PySkyWiFi: Free stupid wi-fi on long-haul flights

Notification of incoming texts was the only problem. I jailbroke the thing and started trying to schedule network requests, thinking I'd add some kind of new message counter on the home screen. This proved hard. But it occurred to me that the best place for the counter would be right next to the Kindle's device name, at the top of the screen. And the device name could be updated from her Amazon account.

So I automated a web browser on the home server to log into Amazon and update the device name to "My Kindle (x)" where x was the number of unread Google Voice texts. The Kindle would update the name on the home screen in less than a minute. This worked for years!

(Eventually that Kindle was stolen. I wanted to update its name to something foul but the device disappeared from her account too quickly.)

But that's quite unproductive. As it turned out, in order for stripe to work, it needs access to fastly CDN. And then I remembered that reddit also uses fastly. By connecting to stripe and changing the Host HTTP header to reddit.com, I could browse reddit! Images didn't work though (i.redd.it is not on fastly). I could edit my /etc/hosts and associate old.reddit.com with stripe's fastly IP address. After ignoring scary TLS errors, I could even log in.

I checked the default gateway and it took me to a cisco modem. It had all sort of diagnostic tooling including the list of devices connected to the modem. However, it showed no Internet connection. I googled the model on my phone, and the admin is supposed to be the serial number with blank password and there was an example of the pattern. Surprisingly, one of the devices connected to the modem had a name that looked like said pattern.

And just like that, I was in. I toggled the Internet button, 15 seconds later it turned green. I set a new password on the device.

[1] in the original meaning of the word. [2] https://github.com/yarrick/iodine

People like this lack basic civility. I'm sure a lot of the people around Robert did mind, they were just too polite to ask him to stop imposing his gratuitous noise on them.

The idea of pulling out my laptop or even a book is just… tiring. There’s a lot of noise as well (airbus anyone?) and I don’t have noise cancel headphones, so concentration is difficult. Without taking into account that I have spent at least 2h away from home among trains, trams and security controllers. The bad (unhealthy) food available in airports doesn’t help either. Half the year the weather doesn’t help either(it’s either too hot or too cold). Plus the 10 kilos backpack I have on my back is making me sweat no matter what.

So, basically, I’m never in the mood of doing anything in a plane.

Imagine a proxy where all you did was design at a high-level a way to write/read to a shared resource from two sides, and then it handled all the rest for you as a SOCKS proxy.

Anyway, the way they implemented this is by blocking all traffic from/to ip addresses but not blocking tcp and completely forgot about ipv6 as it was not pretty new. So, I created a simple p2p chat Application which will work with ipv6. Only problem is that we had to share our ipv6 addresses with our friends which they have to maintain in contacts. It worked great until we figured tunneling to computer which is outside the network was much easier.

Is it a life changer? Probably not. Was it fun to write and explore? Most likely!

We definitely need to make more stuff like this.

[1]: https://ntietz.com/blog/write-more-useless-software/

[2]: https://news.ycombinator.com/item?id=37911900

After the course ended, one student going home did manage to use his assignment to get Internet access from the airport, as we had forgotten to turn off the DNS server nodes.

Over the years we had a lot of fun with creative final projects in the course besides IP-over-DNS, including web-based phone tethering, DNS spoofing, openflow-based SDN routing, LT (Erasure) Coding, a BitTorrent client, and a DNS-redirection-based CDN with leaderboard.

[1] https://cs.brown.edu/courses/cs168/s11/handouts/dtun.pdf

Website makers: There's a hole here, but we make it super slow so nobody in their right mind would use it and even if they do then there's no problem whatsoever. It would only waste their time.

[1]https://github.com/aleixrodriala/wa-tunnel

He's not serious, right? Right?

The problem was I had packed my wallet into my check-in like a dumbass. I couldn't figure out a way to sign up for in flight wifi. Plenty of apps and services have my credit card number on my phone but none of them would show the entire number without me signing on.

The flight however had Alipay as one of the apps to pay, which would have been great except it wasn't working. It still allowed connections to alipay. I figured out I could cancel the payment through a button hiding in a transaction details page and be dumped out to the alipay home screen.

The alipay chat feature wasn't working though, they'd must have thought about that. But some of the mini-apps did work, including the mini-app for my home automation.

It let me send a message to the terminal thingy at the door of my place where you buzz people in (there was a feature to send mail to other rooms, I just sent it to myself).

This took up about 40 minutes of the 11 hour flight.

https://www.youtube.com/watch?v=9JxhTnWrKYs

There were no security checks whatsoever: everyone who know the magic word that triggered the start of the commands could do whatever they wanted on the Alcatel servers.

As a bonus one of those contest systems allows users to upload a profile photo, which would greatly increase the bandwidth!

I wish I thought of it on my last trans-atlantic!

Was considering to “hack” my way out of the free tier. But paying was just too easy and it’s affordable.

Sorry for boring addition/story.

By the way, many many paid WiFi networks leak DNS requests like a sieve when not logged in or paid and you can tunnel through it easily. There's a piece of software for that, iodine I think it was called. Never really needed it but it's there and it works.

It was a simple matter of joining the network, and then dumping the traffic in monitor mode. I could log MAC addresses of other devices on the network.

I made a list of addresses and then spoofed someone else’s address that must have paid, and blamo, I’m online.

I would rotate to another address when Internet access deteriorated: this meant the other guy was trying to use the Internet at the same time.

Yeah, I know I’m awful.

Am disappointed though to have reached the end of the article only to find no mention of stats regarding max speed, efficiency etc vs the paid-for wifi.

Also, not sure why you wouldn’t just use Base64 encoding for which optimised versions already exist instead of rolling your own conversion to/from base 26 (or 52).

Anyway, on my last flight I tried WiFi Hotspot and I was able to give WiFi to my girlfriend and dad, just paying for one account on my device. It isn't free but at least it allows everyone on my party to be connected.

I assume it was to entice you to buy the wifi for some important notification. Or just so you would GET that important notification in the first place. Either way, probably eminently abusable on android at least.

That said, who the hell buys overpriced internet connectivity on a 7 day cruise? I have an addictive personality and spend pretty much all my free time on Youtube or Reddit, and it was refreshing to be without. I especially felt sad about all the young teens who were obviously scrolling tiktok or instagram. What parent buys their child a $3000 cruise ticket and then also pays an additional $300 per child for them to completely not do it? Cheaper than a week of babysitting maybe.

Thank you for this. Very well done.

Hmm, GoFlyWiFi? GoHighWifi?

>> I’d forgotten to charge my headphones so Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind

Talent or not, managers commonly say that 10% of people cause 90% of the headaches. I guarantee the others on the plane minded very much, but were just to polite to say anything.

> Limp Bizkit started playing out of my laptop speakers. Fortunately no one else on the plane seemed to mind so we all rocked out together.

No they were just being too polite to speak up and say this is inconsiderate AF.

It’s bad enough when people do this on public transport, but on a fuckin plane?!?

And then to write about it under one’s own name?

Isn’t this kind of thing that goes against the CFAA?

PRs can wait — not worth criminal charges.

This is the way

Is there any hope for a future where all airplane wifi is free?

(Maybe if cellphone plans automatically include satellite wifi?)

> NB: at this point I didn’t want to send any more automated data through my airmiles account in case that got me in trouble somehow. [...] I therefore proved to myself that PySkyWiFi would work on my airmiles accounts too by updating my name ten or so times in quick succession. They all succeeded [...] I then wrote the rest of my code by sending my data through friendly services like GitHub Gists and local files on my computer

> I’m going to keep talking about sending data through an airmiles account, because that’s the point I’m trying to make.

Disappointing! I would not be surprised if things break when updating name millions of times (and you do need millions of updates for basic website) - maybe there is a history table, or a queue, or a easily overloaded service...

Never have I thought of an idea as hilarious as this.

Well done.

After reading this, I’m not interested in anything else the author has to say. People won’t always tell you when you are being a jerk.

use this knowledge to get free internet access :-)

Eh. I would probably mind but depending on my mood and the level of conflict avoidance in me, you wouldn't notice.

Here's where I parachuted out of this article.