[HN Gopher] Show HN: Print a WiFi Login Card
___________________________________________________________________
Show HN: Print a WiFi Login Card
Author : bndw
Score : 160 points
Date : 2020-05-31 16:34 UTC (6 hours ago)
(HTM) web link (wifi.dev.bdw.to)
(TXT) w3m dump (wifi.dev.bdw.to)
| mrtweetyhack wrote:
| Yes, print all your passwords and your social security number too
| dheera wrote:
| Might be a dumb question but how do you scan a QR code like this
| on Android without a 3rd party app? The only way I've ever known
| to scan QR codes is by scanning from within WeChat.
| lwhsiao wrote:
| Support for this is built in to the stock camera app for
| Android 10.
| toomuchtodo wrote:
| Lovely! Is it possible to inject SSID and passphrase parameters
| as env vars into the Docker container and have a png or pdf
| render without the web interface?
|
| Edit: Thank you to those who replied!
| jasonjayr wrote:
| qrencode is in debian/ubuntu
| (https://fukuchi.org/works/qrencode/)
| qrencode -t ansiutf8 'WIFI:T:WPA;S:{ssid};P:{password};;'
|
| No docker required ...
| toomuchtodo wrote:
| I'm on a Mac, so I would need Docker if the tool wasn't built
| for Mac (only Linux).
| dewey wrote:
| No, you can just install it via Homebrew.
|
| brew install qrencode
| toomuchtodo wrote:
| Good to know! Thank you!
| davb wrote:
| You can generate QR codes using qrencode (available in most
| distros package repos), as follows:
|
| qrencode -o wifi.png "WIFI:T:WPA;S:<SSID>;P:<PASSWORD>;;"
| groundpepper wrote:
| This is incredibly useful, I didn't know our phones had this
| feature.
| wiml wrote:
| An idea that's been kicking around in my head is a widget with an
| e-ink display for hackerspaces, cafes, and other multi-user
| spaces that displays the a password-of-the-day along with a
| qrcode for easy login. Heck, include an NFC chip that hands out
| application/vnd.wfa.wsc objects as well.
|
| I'm not sure how useful it would be beyond the cool factor, of
| course ... the cafes in my area don't seem to change their wifi
| passwords often at all, so I assume they're not very concerned
| about leeching. The typical practice of printing it on a receipt
| or writing it on the board next to the soup-of-the-day is
| probably hard to beat.
| bronco21016 wrote:
| Typically you'd just use a captive portal with sessions that
| time out. That's sufficient to keep away all but the most
| determined leechers.
| pathseeker wrote:
| Unfortunately they are really annoying to use.
| bronco21016 wrote:
| I'd much rather use a captive portal than hunt for the 4"
| e-ink device hiding in a place of business.
|
| They're definitely not perfect though and you find some
| truly annoying configurations when you're out in the world
| of public WiFi but for the most part it works.
| dvtrn wrote:
| What have been your frustrations with them? I've found them
| dead easy to setup and implement
| pathseeker wrote:
| Woah, do not get into the habit of putting your wifi network
| password into a website if you care about security. This
| particular site might or might not collect it now but it's a
| terrible habit to put your sensitive data into another site.
|
| Imagine if this was a web-based password strength meter.
| tialaramex wrote:
| In WPA2 and earlier it makes sense to have a WiFi password even
| if it isn't secret from anyone.
|
| Without a WiFi password these versions communicate in
| plaintext, so a passive adversary can snoop everything,
| choosing a password switches on encryption and thus protects
| against passive eavesdroppers.
|
| Only in WPA3 do networks with no password get encryption to
| protect you from passive eavesdroppers.
|
| Obviously an active MitM can work regardless, but that's
| trickier to attempt and unavoidably subject to detection.
|
| If you "care about security" in the sense of not wanting random
| people to connect then you should not use "Personal mode" which
| is garbage in all versions of WPA because it relies on a shared
| human memorable password and (say it after me) human memorable
| passwords are garbage.
|
| Use whichever of the terrible 802.1x alternatives best fits
| your scenario, as these authenticate specific users rather than
| relying on a single shared password. You can federate to allow
| large groups of people with something in common to all use all
| the networks in the federation. For students (and academic
| staff) most tertiary education sites in the world now offer
| Eduroam for example.
|
| Or, give it all up as a bad job, and (with the caveat at the
| top about preventing passive eavesdropping) just stop trying to
| fence off your network and accept that it's the Internet and
| you'll need a BeyondCorp / Zero Trust security model.
| unethical_ban wrote:
| I think the OP was saying that it is not a good thing to
| encourage people inputting their personal passwords to
| untrusted websites. They weren't commenting on the need to
| put passwords on wifi networks.
| [deleted]
| seesawtron wrote:
| True. How else would one implement this as a workaround for
| security? Perhaps a locally running version of the same thing
| that hopefully doesn't upload the data back to some server?
|
| Edit: some users already commented in another thread about
| pacakges that can do it instead.
| CapriciousCptl wrote:
| Neat. You can find more supported QR codes for iOS here--
| https://developer.apple.com/videos/play/tech-talks/206/ (I
| couldn't find docs but you can skip around the video, starts at
| 1:11).
| Flimm wrote:
| Nice! I didn't realise that iOS supports QR codes out of the
| box now.
| rhinoceraptor wrote:
| You can also generate them via Siri Shortcuts now, I wrote a
| simple shortcut that's shown on the share sheet, so I can
| share WiFi credentials from 1Password via QR code.
|
| The shortcut is just regex match the base station, password
| and security from the text 1Password shares, then format it
| as WIFI:S:<ssid>;T:<security>;P:<password>;; and then pipe
| that to the Generate QR code action.
| wise_young_man wrote:
| They added support built into the camera app starting with
| iOS 11 (released in 2018).
|
| https://9to5mac.com/2018/05/16/how-to-qr-codes-
| ios-11-iphone...
| Flimm wrote:
| Do all Android and iOS devices support this feature?
| ken wrote:
| iOS since 11.0 (2017, >98% of iOS users today):
| https://en.wikipedia.org/wiki/IOS_11#Other_changes
| lucb1e wrote:
| I don't know what version it was introduced, but this has been
| around for quite a while and doesn't rely on proprietary google
| services or anything, so I expect all phones have it (though
| maybe your QR code reader needs to support the format).
| chrismorgan wrote:
| Another fun bug report: I entered _lots_ of input, and the page
| suddenly went blank. In the console: Error: code
| length overflow. (28252>23648)
|
| So yeah, seems like all you have to do is paste 24KB of data in
| and it blows up. :)
|
| I see this failure mode in React apps a _lot_ , where a bug
| causes an exception to be thrown, and the page just vanishes in a
| puff of smoke, as though it never was.
|
| Half the time I've seen this failure mode it's also been combined
| with _persisting the bad value_ , so that the site is permanently
| broken until you can unpersist the value (e.g. clear localStorage
| or IndexedDB or cookie; but if the bad value is stored on a
| server you're truly stuck).
|
| The impression I've taken away is that it's entirely unacceptable
| for a React component to throw an exception, because it will
| immediately destroy _everything_. Wonder how common such failures
| actually are, and whether there's anything React itself could do
| about it (my guess is not).
| bndw wrote:
| Thanks, fixed. TIL ssids have a max char count of 32:
|
| https://serverfault.com/questions/45439/what-is-the-maximum-...
| chrismorgan wrote:
| FYI, maxlength is actually not enough to protect against
| people like me that are determined to break things for fun:
| Firefox 77 starts letting you exceed maxlength if pasting
| text in, to protect against accidental truncation. See
| https://www.fxsitecompat.dev/en-CA/docs/2020/text-
| exceeding-....
|
| You may say it's a fairly contrived failure, but it's easily
| possible, and plausible if the user _thinks_ they copied the
| password onto the clipboard, but actually those paragraphs of
| text they copied earlier are still on the clipboard. That
| sort of thing happens to people that use the clipboard (e.g.
| me) not uncommonly.
| bndw wrote:
| All good. This was a random weekend hack project meant to
| solve a specific, personal need. Figured I'd share it out
| in case others were interested.
|
| I'm glad it's sparked your curiosity but I hope you'll
| understand the intent. I'd be happy to accept PR's if you'd
| like to contribute!
| Shakahs wrote:
| This is what React error boundaries are for, containing the
| exception and optionally showing a fallback or error.
| paddlesteamer wrote:
| I like how it ignores WEP. Don't use WEP.
| encom wrote:
| I've tried to use these before, but since my SSID is [the poop
| emoji] (which i've just learned is verboten on HN) and the
| password is 64 characters of hex, I've never gotten it to work,
| and have exposed bugs in lots of shitty wifi hardware and
| software. 64 char hex is what a regular 8-63 char password is
| hashed to for encryption. Specifying it directly as 64 char hex
| is in spec, and should be supported in software or hardware
| that's made properly.
|
| Emoji SSID just kind of works in most cases, because an encoding
| was never specified for that string, afaik.
|
| TL;DR: I shoot myself in the foot for entertainment.
| srhngpr wrote:
| Recently came across a QR Coder [1] that can generate for a
| variety of different purposes, including Wifi (e.g., Bookmarks,
| Email, Contact, GeoLocation, SMS, URL link, etc.) - the same
| website also has a encoder/decoder and an API [2], but I've not
| tried those features.
|
| [1] http://niftypdf.com/Barcoder/QRCoder [2]
| http://niftypdf.com/Barcoder/API
| chrismorgan wrote:
| Per https://github.com/bndw/wifi-
| card/blob/5d7fbbda1e8eac5802c8d..., the QR code text is of this
| form: WIFI:T:WPA;S:{ssid};P:{password};;
|
| https://github.com/zxing/zxing/wiki/Barcode-Contents#wi-fi-n...
| seems to be where this format came from. (That page describes
| various other forms of QR codes too.)
|
| bndw: looks like some characters need escaping: backslash,
| semicolon, comma and colon. Maybe more too, given the treatment
| of double quotes in that last link (I've filed
| https://github.com/zxing/zxing/issues/1292 about that
| inconsistency).
| seesawtron wrote:
| Can someone give a short explaination as to how it works in the
| backend? The QR code contains username and password. But how does
| my phone's QR scanner know that its an SSID/pw and eventually
| connects to the network?
| macintux wrote:
| See this comment: https://news.ycombinator.com/item?id=23371188
|
| Presumably the camera app recognizes "WIFI:" as a protocol
| string and passes the details along to the system settings.
| seesawtron wrote:
| Yes I saw, that is what the QR code contains (username and
| password of the WIFI). But I do not understand what my phone
| does when it sees that. There are tons of dubmbed-down
| articles on "how-to" instructions but none explaining the
| backend stuff happening on my phone's side.
|
| Also found qifi.org that does a similar thing.
| est31 wrote:
| The Zxing barcode scanner app does it this way: This [0] is
| the dispatch code. If it detects WIFI as type, it passes it
| to a WifiConfigManager [1] which then talks to Android's
| WifiManager API. On the back end, the addOrUpdateNetwork
| function of WifiManager [3] calls the method with the same
| name of IWifiManager [4]. That class has a channel to a
| WifiStateMachine [5] which sends a message with the command
| CMD_ADD_OR_UPDATE_NETWORK. It's handled in the same file
| (but I suppose it's in a different process, now a
| privileged system process), and calls the
| addOrUpdateNetwork function of WifiConfigStore [6].
|
| The WifiConfigStore stores its config into a wpa_supplicant
| compatible file. The file is then passed to the
| wpa_supplicant service, which is also present on other
| Linux distros like the GNU/Linux ones, although here the
| config file is built by a dedicated NetworkManager service
| (also, some intel folks are building a replacement IIRC).
| wpa_supplicant is a privileged service that talks to the
| WiFi card drivers.
|
| [0]: https://github.com/zxing/zxing/blob/0cf3b9be71680f50c9
| 0a71ca...
|
| [1]: https://github.com/zxing/zxing/blob/0b9b39a74fb3d7b010
| fb2979...
|
| [2]: https://developer.android.com/reference/android/net/wi
| fi/Wif...
|
| [3]: https://android.googlesource.com/platform/frameworks/b
| ase/+/...
|
| [4]: https://android.googlesource.com/platform/frameworks/o
| pt/net...
|
| [5]: https://android.googlesource.com/platform/frameworks/b
| ase/+/...
|
| [6]: https://android.googlesource.com/platform/frameworks/o
| pt/net...
| daveevad wrote:
| it sounds to me like it's a custom url scheme built into
| ios.
|
| https://developer.apple.com/documentation/uikit/inter-
| proces...
| kevin_thibedeau wrote:
| It's vCard, not URL.
| castratikron wrote:
| Maybe someone will sell wifi routers with cute little LCD screens
| in them that show this QR code?
| graton wrote:
| I just did this the other day using the newest version (6.4.4) of
| LibreOffice Writer. It has a QR Code generator built in.
|
| As mentioned by someone else it uses the form of:
| WIFI:T:WPA;S:{ssid};P:{password};;
|
| Wikipedia has information on this
| https://en.wikipedia.org/wiki/QR_code#Joining_a_Wi%E2%80%91F...
|
| Section of the Wikipedia article:
|
| _Joining a Wi-Fi network_
|
| By specifying the SSID, encryption type, password/passphrase, and
| if the SSID is hidden or not, mobile device users can quickly
| scan and join networks without having to manually enter the data.
| Note that this technique is valid for specifying only static SSID
| passwords (i.e. PSK); dynamic user credentials (i.e.
| Enterprise/802.1x) cannot be encoded in this manner.
|
| The format of the encoded string is:
| WIFI:S:<SSID>;T:<WPA|WEP|>;P:<password>;H:<true|false|>;
|
| Order of fields does not matter. Special characters """
| (quotation mark), ";" (semicolon), "," (comma), ":" (colon) and
| "\" (backslash) should be escaped with a backslash ("\") as in
| MECARD encoding. For example, if an SSID were "foo;bar\baz", with
| quotation marks part of the literal SSID name itself, this would
| be encoded as: WIFI:S:\"foo\;bar\\\baz\";;
|
| As of January 2018, iPhones have this feature built into the
| camera app under iOS 11.x. Android users may have the feature
| built into one of the device's stock apps (e.g. Samsung Galaxy
| S8/S8+/Note8 users can launch the stock browser, tap the
| browser's 3-dot menu, then choose "Scan QR code") or can install
| one of several available free apps such as "Barcode Scanner" or
| "QR Droid" to perform the QR Wi-Fi join.
| ShamelessC wrote:
| Typical Samsung, putting the feature inside their stock browser
| (which I've disabled) instead of the camera where it makes
| sense.
| Stratoscope wrote:
| On my Note 8 this feature works directly in the stock camera
| app. I didn't know about this, but I just tested it on the
| linked site and it works.
| ShamelessC wrote:
| That's strange. I just tried it on my Note 9. It recognizes
| the QR code but just displays the unformatted WiFi string.
| Doesn't attempt to connect at all.
| Stratoscope wrote:
| Very odd! I tested a friend's Note 9 and it works there
| too. Both phones are on T-Mobile with their latest
| Android update.
|
| The Note 9 is Android 10, One UI 2.0, build
| QP1A.190711.020.N960USQS3DTB2.
|
| The Note 8 is Android 9, One UI 1.0, build
| PPR1.180610.011.N950USQU7DTC1.
| anaisbetts wrote:
| The QR code that it initially displays is invalid, type
| any text into the SSID/pass fields and it will work
| superhuzza wrote:
| I have an S8, the camera reads QR codes fine. It looks like
| you may have to enable a setting the first time you read a QR
| code, after that it will do automatically and ask if you want
| to follow the link.
|
| https://www.samsung.com/au/support/mobile-devices/samsung-
| qr...
| BiteCode_dev wrote:
| Also, android will display such QR code if you go to your wifi
| settings so you can connect other devices easily.
| londons_explore wrote:
| What android version?
|
| It was my understanding that the android security model
| doesn't allow this - specifically the settings permission
| let's you connect to a new network, but not to get the
| password back for an already saved network.
| BiteCode_dev wrote:
| Whatever is currently on the OnePlus 6 does it.
| dudus wrote:
| At last my Pixel 3a have that option. On the network
| settings you can click "share" and it will give you a qr
| code as well as show the password in cleartext in the
| screen. It does require you to enter your password or scan
| your digital to go there.
| wazzaps wrote:
| My Pocophone F1 has a button to generate a QR code from a
| network in the settings app, I guess they added a special
| permission for it.
| thephyber wrote:
| Neat. I investigated doing something like this a few weeks ago,
| but it turned out there's a site that has a variety of QR code
| tools:
|
| https://www.qr-code-generator.com/
|
| (not trying to advertise the site, just saying it wasn't worth my
| time to reinvent something)
| lucb1e wrote:
| I like the interface and that it doesn't need a server to
| generate the QR image, but it doesn't work for my network
| -\\_(tsu)_/-
|
| Edit: perhaps I should clarify that that's my network's name. In
| the qr code reader it shows up as -_(tsu)_/- and it's stored in
| wpa_supplicant.conf as c2af5f28e38384295f2fc2af (indeed missing
| the backslash).
| chrismorgan wrote:
| Hah, I noticed the lack of escaping when skimming the code (see
| my comment--workaround until fixed will be for you to double
| the backslash yourself) but didn't expect it to actually
| _affect_ anyone. Don't think I've never seen a backslash,
| semicolon, comma or colon in an SSID. Or non-ASCII!
| lucb1e wrote:
| Since finding out SSIDs are not limited to 7-bit ASCII or
| something, my networks have never been the same.
| chrismorgan wrote:
| Hmm, but it looks like under WPA-Personal keys _are_ still
| limited to printable ASCII?
| [deleted]
___________________________________________________________________
(page generated 2020-05-31 23:01 UTC)