Jon Bennett created a nifty wireless telepresence bot out of a thrift store RC car, a Linksys WRT54GL router running the Open-WRT Linux firmware, a network camera, and a microcontroller. He's built two variations: one controlled by a PIC microprocessor, and the other controlled by an Arduino. You can use whichever processor you are more comfortable with, and make one of your own for very little cost using this guide.

The goal of this article is to give a high-level overview of the project and provide some implementation details of the software and electronics. It is not meant to be a step-by-step how-to guide, but there should be enough information for someone with motivation and some background knowledge in electronics and software to be able to make their own Wifi Robot. All of the source code is being released under the terms of the GNU GPL v2, so by all means, use the code, and improve it!

This is one of those basic projects that you can take in a number of directions. Jon's guide will get you through interfacing with your typical RC car electronics and controlling it remotely. From here, it's all software. Someone should take a stab at adding an image processing routine on the remote end to create an autonomous sidewalk cruiser.

Wifi Robot

Presumably this is to allow external custom imagery and analytics tracking bugs to be accessed during the sign-in process. The funny thing is that the proxy allows files through based on a string comparison on the requested URL, and it's easily fooled.

Without any hope of success I typed http://www.google.com/.jpg into my browser's adress bar, and to my big surprise I saw the page you see when you follow the link right now. The next thing I typed in was: http://www.google.com/?.jpg but that didn't work. But I went on, and found that url's like http://www.google.com/search?.jpg worked like a charm. I found that I could easily visit sites like slashdot, google, or even this weblog, when adding a ?.jpg at the end of the url. The next logical step was to automate that. I downloaded greasemonkey.xpi?.jpg (*g*) and wrote a 4 line js script that would add ?.jpg to every link in a document. That way I was able to browse most sites without a hassle.

I wonder how prolific this loophole is. Next time you're in an airport (or a hotel), give it a shot and let us know how it works for you.

Hacking a commercial airport WLAN

Nate True put together a howto that will guide you through the steps for configuring your iPhone 3G as a web proxy using the 3Proxy software. The laptop connects to the iPhone over an ad-hoc WiFi connection, the iPhone connects to the internet on its 3G connection, and 3Proxy sits in the middle, shuttling http requests and responses from your laptop to the world wide internets.

There are a number of steps involved if you include the whole jailbreaking process. If you get this out of the way, though, you'll be prepared to jack in in an emergency (or in a lame-o airport with pay wifi).

How to tether your iPhone 3G
3Proxy
PwnageTool 2.0.1 (for jailbreaking your iPhone 3G)

BATMAN (Better Approach To Mobile Ad-hoc Networking) is a routing protocol designed for multi-hop ad-hoc mesh networks. When you run BATMAN on routers in an ad-hoc network, the nodes in the network constantly send out little broadcast packets that are picked up and re-broadcast by nearby machines. Rather than have each node develop a formal map of the network, they can figure out the most reliable routes to other machines in the network based on the speed and reliability of broadcast packets that they receive from other nodes.

You can imagine a scenario where router A might be a single hop away from the uplink router U, but the connection is somewhat unreliable or drops packets from time to time. If router B has a solid connection to U and also has a reliable connection to A, it might be a faster and more reliable to route A's packets through B, even though it's ultimately 2 hops to U. The way BATMAN works, router A would receive U's broadcast packets more frequently from B (due to the U<->A packet loss), which would cause it to automatically send outbound data through the more reliable B connection.

It looks like this might be fun to experiment with a neighborhood network or even in a larger home with poor coverage. BATMAN is available in OpenWRT, so you could scatter a number of cheap routers throughout an area, give one of them a DSL uplink, and have solid wireless laptop connectivity wherever you want it.

If you really want to get crazy, you can run the routing protocol on your Linux laptops too, making them full mesh participants and expanding the coverage area wherever you go.

B.A.T.M.A.N.
Using BATMAN with OpenWRT

It used to be that you had to use a separate laptop connected to your phone to do the routing and network address translation side of things. This hack will allow you connect 1 or more WiFi laptops anywhere where you can get a cell connection, and you can do it without additional hardware. All you need is your phone.

Why isn't this available as part of the base WM6 operating system?

WMWifiRouter - Link
WMWifiRouter forum discussion at xda-developers.com - Link

fstedie came up with a nice hack for adding internal Bluetooth audio support to your iPod:

1st Ever Bluetooth-Enabled iPod!

If you're like me, you've often asked yourself why Apple has not added native Bluetooth capability to their iPod line up. Even the iPhone only supports mono Bluetooth!

Sure, there are numerous adapters that plug into the iPod's dock connector to give you wireless music, but they are clunky, they come off easily, can't use them with your case and you have to charge them separately!

So, here is my way to add "native" internal Bluetooth support to your 4G iPod. The same method may be used with other iPod versions, I leave that up to you.

The hack essentially involves disassembling a small Bluetooth audio adapter and wiring it directly to the iPod mainboard. Audio input is tapped from the headphone jack and draws power directly from the iPod's battery, giving you a completely wireless and dongle-free audio device.

Check out the picture above, though, and you'll also notice fstedie has replaced the iPod hard disk with a CF card. He has an instructable for that, too. I mentioned Mark Hoekstra's hack to create an iPod-to-CF adapter last year, and it looks like these are now more readily available and can be ordered online. Pretty cool little iPod hacks, I must say.

Add Internal Bluetooth Capability To Your iPod - Link
Convert your 4th Gen iPod to use Flash Memory - Link
iPod CF and SD Card Capability - Link

Here's a short video in which Joshua Wright demonstrates how a Bluetooth headset can be hijacked, allowing audio to be captured or sent to the device:

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the device is not in an active call. SANS Institute author and senior instructor Joshua Wright demonstrates.

All that is necessary is knowing the device address, which can be easily sniffed, and the secret pin, which defaults to 0000. The headset audio is tapped while not in a call, so any room conversation the headset's mic can pick up can potentially be listened to remotely.

Eric Seifert sent in some information on creating a home brew radio modem using a standard PC sound card, an iPod FM transmitter, and an FM radio. He has his current revision working at 9600 BAUD for distances in the neighborhood of hundreds of feet.

The sending side outputs an amplitude encoded data stream to the sound card, which is connected to the FM transmitter. On the receiving end, an FM radio receives the transmission, and outputs it to the receiving soundcard's line-in, where it is then decoded. The hardware set up is extremely simple. It's the software for reliably encoding and decoding the data (and handling error conditions) that's the tricky part.

Eric released some example encoding/decoding software on his site, so you can start with that and take a swing at improving its error handling ability. You'll need a Linux box with the ALSA and SDL libraries to compile it.

Radio Modem - Link

tnkgrl spent some time exploring the motherboard of her Eee PC. Looking for available USB ports, she was able to hijack the USB trace that goes to the mini PCIe slot used by the Atheros wireless card. Since the Atheros doesn't use the USB signal, the card will still function without it. This gives you a spare USB port, perfect for embedding a tiny USB Bluetooth module!

If you don't mind soldering a few traces, you can add a built-in bluetooth device to your Eee PC. You'll still have the external ports available for other devices, and your wireless card will still function. The only difference is that when you can't find a hotspot, you'll be able to get a cellphone uplink and jack in using your new bluetooth connection.

Modding the Asus 701 (Eee) - Bluetooth - Link

With just a wire, a wood screw, and a drinking straw you can go MacGyver on your PC's WiFi and make yourself an omnidirectional "range extender" antenna, similar to what you'd find in the store for $30. There isn't a lot of talk about the reasoning behind the antenna design... it's just a straight duplicate of what's in the commercial product.

WIFI Range Extender Antenna - Link

(image generated with HAHA FUNNY PICTURES).

James Kendrick has posted his take on Verizon's new terms of service (TOS). After recently settling claims about their unusual definition of the word "unlimited", they are up to some annoying tricks:

Verizon has posted their new TOS and sure enough they have cleared up what limits they may be placing on customer's usage and what they will do as a result. This includes a very interesting clause about throttling users who exceed the 5 GB limit.
...
You should note under the acceptable usage listed in the TOS that "automatic data feeds" are not permitted meaning no automatic RSS feed checking. Ouch.

DD-WRT, the awesome open source router firmware, has a feature that will turn your router into a wireless client instead of an access point. In this configuration, a cheap 802.11 access point can be transformed into a wireless adapter that you can plug standard ethernet-bound devices into.

This project will help you change a cheap wireless router into a wireless receiver for your Xbox 360. The total cost of this project can be as low as twenty or thirty dollars, compared to the one hundred dollars Microsoft wants for their little wireless dongle.

If you have a PC or two without a wireless connection, this hack is also a nice way to extend your network throughout your house without needing to pull any cables. I have a feeling that the hardware in most routers will pick up a stronger signal than built-in PC/laptop wireless adapters, so it may also be worth checking out if you get a spotty signal in your corner office.

DD-WRT Client Mode: Cheap Wireless For Your Xbox 360 - Link

Of all the applications you can upload to the iPhone thanks to the Jailbreak and iPhoneInterface hacks, a SOCKS proxy daemon is perhaps the most useful. It's also the best way to make full use of an unlimited data plan.

Recent developments have allowed iPhone hackers to compile background applications for the iPhone - among the most interesting so far is srelay, a SOCKS proxy server.

srelay running on your iPhone opens up a very exciting possibility - you can use your iPhone's EDGE connection with a laptop or other Wifi-enabled device.

This is about as essential as it gets for laptop users who regularly travel outside the range of reliable WiFi. When this is activated, you'll be able to browse the web on your laptop just about anywhere you can get a cell signal. Your laptop will connect to the iPhone over an adhoc WiFi network, and the SOCKS proxy will happly funnel your web requests over the iPhone's EDGE data connection.

I should also mention that this sort of functionality is a typical feature for just about every other phone on the market -- I've been doing this with my GPRS Windows Mobile phone for years -- so it's nice to see the iPhone finally get with the program.

Tether your iPhone: EDGE internet on your laptop - Link

Simply put, you can configure a single repeater appliance and it will work in conjunction with the wireless router you normaly use at your home or office, regardless of the primary router's model or firmware. There's even an "AutoAP" option, which will allow your repeater to automatically monitor and connect to the access point with the strongest signal.

Complete instructions for getting this set up are available at the DD-WRT forums - Link.

The Upside-Down-Ternet works like this:

1. You set up a DHCP server to assign addresses from one IP netblock to known MAC addresses, and another "untrusted" netblock to unknown MACs.
2. The trusted netblock is routed normally, but the untrusted netblock gets all port 80 traffic forwarded to a transparent squid proxy using iptables.
3. The squid proxy filters all HTTP traffic, looking for URLs ending in jpg or gif.
4. If a jpg or gif is encountered, the image is flipped using morgrify and the untrusted user is sent the upside down image instead of the original.

This could be easily modified to default to giving normal access. You could then direct known abusers to the crippled network. Another option would be to provide "degraded" access using a blur or desaturate filter on images. This would allow people to make use of the free service, but would require them to ask permission to be on the trusted list before having full access.

How do you like to deal with wireless interlopers? What's your ideal wireless setup - one that balances security, ease of use for legitimate visitors or passers-by, and quality of service? Give us a shout in the comments!

I had this problems a couple of years ago when Verizon upgraded southern Rhode Island from 1xRTT to 1xEV-DO. I would constantly bounce between 1xRTT and 1xEV-DO, and couldn't maintain a stable connection, so the service became useless and I canceled (I was out of contract at the time). James Kendrick has found some hidden settings that force it to operate in one mode or the other.

I spoke with someone who wishes to remain anonymous who showed me how to do what I needed to see if it would fix my problem. Open up the Verizon Access Manager program and while disconnected from the network hit CTRL-D. Enter the password "diagvzw" in the dialog that pops up and you'll see a dialog where you can change a couple of modem settings.

Read all about it for complete details and the results. Link

• AirTunes would constantly drop out whenever someone was moving large files across the network
• My Xbox 360 told me that my network was not fast enough to run Media Center Extender

More often than not, though, the network is configured to allow ICMP packets through unfiltered. If you find one of these lucky hotspots, you can ping google.com or another external server and you'll get a response back. You can use this feature to tunnel TCP traffic through an ICMP echo request to a proxy server that you've set up on an unrestricted network!

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies.

Setting: You're on the go, and stumble across an open wireless network. The network gives you an IP address, but won't let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.

To use Ptunnel, you'll need a server to run the proxy on. Your bandwidth will be a bit limited, but the software includes a simple authentication mechanism so that you can ensure you're the only one using your proxy. The way it works, it's more useful for connecting to your server via ssh than it is browsing the web. That said, it's pretty darn cool and awfully handy, especially if you need to check your mail and don't feel comfortable passing a credit card to a random wireless account server.

Download Ptunnel here and give it a shot - Link.
Nulldigital.net has a good writeup on configuration and usage - Link.

Related:

• WiFi Liberator
• Wireless Hacks, 2E

Wifi Liberator is an open-source toolkit for a laptop computer that enables its user to "liberate" pay-per-use wireless networks and create a free, open node that anyone can connect to for Internet access. The project is presented as a challenge to existing corporate or "locked" private wireless nodes to encourage the proliferation of free networks and connectivity across the planet. The project was inspired by the ongoing "battle" between providers broadcasting wireless signals in public spaces, in particular: corporate entities, wireless community groups, individual users, and proponents of open networks. Like my Wifi-Hog project, the Wifi-Liberator critically examines the tensions between providers trying to profit from the increasingly minimal costs associated with setting up a public network and casual users who simply want to see the Internet transform into another "public utility" and become as ubiquitous and free as the air we breath. The project targets pay-per-use wireless networks as often found in airports, other public terminals, hotels, global-chain coffee shops, and other public waiting points.

Related:

• Wireless Hacks, 2E

You can find a Wi-Fi hot spot just about anywhere now, in airports, restaurants, cafes, or even wider-range public locations. This always-on access to the Internet is great, but it also means that the related security risks follow you wherever you go. In a recent Computerworld article, our own resident Windows hacker, Preston Gralla, outlines the potential hazards and provides concrete steps you can take to protect yourself:

Connecting to a hot spot can be an open invitation to danger. Hot spots are public, open networks that practically invite hacking and snooping. They use unencrypted, insecure connections, but most people treat them as if they are secure private networks.

This could allow anyone nearby to capture your packets and snoop on everything you do when online, including stealing passwords and private information. In addition, it could also allow an intruder to break into your PC without your knowledge.

But there's plenty you can do to keep yourself safe -- and I'll show you how to do that in this article. If you follow these tips, you'll be able to make secure connections at any hot spot.

The article provides the details, but here's the rundown of the top 10 tips:

1. Disable ad hoc mode
   
2. Turn off file sharing
   
3. Turn off network discovery
   
4. Encrypt your email
   
5. Carry an encrypted USB flash drive
   
6. Protect yourself with a virtual private network
   
7. Disable your wireless adapter
   
8. Watch out for shoulder surfers
   
9. Beware phony hot spots
   
10. Turn on your firewall

Related:

• Don't fall victim to the 'Free Wi-Fi' scam (Computerworld article by Preston Gralla)
• Wireless Hacks, 2E
• Windows XP Hacks, 2E

"For the release of Microsoft Vista, T-Mobile is offering 3 free months of their hotspot service. The catch is... You have to be running Windows Vista. (don't do it)

5. Save it, goto Tools > User Agent Switcher > Then click the newly added one. Browse over to http://hotspot.t-mobile.com/vista/ and you should be redirected to a trial sign-up page." - Link.

Wireless Hacks feels more like a device constructed by the love child of The Professor from Gilligan's Island and Mr. Spock: it beeps, it twitters, there are coconut shreds, and then, surprisingly, it produces a glass of tea out of thin air or transports several people to geosynchronous orbit. ... Wireless Hacks isn't about breaking technology to serve your needs. Rather, it's about bending it. So much of today's wireless networking hardware, software, and firmware has been carefully tailored to suit what the manufacturer or service provider feels you are entitled to do with it. But we own the tech and, for unlicensed networks, we own the airwaves. Wireless Hacks stands up, raises its hand, and says, "Excuse me, I don't buy into your world view."