Given that some group members are unable to use CatWrt's UA2F software to bypass the UA detection of the campus network, this article has processed the corresponding service providers of the school. Please do not abuse it. This tutorial only demonstrates sharing the campus network and is not intended for cracking paid systems.
This article is applicable to all OpenWrt LuCI 18.06+, and if you are not using CatWrt, you can still proceed with confidence.
The project being discussed this time is Zxilly/UA2F
UA2F author's blog: https://learningman.top/archives/304
Determine Network#
First, let me introduce our school's campus network, which has several types representing different service providers (web verification only, web + APP verification, APP verification only).
The device I am using is a J4105 soft router, which automatically obtains an IP via DHCP on the WAN port. When using a computer to access the internet, it hijacks and prompts a QR code for verification via a mobile APP. I am using HttpCanary for man-in-the-middle packet capturing. The blogger here is using a XiaoMi 10 with an unlocked BootLoader and has obtained ROOT permissions using Magisk. In the Love Play Toolbox, I installed the CA root certificate module. It seems that manual installation for man-in-the-middle might not require ROOT; I haven't tested it.
By simply using HttpCanary to resend packets on the phone, the corresponding functionality can be achieved reliably. Analyzing the captured packets reveals: login verification, device list, disconnecting links.
Here, we only need to use login verification and device list for disconnection detection.
Script#
Just right, I have a J4105 that has been flashed with our CatWrt system. Since the CatWrt software source does not include the Python3 package, we also need to use the default Tencent software source to install both Python3 and Python3-requests. Next, we will write a script.
Indeed, in OpenWrt, resending packets uses Python3 Requests. A slight parsing of the captured content reveals that it sends the following content to the backend, including: Cookie, Token, phone number, IP, school, UA, etc...
Content is closed source, script processing logic is not communicated, provided only as an example! You can throw the packets you captured to ChatGPT to write one; AI is quite smart now.
#!/usr/bin/python3
import os
import time
from threading import Thread
import requests
……
cookie_self = {
"token": "1145141919=",
"catwrt": "catwrt.v23.8",
}
data_self_check_pc = {
"uid": "114514",
"school": "whu",
"ip": "172.168.1.4",
"token": "1145141919=",
"phones": "11451419",
}
header_self_auth = {
"Host": "api.miaoer.xyz",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36)",
"Content-Type": "application/x-www-form-urlencoded",
'Connection': 'keep-alive',
'Content-Length': '114',
"Accept-Encoding": "gzip",
}
header_self_check = {
"Host": "api.miaoer.xyz",
"user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36)",
"Content-Type": "application/x-www-form-urlencoded",
'Connection': 'keep-alive',
'Content-Length': '514',
"Accept-Encoding": "gzip",
}
def auth_router():
url_self = "http://api.miaoer.xyz/api/v2/network_auth"
global auth_code_pc
# post sending packets
log_print("OpenWrt is authenticating~~")
requests.encoding = 'utf-8'
requests.post(url=url_self, headers=header_self_auth, data=data_self_auth_router, cookies=cookie_self)
……
After processing the script, place the file in /root, then install Python3 and requests.
opkg update
opkg install python3 python3-request
We will add the script to the scheduled tasks since the script may be killed unexpectedly.
0/15 * * * 5,6 /usr/bin/python3 /root/auth.py
0/15 6-23 * * 1,2,3,4,7 /usr/bin/python3 /root/auth.py
Run it, and you can surf the internet easily, but upon closer inspection, some http:80 websites will display a message to stop sharing the network, so UA2F will be needed.
UA2F Installation#
Since it has been tested and confirmed to work, the soft router will continue to stand by at home. I have acquired a XiaoMi Redmi AC2100 for campus network sharing.
After CatWrt, UA2F is supported. We have already verified the network status, and the software sources we are using are all Https:443, which can bypass UA detection due to encryption.
We will first follow the blog CatWrt Application Installation, Universal for All Ecosystems to fill in the latest software sources for the corresponding device.
Pull the software source index file and install UA2F. If you previously installed Python3 using the Tencent source, you need to rm -f /var/lock/opkg.lock
to clear the default Tencent source index file or restart, then fill in the source index into the CatWrt distribution software source and refresh the list with opkg update
.
opkg update
opkg install ua2f
Example
BusyBox v1.35.0 (2022-12-09 10:18:58 UTC) built-in shell (ash)
_____ _ _
| |___| |_ _ _ _ ___| |_
| --| .'| _| | | | _| _|
|_____|__,|_| |_____|_| |_|
W I R E L E S S F R E E D O M
==================================
Catwrt - miaoer.xyz - v22.12
Lean OpenWrt source r5525-7979de9ed
==================================
oroot@CatWrt:~# opkg update
root@CatWrt:~# opkg update
Downloading https://catwrt.eu.org/targets/ramips/mt7621/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://catwrt.eu.org/targets/ramips/mt7621/packages/Packages.sig
Signature check passed.
Downloading https://catwrt.eu.org/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://catwrt.eu.org/mipsel_24kc/base/Packages.sig
Signature check passed.
Downloading https://catwrt.eu.org/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://catwrt.eu.org/mipsel_24kc/luci/Packages.sig
Signature check passed.
Downloading https://catwrt.eu.org/mipsel_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://catwrt.eu.org/mipsel_24kc/packages/Packages.sig
Signature check passed.
Downloading https://catwrt.eu.org/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://catwrt.eu.org/mipsel_24kc/routing/Packages.sig
Signature check passed.
Downloading https://catwrt.eu.org/mipsel_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://catwrt.eu.org/mipsel_24kc/telephony/Packages.sig
Signature check passed.
root@CatWrt:~# opkg install ua2f
Package ua2f (3.10-1) installed in root is up to date.
root@CatWrt:~#
UA2F Configuration#
Regarding the configuration of UA2F, you can directly copy the uci command from the README, but here I wrote a separate BASH script for startup. I named it ua.sh
. It doesn't have to be bash; I just happened to have it in the system. If you don't have it, you can directly change it to #!/bin/sh
& /bin/sh /root/ua.sh
, which will also work.
#!/bin/bash
uci set ua2f.enabled.enabled=1
uci set ua2f.firewall.handle_fw=1
uci set ua2f.firewall.handle_tls=1
uci set ua2f.firewall.handle_mmtls=1
uci set ua2f.firewall.handle_intranet=1
uci commit ua2f
service ua2f enable
service ua2f start
echo "Enjoy it!"
Then add it to the startup items - local startup script, to complete the UA2F startup on boot.
/usr/bin/python3 /root/auth.py
/bin/bash /root/ua.sh
exit 0
Before enabling the startup, we will first execute a test ./ua.sh
. We can use http://ua.233996.xyz to test UA.
You can see that the http:80 traffic has been processed and changed to FFFFF……
.
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Enjoy~
This method can no longer capture packets from our client later, but the API itself is fine and can continue to be used. In early 2024, the service provider went bankrupt, alas!
This article is synchronized and updated by Mix Space to xLog. The original link is https://www.miaoer.net/posts/network/openwrt-ua2f