is really online, e. g. can send a ping to a root nameserver. The script status is beta.
If no open and online WiFi (free WiFi) could be connected or after a disconnect it makes a new and fast scan for WiFis, to make the PC/Notebook/Cellular Phone etc. nearly always online.
With this script you don't have to look or scan for free WiFis and you don't have to (re-)connect and test them. You only have to start the script, e. g. via a boot script.
To avoid problems with duplicate ESSIDs and hidden ESSIDs the script uses MACs instead of ESSIDs.
It works e. g. under Knoppix 6.2 and is a perfect countermeasure to Fake AP.
Example output: 

 
> ./open-wifi-auto-connect.sh wlan0
switching MAC to 00:02:78:e2:bd:9a
Scan number 0, scanning ...
Found 2 open WIFI(s) and 4 closed WIFI(s).
List of WIFI(s) with Channel, Encryption, Quality, Signal Level, MAC, ESSID:
Channel:3       key:on  Quality=15/100  level:65/65  00:1D:19:AE:63:CD  ESSID:"Lorenz"
Channel:6       key:on  Quality=14/100  level:65/65  00:A0:DE:1B:22:D9  ESSID:"MC06246"
Channel:8       key:off Quality=20/100  level:65/65  00:18:39:82:F9:DF  ESSID:"restaurant-lorenz"
Channel:6       key:on  Quality=15/100  level:65/65  00:1D:73:18:A8:73  ESSID:"wlan_seminar"
Channel:6       key:on  Quality=15/100  level:65/65  00:1D:73:18:A8:73  ESSID:"dernachbar"
Channel:11      key:off Quality=14/100  level:65/65  00:1B:D4:69:BB:B0  ESSID:"tmobile"
Checking the open WIFI 00:18:39:82:F9:DF, ESSID:"restaurant-lorenz"
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
wmaster0: unknown hardware address type 801
wmaster0: unknown hardware address type 801
Listening on LPF/wlan0/00:02:78:e2:bd:9a
Sending on   LPF/wlan0/00:02:78:e2:bd:9a
Sending on   Socket/fallback
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPNAK from 192.168.164.1
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 2
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
DHCPOFFER from 192.168.164.1
DHCPOFFER from 192.168.164.1: already seen.
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.164.1
bound to 192.168.164.113 -- renewal in 1416 seconds.
Connectet
It is useful e. g. to test you own Access Point (AP) or to go online to check the emails or read some news even when you have no own internet connection but one or more free WIFIs at public paths and areas. And why pay for internet access when you don't have to?
Because the script uses free WiFi(s), it's a Zero Cost Routing (ZCR) script.
The open and online WiFis, also called free WI-FI or free Hotspot, can be found at Starbucks (in USA, Germany and several other countries), Skys Coffee House, Barnes and Noble and many other places, e. g. at about 100 Cafes in Amsterdam: http://www.wifi-amsterdam.nl/free_wifi_internet.html.
Airports usually have free WiFi, even in Iran, e. g. at the Tehran Imam Khomeini International Airport where i found several free WiFis in may 2010. You can find an up-to-the-minute guide to WiFi in airports world-wide at http://www.jaunted.com/maps/Airport-WiFi-Map but the list is not complete, because i found several airports with free WiFi(s) in Iran but the map at jaunted shows no free WiFi in Iran (at 2010-06-28).
Some areas like Mountain View (Google WiFi) and the San Francisco Bay Area have free WiFi with thousands of access points: http://hubpages.com/hub/Where-are-the-best-places-in-the-Bay-Area-to-get-free-wirelessWiFi-access.
You can find lists of free WiFis online e. g. for Germany, Austria and Swiss at http://www.freie-hotspots.de, worldwide at http://www.free-hotspot.com/, http://www.openwifispots.com/Sitemap.aspx and links to lists for (nearly) every country at http://www.heise.de/mobil/laenderliste/. But free does not always means that it's barrier-free: At some of the hotspots from free-hotspot.com you have to accept the terms of use (the current version of the script can't do this).
Because the script does the lookup and testing of open WiFis automatically, you don't have to waste time to do try to connect a free WiFi from one of this lists and you don't need Warchalking; the only thing you have to do is moving toward a free WiFi as long as you are offline. Sooner or later the script gets you online.

Another application is using the internet connection of natives to see how their internet connection is censored, because their internet connection usually is censored different (more restrictive) than the internet connection of hotels and at airports, e. g. in China and Iran. I could see this in Iran in May 2010. Therefore i made this script for censorship research and that's the reason why it changes the MAC (address) before each scan. I will add MAC filtering bypassing, WEP cracking, WPA cracking and WPA2 cracking (when i have enough time), but that script will get another name and section, to make clear it's with cracking.
An interesting point is that MAC filtering bypassing is also often the key to get free access to non-free Wifi, e. g. the Boingo Wireless, descripted in the 2600 Magazine Summer 2010, p. 29-31.

The script does not work under Microsoft Windows (with Cygwin), because Cygwin has no iwconfig, iwlist etc..
Under Microsoft Windows (XP) there is an alternative: By default, MS-Windows XP only auto-connects to Preferred networks. The Advanced button (Germ.: Erweitert) on the Wireless Networks (Germ.: Drahtlosnetzwerke) tab of Wireless Network Connection properties controls the default behavior of MS-Windows XP automatic connections. One option on the Advanced window, "Automatically connect to non-preferred networks," (Germ.: Automatisch mit nicht bevorzugten Netzwerken verbinden) allows MS-Windows XP to auto-connect to any network on the available list, not just Preferred ones. This option is disabled by default but can be enabled. But the MS-Windows XP does not check if the connection gives internet access and it does not change the MAC, it can't crack WEP/WPA and it can't bypass MAC filtering, so it's a very very poor alternative, like the wifinetics - wificonnect which is a program for linux that will connect to the first available open wireless network.

The automatic connect from MS-Windows and my script are legal in most (all?) countries of the world, not only inside a building like a cafe or airport but also at public paths and areas, e. g. in the USA and Germany, see e. g. http://www.hrr-strafrecht.de/hrr/archiv/04-08/index.php3?seite=7 and the article "W-LAN: Legal schwarzsurfen", CHIP, März 2005, S. 212-213.

Update 2010-06-20

Although i found many examples which worked without the ESSID, i could connect the next open and online WiFi only with the ESSID as iwconfig parameter. So the actual version uses the ESSID. Because the MAC is also used, duplicate ESSIDs are no problem.
Example output under Knoppix 6.2: 
 
> ./open-wifi-auto-connect.sh wlan0
Error for wireless request "Set Power Management" (8B2C) :
    SET failed on device wlan0 ; Operation not supported.
switching MAC to 00:05:79:65:cf:87
Scan number 0, scanning ...
Found 1 open WIFI(s) and 5 closed WIFI(s).
List of WIFI(s) with Channel, Encryption, Quality, Signal Level, MAC, ESSID:
Channel:2	key:on	Quality=31/70  level=-79  00:23:08:2B:F6:69  ESSID:"EasyBox-2BF661"
Channel:1	key:on	Quality=32/70  level=-78  00:24:FE:BC:BE:C4  ESSID:"FRITZ!Box
Channel:11	key:on	Quality=37/70  level=-73  00:1F:3F:62:AA:DF  ESSID:"WLAN-001F3F62AADF"
Channel:11	key:on	Quality=30/70  level=-80  00:1D:6A:35:27:93  ESSID:"ALICE-WLAN"
Channel:4	key:off	Quality=31/70  level=-79  ...                ESSID:...
Channel:6	key:on	Quality=31/70  level=-79  00:04:0E:CF:A6:F3  ESSID:"FRITZ!Box
Checking the open WIFI with MAC ..., Channel 4, ESSID ...
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Listening on LPF/wlan0/00:05:79:65:cf:87
Sending on   LPF/wlan0/00:05:79:65:cf:87
Sending on   Socket/fallback
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPNAK from 192.168.123.1
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 4
DHCPOFFER from 192.168.123.1
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 192.168.123.1
bound to 192.168.123.47 -- renewal in 102895 seconds.
Connectet
Online!
Connectet
Online!
The set power error is caused by the default of 500 mW (in the script), because the actual adapter has a maximum of only 100 mW, but this can be ignored.
About 10 seconds after the start of the script my notebook is online and this connection to the (here anonimized) WIFI "..." can really be used with a browser and e. g. ping: 
 
> ping -c 5 google.de
PING google.de (216.239.59.104) 56(84) bytes of data.
64 bytes from gv-in-f104.1e100.net (216.239.59.104): icmp_seq=1 ttl=247 time=216 ms
64 bytes from gv-in-f104.1e100.net (216.239.59.104): icmp_seq=2 ttl=247 time=48.4 ms
64 bytes from gv-in-f104.1e100.net (216.239.59.104): icmp_seq=3 ttl=247 time=30.3 ms
64 bytes from gv-in-f104.1e100.net (216.239.59.104): icmp_seq=4 ttl=247 time=27.5 ms
64 bytes from gv-in-f104.1e100.net (216.239.59.104): icmp_seq=5 ttl=247 time=55.0 ms
--- google.de ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 27.577/75.513/216.160/71.093 ms
With two PCs (Notebooks) the (minimum) 10 seconds offline after a disconnect could be avoided with a second PC, by connecting the second PC to an other (the best other) free WiFi. This can be done with two WiFi adapters, one virtual PC and switching the default route or using multipath routing. With this configuration (and enough open WiFis) you can be really always online with free WiFis.

A basic monitoring of the WIFI connection can be done with

while true; route | grep default; date; sleep 5; done

which shows the default gateway if the association to the access point and the DHCP works.

Update 2010-06-22

I replaced the online test (monitoring) with pings, because many firewalls do filter ICMP/pings. Usually you need DNS and http(s) connections and not ICMP, so the actual version (and later versions) uses two DNS lookups and two test downloads instead of pings. If at minimum one DNS lookup and one test download was successful, the new online test is passed.
However, the old version can be found here.

Update 2010-06-26

I added some minor changes and a sorting of the open WiFis due to their WiFi quality, so that the script starts connecting and testing with the best quality open WiFi available.
This ensures the best internet connection quality which is available.
The script status is still beta.

Update 2010-06-27

I added a lockfile because the DHCP sets a default route and more than one default route without special routing like multipath routing would cause chaos.
I also tuned the connection checking (monitoring), which is now less restrict to avoid oftentimes disconnects to weak free WiFis: After a connection could be established, the online test is passed when one DNS lookup or one test download was successful.

Update 2010-06-30

I made a bootable USB key with Knoppix which does an automatic connect to free WiFis during the booting of Knoppix: English version, German version.

And i found a similar script which is optimized for warsitting (not wardriving), but it does not change the MAC and it has no connection monitoring and reconnect: Tenacious WLAN Association Script from 2005.

Update 2010-07-30

I tested with an own Access Point (AP) and found out that connecting APs with a hidden ESSID usually does not work.
You need tools like kismet to get the ESSID and with this ESSID you can connect. kismet is also the right tool to bypass MAC filters.

Update october 2010

The german Linuxmagazin published an article with Perl scripts which open WiFis which have a splash page, advertising and to accept terms of use by simple following all links and checking all check boxes: http://www.linux-magazin.de/Heft-Abo/Ausgaben/2010/11/Schluesseldienst. Article and code are freeware and complete online available! The english translation can be found e. g. at http://translate.google.com/translate?u=http%3A%2F%2Fwww.linux-magazin.de%2FHeft-Abo%2FAusgaben%2F2010%2F11%2FSchluesseldienst&sl=de&tl=en&hl=&ie=UTF-8. A combination of my Bash script and these Perls scripts would automatically connect to free WiFis and establish the internet access without a splash page, advertising and to accept terms of use. But i have not implemented it, because that requires the packages

libwww-mechanize-perl
libhttp-server-simple-perl
libio-socket-ssl-perl
libnet-libidn-perl

which are not on the Knoppix DVD.

Update december 2011

Because iwlist uses a kernel interface wich can list "only" 64 WiFis with one scan, my WiFi scripts have the same limit. But there are better alternatives like Kismet and Aircrack-ng.


USB Keys for automatic connect to free WiFi (for free internet access)

USB-Speichersticks zum automatischen Verbinden mit freien WLANs für kostenlosen Internet-Zugang

Sitemap