banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

OpenWrt Cracking Campus Network: Misconceptions and General Direction Interpretation

#CatWrt#Openwrt#校园网653
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The article discusses how to share campus network access, addressing common challenges faced by students. Many schools restrict network access to specific devices, which can be inconvenient. It emphasizes that using OpenWrt is not a universal solution due to various versions and frequent changes in network security measures. The author suggests researching previous attempts at network sharing in one's institution and offers resources like a QQ group for support. Different network connection methods are outlined, including PPPoE and DHCP, along with various verification methods such as mobile apps and web logins. The article also covers detection methods for shared networks, including TTL fields and HTTP User-Agent checks. For those interested in using CatWrt firmware, the author provides installation tips and resources for configuring software sources. The importance of cloning MAC addresses for certain network types is highlighted, along with instructions for setting up NTP to avoid time offset detection. Additional tools like UA2F and mentohust are mentioned for handling specific network challenges. The author encourages students to seek out existing tutorials or peers who have successfully implemented OpenWrt for assistance.

Many people ask me how to crack the campus network. As the new semester approaches, many are starting to consider this issue. What is meant by cracking here is actually sharing the network.

Many schools restrict access to either only mobile devices or only computers & mobile devices. This is unreasonable; not to mention using smart home devices in dorms, even having an extra iPad makes it difficult to get online.

Why do I say OpenWrt is not a cure-all? First, there are many domestic versions of OpenWrt.

Secondly, the technical competition is very intense; if you find a method today, it might be blocked tomorrow. Moreover, configuring the software can leave many novice users confused.

To tackle this so-called cracking, both in terms of cost and sunk costs, it is hard to estimate. What works this year might not work next year if the school changes equipment or service providers, so while experimenting, one should be aware of this. If you want to achieve automated verification, you can first search if anyone at your institution has tried this before; if so, you can directly reuse and test it. If it doesn’t work, you can ask a friend to help you write a script using ChatGPT.

If you have doubts about using CatWrt for the entire campus network, you can join our group. I hope my tutorials and experiences can help many students.

Connection Methods#

Let's start with the connection methods.

  • PPPoE, which is dial-up internet
  • DHCP, which is automatic address acquisition; this might be more common
  • VPN
  • Private dial-up protocols, which are rare and have few solutions based on modified PPPoE

If a school uses PPPoE dial-up, it can be said to be quite rare, and the school is doing well.

Verification Methods#

Each school is different, and service providers vary as well.

  • Mobile APP (not accessible via browser)
  • WEB verification (accessible via browser and requires login)
  • Computer software

Verification can be done on OpenWrt by copying the MAC address and writing a verification script in Python3. If you want to write one, you can refer to my previously published blog.

If it’s a mobile APP verification, you can try using a packet capture tool like 小黄鸟,then take the content and give it to ChatGPT to help you write a script. If it’s simple, you can solve it directly with a sh script or bash script.

Detection Methods#

Common methods for detecting shared networks include the first three, which can be easily resolved on OpenWrt.

  • TTL field (can determine if you are using Windows or a commonly used Linux system)
  • HTTP browser User-Agent (HTTPS will not be affected due to TLS encryption)
  • Clock offset
  • Flash Cookie detection
  • IPv4 packet header
  • DPI deep packet inspection

Reference: Research and Solutions on the Detection Mechanism of Shared Internet Access in a Certain University Campus Network

There are also some basics like IP address and MAC address; detection methods vary by school.

Getting Started#

Before installing components, be sure to update the index file with opkg update so that your opkg install will not encounter issues!

1

Here I can openly recommend my CatWrt firmware, which encompasses all the content of this blog post.

I have created many methods for using software sources in my historical blogs.

Including:

The following is a collection link to download CatWrt firmware👇

2

Of course, CatWrt is not a perfect solution; for example, software installation requires internet access. If the router can temporarily access the software source after verification, it can be installed normally.

If offline, you might want to find a way to manually install our tools (Cattools) and IPK files, and then connect to the internet after setting up the environment!

Cloning#

If your network requires it, such as Ruijie verification, you may need to clone the IP address/MAC hardware address for OpenWrt to avoid being blocked due to the router manufacturer during MAC scanning or issues caused by uncommon devices.

  • Windows: Settings - Network - Ethernet/Wi-Fi

  • OpenWrt (CatWrt): Network - Interfaces - wan (modify) - General Settings - Advanced Settings - Reset MAC Address

Tip: Every legitimate manufacturer’s device has a unique MAC address; you can open a mobile APP with wireless MAC scanning to see what brand of routers are nearby.

NTP#

CatWrt has NTP enabled by default; if you are using other firmware, you may need to enable it to avoid time offset detection.

System - System - Time Synchronization

  • Enable NTP client

  • Provide service as NTP server

  • Candidate NTP servers

ntp1.aliyun.com
ntp.tencent.com
ntp.ntsc.ac.cn
time.ustc.edu.cn

UA2F#

You can handle unencrypted HTTP traffic UA in OpenWrt to avoid detection.

image

opkg install ua2f luci-app-ua2f

Tip: The UA2F luci here is newly released.

3

TTL Hop Count#

You need to install the following components.

opkg install iptables-mod-ipopt kmod-ipt-ipopt

System - Firewall - Custom, insert this, and restart the firewall to modify TTL.

⚠️ Some systems do not include custom firewalls; related solutions can be searched independently. This blog follows Lean's OpenWrt operations (LEDE/CatWrt/QWRT).

iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64

Here, 64 is commonly used by Windows, while 128 is commonly used by Linux and MAC.

Reference: Bypassing Multi-Device Detection in Campus Networks

UA3F#

This method relies on SOCK5 proxy software, such as 😺 Clash, which has performance requirements for the machine. If you are just using SOCK5, the requirements might be lower; if you have done UA2F, you might not need this.

opkg install curl libcurl luci-compat
export url='https://blog.sunbk201.site/cdn' && sh -c "$(curl -kfsSl $url/install.sh)"
service ua3f reload

image

Recommended reading: https://blog.sunbk201.site/posts/ua3f

mentohust#

Ruijie campus network connection tool.

opkg install mentohust

It’s worth mentioning that each school seems to have some Ruijie tools, and you don’t necessarily have to use mentohust.

Networking Resources#

You can search for your school + OpenWrt to see if there are relevant tutorials, or find a senior who has already set up OpenWrt; it’s proven to be effective.

This blog cannot cover everything; there are too many schools and the solutions vary!

If you have the tools mentioned in this article, you can use our firmware to deploy verification or bypass detection to achieve network sharing.

This article is synchronized and updated by Mix Space to xLog. The original link is https://www.miaoer.net/posts/network/college_network_sharing

Footnotes#

  1. https://www.miaoer.net/posts/blog/ssh-connection-to-openwrt

  2. https://www.miaoer.net/network/catwrt

  3. https://www.miaoer.net/posts/network/openwrt-ua2f

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.