HOW-TO: Greyhat WiFi Repeater

greyhat

This how-to gives the steps needed to put together a simple man-in-the-middle wireless repeater. You can use this to hang your wired network off of someone else’s wireless router and serve their wireless connection back to them. Do not do this. It here as a silly geek trick and will probably just annoy you every time your connection goes down because you’re too cheap to pay for a good wired connection.

This involves three wireless routers:

Your neighbor is in possession of router A. It is set to factory defaults initially. This is important because it shows the victim isn’t technically savvy and won’t notice your intrusion. You have router B, a Linksys WRT54G that you will be putting into client mode and connecting to router A. The final component, router C, is plugged into router B and acts as a wireless access point.

To start you need to upgrade the firmware on router B so you can use client mode. Follow the client mode HOW-TO over at Engadget.

After that you need to scan for a victim access point. Linksys, D-Link, and Netgear make most consumer routers you’ll find so if you see an SSID of “linksys”, “default”, or “NETGEAR” it is most likely set to factory defaults. This is router A. Connect to the router and go to the default IP address in you web browser, usually “192.168.1.1” or “192.168.0.1”. The Phenoelit Crew maintains a huge list of default admin passwords. Use the admin interface to change the default local IP to a different subnet like “192.168.2.1”. You’ll have to get a new IP after this. Reconnect to the router and give it a new SSID and admin password. You might as well set up WEP while you’re at it since you’ve commited to being an ass. You need to be careful during this process since you could very easily lock yourself out of the box and without physical access you won’t be able to do a hard reset.

Now that router A is set up we can move onto router B. If you followed the client mode how-to exactly you will have to switch the local IP back to “192.168.1.1” or whatever router A originally had as a local IP. Also set the default gateway to the new local IP of router A. Configure client mode to connect to router A‘s SSID and then set up WEP.

You are now connected to router B through a wired connection and it is connected to router A wirelessly. You should have internet access.

Now for the final step; giving your neighbor his wireless access back. Plug into router C and go to the admin page. Turn off the dhcp server and change the local IP to one in the subnet, something like “192.168.1.10”. Change the SSID to router A‘s original i.e. “linksys”. Now plug a cable into one of router B‘s LAN ports and the other end into the uplink port on router C; if it is a Linksys router, port 4 will work. Router C is now rebroadcasting the wireless connection.

When your neighbor fires up his wireless laptop it will still say he is connected to “linksys”, but your wired network is “securely” connected to the internet. You could always uplink to another router and set it up as a secure access point.

Once again: do not do this. If you are looking to legitimately expand your wireless coverage with WRT54Gs, you should investigate mesh networking with WDS. It may not work with WPA though.

37 thoughts on “HOW-TO: Greyhat WiFi Repeater

  1. I do something similar. I wanted my own private network behind my landlords wireless network, so i got a wifi bridge, plugged that into the wan port of my (wifi, but doesnt need to be) router, and im rebroadcasting his wifi signal on my floor. Better connection in random places in my apartment

  2. This is a cruel and ass-backwards hack. It’s nowhere near a shade of “gray” and I hope that whoever tries this gets arrested. You are modifying someone else’s property as opposed to simply using an non-secured connection.

    Instead of sharing his connection back to him, let him keep his own connection (how novel..) and just use your box as a client for your OWN network and have your own subnet.

    You’ll only attract more attention when your neighbor suddenly realizes he can’t get the reception he used to in his own house..

    Insecure networks are one thing – modifying settings and re-routing services are another.

  3. Yeah, I have to agree with deltaf, no need to mess with the host’s network if you just want to help yourself to his unused bandwidth. This violates the hacker’s ethic, and should not be posted on hackaday. Also, from a strictly utilitarian standpoint, doing something like is much more likely to instill paranoia, and they will hire an expert to secure the network, and you will be locked out. Since you’re piggybacking on their internet connection anyway, YOU are the security risk, so why secure yourself against others?

  4. Yeah, instead of “silly geek trick” I should have just said “stupid trick”. You should just stick with client mode if you want to share bandwidth with you neighbor. If you want to do this within your own network WDS is probably the better option since the NAT will keep you from doing fun things like sharing across your client mode router.

    I just glanced at http://www.dodgeit.com/ . It doesn’t work for comments? I wouldn’t encourage using it. The editors are the only ones that see the email addresses and it is nice to be able to reply directly if the need comes up.

  5. I live in a city that recently made my neighborhood into one large free wireless hotspot. Nice free internet for all. Two caveats: The connection is unsecure, and the only reliable connection I can get inside my apartment is right next to the window. Does anyone know of a trick to use a router (or any other inexpensive device) to enhance the connection as well as secure it? The connection is fast and I am sick of paying for cable internet.

    1. Simple get a VPNUK account and select a US server if you want to look like you are in the US or you can select a server just about anywhere in the world. It will encrypt your data that is over the open wifi network and if the public wifi is net nannied they cant tell what you are doing. (unless the network doesn’t allow vpn connections.)
      I use it to get around P2P blocks in motels. and if I want to do some personal banking it is safer.

  6. Erm im on open wifi now in Sweden loads of secure wifi but one open signal and im sitting outside on a balcony to get it!

    That hack might not even work seeing as I could imagine itt would just double back on itself. But open wifi good, closed wifi magnet for hackers.

  7. Well, this seems to propose one way of getting secure access and do some war-living at the same time, but it has obvious flaws. Say you wanted to piggyback on someone else’s unsecured WiFi network without your own packets being sniffable. Could you not use an encrypted tunnel between your client-mode router (with appropriate software modification) to a secure proxy? Are there even any proxies that operate like that? I must confess I’m not as informed about anon proxies and the like as I maybe should be.

  8. A secured proxy (highly anonymous proxy) would only protect your traffic on the WAN. The owner could still potentially intercept your traffic at the router, and the router would also see a connection being established to the proxy.

    It’s not really a hack, most people get the concept of the idea but don’t feel the need to do such a thing and I don’t think it should have been posted.

  9. OK, ass-hat….

    You just crossed the line.

    This is just the kind of bullshit that gives the old-school hacking community a bad name.

    FWIW, I’m over 40, and have been an INFOSEC professional for 13 years. You have just moved from the neat hardware hack zone, to the advocating theft zone.

    I looked for you at DEFCON this year to shake your hand.

    I will look for you at DEFCON next year to introduce you to the FED.

    Cheers…..

  10. Lame.
    This is standard MitM attack. And it isn’t even much of a hack, you are changing someone else’s router setup using default configuration ID & pw’s. There is nothing interesting or cool about this. I mean, if they aren’t smart enough to at least TRY to secure the access point, and they leave it open, then I am all for people using an open AP. But if they actually turned on WEP or made an effort to hide the network, then it should be left alone. There is no legitimate reason to post something like this, except as an example for MitM attacking. Now protecting against MitM attacks, that would be an interesting subject.

  11. I’m glad to see the negative responses about modifying a neighbor’s router. Just b/c we can, doesn’t mean we should.
    My neighbor had an open access point, so I educated him. I left my vehicle’s trunk open once, so he closed it and informed me.
    Simple, but this world is built on communities. We were all malicious punks once, but is there a better way to educate ignorant neighbors?

  12. This some dumbass stuff man.
    The general public should be considered as a fairly uneducated bunch.
    For every myth that is disproven, two more are started. You don’t want to be responsible for giving hackers a bad name? then don’t do stupid crap like this.

  13. Security is easy – just use ssh to create a proxy for web browsing. Same for email, port forward to a secure place.

    WDS and sveasoft is the lame way to do meshing. OLSR does route optimization and automatic gateway routing and all sorts of cool stuff. Basically it is the difference between a router and a hub. It is included in the totally properly open source firmware Freifunk http://www.freifunk.net/wiki/FreifunkFirmwareEnglish
    which is based on openwrt. I am using this to build a mesh in Africa – more info on my blog: http://www.vdomck.org/blog/2005/07/22/how-to-build-a-mesh-network-with-wrt54gs/

  14. If nothing else I would hope people would see this as either an interesting POC article, or more importantly, a warning to enable encryption on their network.

    (and seriously #12. no one cares who you were going to touch at defcon)

    While I’m in an apartment complex with a plethora of unsecured networks around me, I’m not ready to start biting the hand that feeds my computer it’s daily internet access. But I will say that there is a reason its called “unsecured”, meaning; it’s the network owner’s fault if their setup gets messed with.

    It’s as simple as enabling WEP to keep 99% of the war-hacking guys out of their network. The general public has to learn somehow, and with any investment, they’re stupid for not taking more time to learn how to protect it.

    Would you buy a new lexus and give copies of your car keys to anyone within a certain radius of your house? Aside from the obvious difference in money at stake, thats fairly analogous to what people do when they decide not to enable encryption on their network.

  15. I found this informative. There is no knowledge that is not power. Though I would not use it as described here.

    A question for the more experienced here. I can see several open networks from my new house. Is there a way to run client mode on several wireless routers, each on a different open network, then wire them to a linux box and do some sort of load balancing so I get a nice fast network? If so, where is some good software for a novice?

    Thanks,
    C

  16. “I found this informative. There is no knowledge that is not power.”

    Exactly. I can’t believe people who read a page called “hack a day” are complaining about this. I, for one, am going to use this info for my three routers that I own and pay for the service so I can share it with my neighbors who don’t have wireless cards.

    Thanks for the article Eliot. Was wondering if I could do this with my P.O.S. Netgear 802.11b, and didn’t really invest any research into it.

  17. personally, i find this as informative as the “bump key” article, and for the same reasons. knowing that these possibilities are out there, and how people go about exploiting them, helps me to secure my own property (ie: having a kill switch in my car, instead of just relying on locks, etc). sorry to those who think that only an l33t group should know how to do this stuff, but that’s not the way the hacker community works (sharing of knowledge is, btw), you’re incorrect, no matter how long you’ve been playing the game.

  18. Except this totally doesn’t work if you use a VPN or SSH tunnel to connect and transmit everything that matters over it. No one is gonna care about the packets going by for hackaday, so leave that on a local insecure subnet. its things like gaim w/o encryption, mail, etc..

    trick is finding a good tunnel endpoint that has a fat enough pipe to do this.

    anyone know of a good one? I know freeshell.net will give you a unix shell, and for some $$ you can get ssh capabilities.

    onion router also won’t work because I think it assumes you trust your ISP, which we don’t in this case.

    I think that iphantom standalone vpn thing that the twit people were talking about may work to counter this technique as well.

    As far as the flamewar; even if he had not changed the settings on router a, it still could pose a keen MiM attack. Other people (like you) may choose to mooch off of this signal. I think some people felt this was a crossing of some line in the sand. You could easily just have a strong signal and others would like to mooch off you :-)

  19. Not nice. Can’t we all just get along?

    How about a description of the specific hardware to allow rebroadcasting of a remote neighbor’s wireless connection to my house? I’m thinking a high gain directional antenna pointed at the neighbor, into a router, wired connection to another router with omnidirectional antenna to feed my house. But, the devil is in the details. HELP!

    (BTW, in this case, I’m using his connection with permission).

  20. It’s interesting, reading this from top to bottom. It’s clear to me by the implied remarks and by the bold, and also through the tension, that you are all ‘real’ people who feel differently about something very black and white. The questions aren

  21. In response to “deltaf” and others who thought the hack was cruel…

    You guys need to grow up, what is the harm in sharing internet connection with your neighbors for legitimate purposes?? Although many people leave their connections open because they are not aware of it, I find that a large number of people leave theirs open because they feel that their ISP charge them too much for the service and they want to make it available to their neighbors.

    When you are using the neighbor’s open connection, how are you being cruel to them? When you change the IP on their router how is that cruel?? It’s not like you are altering their service…..When you walk down the street, you find a $100 bill on the floor, would you just walk and leave it on the floor or would you pick it up? Most of you who are so upset would pick it up, and the only reason you are so upset right now is because you can’t find a neighbor to share internet with!!

    When you come to think of it, the only one who is cruel is the greedy internet service providers who overcharged us for years, and those scambaggs at Linksys who couldn’t write a nice firmware for the wrt54g to make it work on different modes…

    I really did not see anything wrong with the hack, I really liked it, for a longtime I was looking for a way to turn my linksys router into a repeater to share internet connection with my neighbor…I was doing it by bridging a wifi card and an ethernet card, so my pc had to be on all the time, that consumes power…..So this tip not only helps me and my neighbor, it also help saves energy.

    **Question**

    When I set my router(b) in client mode, it is feeding of router (a), in this case the wireless capability of my wireless connection is loss? Should I add router (c) to have wireless in my house???

  22. In response to “deltaf” and others who thought the hack was cruel…

    You guys need to grow up, what is the harm in sharing internet connection with your neighbors for legitimate purposes?? Although many people leave their connections open because they are not aware of it, I find that a large number of people leave theirs open because they feel that their ISP charge them too much for the service and they want to make it available to their neighbors.

    When you are using the neighbor’s open connection, how are you being cruel to them? When you change the IP on their router how is that cruel?? It’s not like you are altering their service…..When you walk down the street, you find a $100 bill on the floor, would you just walk and leave it on the floor or would you pick it up? Most of you who are so upset would pick it up, and the only reason you are so upset right now is because you can’t find a neighbor to share internet with!!

    When you come to think of it, the only one who is cruel is the greedy internet service providers who overcharged us for years, and those scambaggs at Linksys who couldn’t write a nice firmware for the wrt54g to make it work on different modes…

    I really did not see anything wrong with the hack, I really liked it, for a longtime I was looking for a way to turn my linksys router into a repeater to share internet connection with my neighbor…I was doing it by bridging a wifi card and an ethernet card, so my pc had to be on all the time, that consumes power…..So this tip not only helps me and my neighbor, it also help saves energy.

    **Question**

    When I set my router(b) in client mode, it is feeding of router (a), in this case the wireless capability of my wireless connection is loss? Should I add router (c) to have wireless in my house???

  23. I have (router A) on the basement it has the internet
    I set (router B) on apt #2 on client mode to connect to (router A) as a wireless bridge

    Then I add (router C) onto (Router B) to serve my other wireless devices on apt#2

    {router A} —-wireless bridged to —–>{ Router B} —-wired to router–{Router C}

    Everything works fine without (router C), when (C) is added (B) and (C) interfer, (Router C) prevents (Router B) from connecting with (Router A). I change channels, I change settings, nothing works….

    Any help????

    Routers : A-linksys 11B, B-Linksys wrtg54g, C-Linksys wrtg54gs

  24. This isn’t a hack but it does give a little help to those who need help setting up special connectons with WAN. This isn’t mean or cruel in any way. and the feds wouldn’t give a crap because the AP being used in this example is unsecure. WHO THE F CARES! if it isn’t secure for any reason then it is open for any kind of attack. I have three different WAN routers that i just plug in and leave unsecure just to see what happens and guess what. I get locked out of the box all the time. What do I do? I reset the box by pushing the reset button. DUH!!!
    It amazes me how defencive some people are when it comes to something like this. Hacking by definition means: The altering of hardware or software, for purposes not intended by the original maker. This is a large niche.
    Next time think before you go off on someone sharing with others the possibilty of making more use of a device then it was manufactured for.

  25. I really enjoy the info i got on this page. I have been trying to find the hardware to piggy back repeat off a neighbors unsecure network, that’s the easy one. The hard part is finding the hardware to bootleg off of the city’s public access points that are two and a half miles away. Can an old direct tv satellite dish be used as a directional antenna. I find that cable broadband is way too expensive to pay through the nose every month so i wouldn’t mind the cost to build a repeater and pay just once for it.

  26. Hmmm So my Landlord is sharing internet connection (I have his wep key) but I can only get a signal in the kitchen window :( Any suggestions on obtaining better coverage would be much appreciated! As I’m not sure that 3routers are or are not my answer.

  27. my neighbor has an unsectured connection, but the signal is week in my house, but strong in my garage, I have a lynksys router is it possible to put my router in my garage to boost the signal to my laptop, if so how would I do that

  28. …. i dont understand why people are getting so upset about this article… sure it could be used for bad, but good as well.

    as for everyone wanting to know how to boost their neighbors wifi signal, its simple. i used to do this at my old house. my neighbor was running a linksys router (unsecured), but it wouldnt reach the other side of my house where my main desktop was.

    so… i had an extra computer in the garage, (doesnt have to be fast at all, could be a PII), hooked it up (in the garage where the signal was) then, i got a cheap usb wifi dongle and put it as high as i could for the signal, (using a rope and hanging it over the guide rails for the garage door), then i simply bridged the wireless connection to the wired one, and ran a Ethernet wire out of the back of the computer into a seperate router. and then i secured the router.

    fast, simple, inexpensive. already had most/all of the parts just lying around.

  29. I do not consider myself to be a comp. geek at all, in fact most of it drives me crazy. BUT… I was a T.V. repairman for 25 years and I do have a signal unsecured at my new house which I have been able to link on to. The problem came when I went to add netflix into another room which then took me further from my host signal I guess. I could get the name to come up from the network scan but was unable to connect due to lack of signal. I opened up my Smart DVD Player and found the little board which was retrieving the signal from the air…which they put way up in the front so it would be able to get more signal, I took it out of the case and extended the wires (5 of them, two 4 volt leads 1 ground and I’m guessing two antenna leads with no voltage on them) 10 foot. I put the case to the dvd player back together, ran the new wire up into the attic and 3 signal bars later I have netflix in my living room. I’m not real sure how long you can make these wires before the start dropping voltage and stop working all together but it’s cheaper to buy a 5 volt power supply and power the board with that than buying internet service. Thanks for the ideas though.

Leave a Reply to ezCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.