July 9th, 2024

PySkyWiFi: Free stupid wi-fi on long-haul flights

PySkyWiFi offers free in-flight internet via airmiles accounts. It uses a unique tunneling method to send HTTP requests through a simplified TCP/IP protocol. However, the creator warns of legal risks.

Read original articleLink Icon
PySkyWiFi: Free stupid wi-fi on long-haul flights

PySkyWiFi is a project that aims to provide free internet access on long-haul flights by leveraging airmiles accounts. The creator developed prototypes to enable instant messaging and real-time data updates through a unique tunneling method. The final product, PySkyWiFi, is a simplified version of the TCP/IP protocol that allows users to send HTTP requests through their airmiles account to access the internet while in-flight. By running a ground daemon connected to the internet and a sky proxy on the plane, users can route their requests through their airmiles account. Despite its innovative approach, the creator advises against using PySkyWiFi due to potential legal implications. The system operates by splitting and transferring data in chunks between the sky proxy and ground daemon, providing users with a way to access online content without incurring additional costs.

Related

Remote shell to a Raspberry Pi at 39,000 ft

Remote shell to a Raspberry Pi at 39,000 ft

The author shares their positive experience beta testing remote shell on Raspberry Pi Connect during a flight, praising its stability and efficiency for text commands. They highlight its advantages over VNC in low-bandwidth situations.

WA man set up fake free WiFi at Australian airports and on flights,police allege

WA man set up fake free WiFi at Australian airports and on flights,police allege

A man in Western Australia was arrested for creating fake wifi networks at airports and flights to steal personal data. He faces cybercrime charges for setting up deceptive networks to collect users' information. Police advise caution and cybersecurity measures.

Show HN: Safe Routes. real time turbulence data, ML predictions with an iPad

Show HN: Safe Routes. real time turbulence data, ML predictions with an iPad

SkyPath enhances airline safety with real-time turbulence data, PIREP reports, and machine learning predictions for informed pilot decisions. It offers a free trial, accurate turbulence predictions, and benefits pilots, dispatchers, and management.

Could the 'flying piano' help transform air cargo?

Could the 'flying piano' help transform air cargo?

Aerolane, a US start-up, aims to revolutionize air cargo transportation through airborne surfing, mimicking bird techniques. Despite safety concerns, they plan to reduce costs and fuel consumption with innovative practices.

Creating a Simple Pastebin Service in Python and Flask – Muhammad

Creating a Simple Pastebin Service in Python and Flask – Muhammad

A blog post describes creating a Pastebin service with Python and Flask. Users can paste text, select a language, and get a unique URL. Setup includes virtual environment, Flask, shortuuid, and pygments. Code manages submissions, displays content with syntax highlighting, and views pastes. Suggestions for project enhancements and author's services mentioned.

Link Icon 64 comments
By @jmkb - 6 months
Decades ago, my partner used Google Voice for texting -- really handy, texts just showed up in the gmail inbox, and could be replied to from there. She didn't like cellphones, but usually carried one of the old "Kindle Keyboard" models with unlimited 3G data. The Kindle had simple web browser that could load the low-spec gmail interface, so in essence she had a fully functional SMS device, with no monthly charges.

Notification of incoming texts was the only problem. I jailbroke the thing and started trying to schedule network requests, thinking I'd add some kind of new message counter on the home screen. This proved hard. But it occurred to me that the best place for the counter would be right next to the Kindle's device name, at the top of the screen. And the device name could be updated from her Amazon account.

So I automated a web browser on the home server to log into Amazon and update the device name to "My Kindle (x)" where x was the number of unread Google Voice texts. The Kindle would update the name on the home screen in less than a minute. This worked for years!

(Eventually that Kindle was stolen. I wanted to update its name to something foul but the device disappeared from her account too quickly.)

By @jesprenj - 6 months
I was on a ~20 hour ferry ship from Italy to Greece once. They had paid wifi using sattelite internet, which I did not want to pay. But for payments to work, they allowed access to stripe. Turns out, everything on stripe.com was accessible, even dev docs etc. So I started to waste their bandwidth by downloading gigabytes of images from the stripe website over and over again.

But that's quite unproductive. As it turned out, in order for stripe to work, it needs access to fastly CDN. And then I remembered that reddit also uses fastly. By connecting to stripe and changing the Host HTTP header to reddit.com, I could browse reddit! Images didn't work though (i.redd.it is not on fastly). I could edit my /etc/hosts and associate old.reddit.com with stripe's fastly IP address. After ignoring scary TLS errors, I could even log in.

By @firefoxd - 6 months
Couple weeks ago, I took my kids to a class at the mall, then decided to use their free wifi. I logged in successfully with my laptop, but it said no Internet.

I checked the default gateway and it took me to a cisco modem. It had all sort of diagnostic tooling including the list of devices connected to the modem. However, it showed no Internet connection. I googled the model on my phone, and the admin is supposed to be the serial number with blank password and there was an example of the pattern. Surprisingly, one of the devices connected to the modem had a name that looked like said pattern.

And just like that, I was in. I toggled the Internet button, 15 seconds later it turned green. I set a new password on the device.

By @poincaredisk - 6 months
This is awesome and I love hacks[1] like this. On the other hand, if I remember correctly, I've checked recently and global DNS in skywifi seemed to resolve fine without paying. So I think - at least in the plane I was in - just a regular iodine [2] tunnel would work

[1] in the original meaning of the word. [2] https://github.com/yarrick/iodine

By @wtcactus - 6 months
"I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together."

People like this lack basic civility. I'm sure a lot of the people around Robert did mind, they were just too polite to ask him to stop imposing his gratuitous noise on them.

By @dakiol - 6 months
Am I the only one who is always tired in the plane no matter what and cannot anything but close my eyes and wait til the flight is over?

The idea of pulling out my laptop or even a book is just… tiring. There’s a lot of noise as well (airbus anyone?) and I don’t have noise cancel headphones, so concentration is difficult. Without taking into account that I have spent at least 2h away from home among trains, trams and security controllers. The bad (unhealthy) food available in airports doesn’t help either. Half the year the weather doesn’t help either(it’s either too hot or too cold). Plus the 10 kilos backpack I have on my back is making me sweat no matter what.

So, basically, I’m never in the mood of doing anything in a plane.

By @DWakefield - 6 months
Sending stock quotes, scores, weather, etc. reminds me of a service that Google used to offer via text message. I used that a ton before I got my first smartphone: text W[ZIP code] to 46645 (GOOGL) and it would text back the weather. Same for stock:[symbol] and many other things I've since forgotten. Of course Google killed it, but it was neat while it lasted!
By @moritonal - 6 months
Interesting to see how close the author got to producing an abstract "TCP-over-shared-editable-fields", which in itself would make a really cool tool.

Imagine a proxy where all you did was design at a high-level a way to write/read to a shared resource from two sides, and then it handled all the rest for you as a SOCKS proxy.

By @praveen9920 - 6 months
Few years ago, dean of our college decided to block lan network after 10PM because of “gaming impact attendance” blah blah.

Anyway, the way they implemented this is by blocking all traffic from/to ip addresses but not blocking tcp and completely forgot about ipv6 as it was not pretty new. So, I created a simple p2p chat Application which will work with ipv6. Only problem is that we had to share our ipv6 addresses with our friends which they have to maintain in contacts. It worked great until we figured tunneling to computer which is outside the network was much easier.

By @hxii - 6 months
This reminds me, and perhaps a perfect example of writing useless software[1] and the subsequent HN discussion[2].

Is it a life changer? Probably not. Was it fun to write and explore? Most likely!

We definitely need to make more stuff like this.

[1]: https://ntietz.com/blog/write-more-useless-software/

[2]: https://news.ycombinator.com/item?id=37911900

By @rfonseca - 6 months
A long time ago (2011) when I was teaching the networking course at Brown, the final assignment in the course was to create the equivalent of iodine, IP-over-DNS tunneling [1]. Being a course assignment, the handout only outlines the solution. We provided a set of domain names and DNS servers on VMs for students to use.

After the course ended, one student going home did manage to use his assignment to get Internet access from the airport, as we had forgotten to turn off the DNS server nodes.

Over the years we had a lot of fun with creative final projects in the course besides IP-over-DNS, including web-based phone tethering, DNS spoofing, openflow-based SDN routing, LT (Erasure) Coding, a BitTorrent client, and a DNS-redirection-based CDN with leaderboard.

[1] https://cs.brown.edu/courses/cs168/s11/handouts/dtun.pdf

By @amelius - 6 months
Hacker: Those stupid website makers, they didn't think of this hole.

Website makers: There's a hole here, but we make it super slow so nobody in their right mind would use it and even if they do then there's no problem whatsoever. It would only waste their time.

By @_joel - 6 months
Reminded of using Iodine to break out of captive portals using DNS TXT/SRV etc records https://github.com/yarrick/iodine
By @adyavanapalli - 6 months
Most flight WiFi networks don't block DNS traffic, so if you set up a custom DNS server, you can tunnel everything through DNS. It's slow, but it's free internet!
By @stuartjohnson12 - 6 months
It's been a long time since I audibly laughed out loud at a network diagram. Possibly never. There is a first time for everything.
By @ApolloFortyNine - 6 months
A lot of cruise ships will let you pay for a messaging tier which unblocks messaging apps, but blocks everything else. I found this repo that uses whatsapp messages as a form of proxy. [1] It's pretty cool as a PoC, but in reality is much too slow to use for more than maybe checking the news.

[1]https://github.com/aleixrodriala/wa-tunnel

By @nunez - 6 months
> Several co-workers were asking me to review their PRs because my feedback was “two weeks late” and “blocking a critical deployment.” But my ideas are important too so I put on my headphones and smashed on some focus tunes. I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

He's not serious, right? Right?

By @sv0t - 6 months
I needed to get a message to my misses while on a long flight home. It wasn't an emergency but it would have been a total bummer to let her know after I had landed.

The problem was I had packed my wallet into my check-in like a dumbass. I couldn't figure out a way to sign up for in flight wifi. Plenty of apps and services have my credit card number on my phone but none of them would show the entire number without me signing on.

The flight however had Alipay as one of the apps to pay, which would have been great except it wasn't working. It still allowed connections to alipay. I figured out I could cancel the payment through a button hiding in a transaction details page and be dumped out to the alipay home screen.

The alipay chat feature wasn't working though, they'd must have thought about that. But some of the mini-apps did work, including the mini-app for my home automation.

It let me send a message to the terminal thingy at the door of my place where you buzz people in (there was a feature to send mail to other rooms, I just sent it to myself).

This took up about 40 minutes of the 11 hour flight.

By @hoytech - 6 months
Reminds me of the "Bob Wehadababyitsaboy" GEICO commercial:

https://www.youtube.com/watch?v=9JxhTnWrKYs

By @tverbeure - 6 months
In the early nineties, before logging into work from home was a thing, my friend created an email based terminal tunnel: he'd send emails with Unix commands to this account, executed the command, and returned an email with the result.

There were no security checks whatsoever: everyone who know the magic word that triggered the start of the commands could do whatever they wanted on the Alcatel servers.

By @ubergeek42 - 6 months
Along the same lines, there are some programming contests that use a web based system for submitting solutions. They often restrict internet access to just the contest website, but a motivated user could use the same trick with the user profile fields to sneak information in/out.

As a bonus one of those contest systems allows users to upload a profile photo, which would greatly increase the bandwidth!

By @theideaofcoffee - 6 months
This is bonkers and I love it. A great hack in spirit but also a good primer on how a fundamental protocol like TCP kinda-if-you-squint-sorta powers everything else.

I wish I thought of it on my last trans-atlantic!

By @xiwenc - 6 months
KLM, specially on long flights, has a free tier wifi where you can use major instant messaging without charge. If you want to surf the web, it’s pretty cheap. If i recall around 30-40 euro for a 9-10hours flight. Or pay less for an hour.

Was considering to “hack” my way out of the free tier. But paying was just too easy and it’s affordable.

Sorry for boring addition/story.

By @wkat4242 - 6 months
What's an airmiles account? I guess it's some kind of frequent flyer thing?

By the way, many many paid WiFi networks leak DNS requests like a sieve when not logged in or paid and you can tunnel through it easily. There's a piece of software for that, iodine I think it was called. Never really needed it but it's there and it works.

By @floam - 6 months
I “hacked” free WiFi on a very long flight to Beijing about 10 years ago when I was in my 20s. I was visiting my girlfriend’s family and didn’t actually have more than $20 to my name at the time.

It was a simple matter of joining the network, and then dumping the traffic in monitor mode. I could log MAC addresses of other devices on the network.

I made a list of addresses and then spoofed someone else’s address that must have paid, and blamo, I’m online.

I would rotate to another address when Internet access deteriorated: this meant the other guy was trying to use the Internet at the same time.

Yeah, I know I’m awful.

By @rozenmd - 6 months
Recently I found Cloudflare's WARP app let me bypass the chat-only restriction on some long-haul airlines. You'd get like 5kbps bandwidth, but it was enough to read HN.
By @phs318u - 6 months
Brilliant! I love stories like this. This is real hacking :)

Am disappointed though to have reached the end of the article only to find no mention of stats regarding max speed, efficiency etc vs the paid-for wifi.

Also, not sure why you wouldn’t just use Base64 encoding for which optimised versions already exist instead of rolling your own conversion to/from base 26 (or 52).

By @101008 - 6 months
I pay for WiFi on long-haul flights because I am bit scared of flying and it keeps me distracted and connected to the world and friends and relatives (maybe I am scared because I feel isolated?).

Anyway, on my last flight I tried WiFi Hotspot and I was able to give WiFi to my girlfriend and dad, just paying for one account on my device. It isn't free but at least it allows everyone on my party to be connected.

By @api - 6 months
ZeroTier, Tailscale, and several other UDP based mesh protocols will sometimes work in “free” mode on planes, but it tends to be horrifically slow.
By @mrguyorama - 6 months
I was recently on a cruise ship in the Caribbean, and they sold "Starlink powered" internet service for $40 a day. Interestingly, they seemed to let notification service traffic through. Any data delivered through a platform based notification made it through just fine, including large images in a youtube notification.

I assume it was to entice you to buy the wifi for some important notification. Or just so you would GET that important notification in the first place. Either way, probably eminently abusable on android at least.

That said, who the hell buys overpriced internet connectivity on a 7 day cruise? I have an addictive personality and spend pretty much all my free time on Youtube or Reddit, and it was refreshing to be without. I especially felt sad about all the young teens who were obviously scrolling tiktok or instagram. What parent buys their child a $3000 cruise ticket and then also pays an additional $300 per child for them to completely not do it? Cheaper than a week of babysitting maybe.

By @HanClinto - 6 months
This is exactly the sort of post that gives me a ray of hope that the Internet still has some of its old magic in it.

Thank you for this. Very well done.

By @nunez - 6 months
The lengths that people will go to to avoid paying $10-20 for onboard WiFi is nuts.
By @vzaliva - 6 months
I vaguely recall a story from a long time ago when companies like AOL and CompuServe sent you CDs in the mail with demo versions of their products. You could dial up using them and access a subset of their services before purchasing full access. Someone figured out that although the rest of the internet was firewalled, they still relayed DNS requests to the original DNS servers (maybe needing a low TTL) and used this to tunnel via a custom DNS server. Et voilà! Free ISP :)
By @kylehotchkiss - 6 months
It's all fun and games until they shut down your frequent flyer program account. That seems to be the way airlines prefer to dish out punishment.
By @HumblyTossed - 6 months
At a company I used to work for long ago locked the network down pretty good, so a coworker used ping requests and a server at home to get around it.
By @Gys - 6 months
> At first I thought that I’d write them using Go, but then I realised that if I used Python then I could call the final tool PySkyWiFi.

Hmm, GoFlyWiFi? GoHighWifi?

By @sandworm101 - 6 months
>> my feedback was “two weeks late” and “blocking a critical deployment.”

>> I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind

Talent or not, managers commonly say that 10% of people cause 90% of the headaches. I guarantee the others on the plane minded very much, but were just to polite to say anything.

By @Kab1r - 5 months
I have used iodine, which though isn't the easiest to setup works on every airline I have tried, to bypass airline Internet firewalls. DNS packets are one of the few things they don't seem to even try to filter. I wouldn't be surprised if you could just run wireguard over UDP/22.
By @Havoc - 6 months
Cool hack aside this part really grates me

> Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

No they were just being too polite to speak up and say this is inconsiderate AF.

It’s bad enough when people do this on public transport, but on a fuckin plane?!?

By @BobbyTables2 - 6 months
I certainly applaud the author’s creativity, but aren’t there potential very significant downsides to using abusing an account linked to your identity in order to fraudulently obtain services?

And then to write about it under one’s own name?

Isn’t this kind of thing that goes against the CFAA?

PRs can wait — not worth criminal charges.

By @neontomo - 6 months
not nearly as impressive, but i got past the software lock at a gaming internet café as a 16 year old by hitting (i think it was) Win + I to open a windows accessibility screen, which had a link to a Microsoft page. when clicked it opened a web browser and bam.
By @yellow_postit - 6 months
I still use the browser dev tools trick with T Mobile's free 1 hour for mobile clients. change laptop user agent to mobile — log in for planes’s wifi — turn off user agent change. I assume the plane is provisioning internet access by mac address.
By @imdsm - 6 months
> Several co-workers were asking me to review their PRs because my feedback was “two weeks late” and “blocking a critical deployment.” But my ideas are important too so I put on my headphones and smashed on some focus tunes.

This is the way

By @ocodo - 6 months
I know that Robert Heaton will appreciate this https://www.youtube.com/watch?v=lpQ_W_lQ9Jo
By @newshackr - 5 months
I had a similar idea to do internet over free-on-the-plane SMS payloads but ended up abandoning it after Twilio asked me to verify I was a legit business.
By @CamelCaseName - 6 months
Sorry if this isn't the thread for it, but is airplane wifi costly to provide?

Is there any hope for a future where all airplane wifi is free?

(Maybe if cellphone plans automatically include satellite wifi?)

By @utbabya - 6 months
Once upon a time when mobile data wasn't as common and cheap, I found that starbucks wifi allowed ping to any where :)
By @theamk - 6 months
A very important quote:

> NB: at this point I didn’t want to send any more automated data through my airmiles account in case that got me in trouble somehow. [...] I therefore proved to myself that PySkyWiFi would work on my airmiles accounts too by updating my name ten or so times in quick succession. They all succeeded [...] I then wrote the rest of my code by sending my data through friendly services like GitHub Gists and local files on my computer

> I’m going to keep talking about sending data through an airmiles account, because that’s the point I’m trying to make.

Disappointing! I would not be surprised if things break when updating name millions of times (and you do need millions of updates for basic website) - maybe there is a history table, or a queue, or a easily overloaded service...

By @breck - 6 months
Many times have I hacked to get free in flight and hotel wifi, often using brute force algos.

Never have I thought of an idea as hilarious as this.

Well done.

By @UniverseHacker - 6 months
I love the part where he paid for the wifi so he could develop a workaround that he would never need. True hacker spirit.
By @imdsm - 6 months
It was a shame to see the author stop proving this over the actual hole. That's where I switched off sadly.
By @demondemidi - 6 months
Clever exploit of a website security hole! Except you need to give your credentials to a trusted party.
By @sghiassy - 6 months
Did he say that played Limp Bizkit on his speakers and made everyone the plane listen to it?!?
By @hacker_88 - 6 months
TCP-UP , TCP over User Profile
By @metabagel - 6 months
> I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

After reading this, I’m not interested in anything else the author has to say. People won’t always tell you when you are being a jerk.

By @jacobrussell - 6 months
cloud computing
By @amenhotep - 6 months
220 comments and no "Bob Wehadababyitsaboy"? Surprising!
By @slt2021 - 6 months
boingo wifi lets you connect to AppStore and Android store to download Boingo mobile app.

use this knowledge to get free internet access :-)

By @jraph - 6 months
> I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

Eh. I would probably mind but depending on my mood and the level of conflict avoidance in me, you wouldn't notice.

By @gnarlouse - 6 months
This is amazing but honestly I'd rather just pay for wifi.
By @yyyfb - 6 months
Tldr: $1,000 worth of engineering time to save $10 on inflight WiFi
By @dventimi - 6 months
I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

Here's where I parachuted out of this article.