Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi. Accepted to appear in Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2018, June 2018.
Matthias Schulz. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements through Wi-Fi Firmware Modifications. Dr.-Ing. thesis, Technische Universität Darmstadt, Germany, February 2018.
But the papers are nowhere to be found. Just went through peer review and still waiting for public publication?
> Matthias Schulz. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements through Wi-Fi Firmware Modifications. Dr.-Ing. thesis, Technische Universität Darmstadt, Germany, February 2018.
might be coming soon. Feb 2018 is pretty recent, and publication is sometimes delayed due to procedural issues. However, it might just be "published" by having a number of copies in the university's (as well as the state's and German federal) libraries.
Chaum's Store-and-Forward mixnet or Tor's Realtime Onion Routing? I think both can be built with Wi-Fi Direct on Android. But the end-point security may be less-than-ideal...
This is exactly the sort of thing why FCC wants to lock down wlan ap/router firmwares. So, while a cool hack indeed, it is also bit unfortunate that it also kinda justifies FCCs position
Yeah that's not a strong argument at all. The 2.4GHz and 5GHz bands are known widely as "garbage bands" due to how terrible they are to work with (e.g. rain will heavily attenuate your signal, they're literally how microwaves work to cook your food, etc.).
Moreover, there are plenty of radios on the market that transmit all kinds of noise on these channels that isn't WiFi (e.g. my neighbors had a baby monitor that I could tell when it was on by how shit my WiFi was at that moment, FPV drones somewhat frequently use this band with proprietary analog video transports, etc.) This is permitted because these channels are "unregulated" (or, more realistically, "regulated for unlicensed operation").
On top of that, the FCC's official statement on this very topic was that what they really care about is the amount of power being put into these channels, as some aftermarket router firmwares of varying repute would let you crank the output wattage above FCC regulations for these frequencies (<1W power to stay within unlicensed operation regulations for 2.4GHz), and apparently some in-market WiFi routers picked up those firmwares as a "supported" option (I think ASUS and Linksys were both named). Most of these routers have since patched themselves to stay regulation-safe.
So, go nuts, just stay below 30 dBm/1W from the transmitter in 2.4Ghz channels or prepare for a visit from the FCC. (You'll have to do your own research for 5GHz).
Wasn't the other big issue that motivated the FCC the devices which ignored / broke DFS [1], and the use of disallowed channels (eg, 12-14 in North America)
Interfering with licensed radar installations would seem to be a legitimate problem.
To its credit, OpenWRT/LEDE community implemented DFS per the requirements they were able to glean from regulatory bodies. Open firmware can indeed be hacked to operate against its authors' wishes, but as other comments indicate, closed firmware isn't inherently immune to the same exploitation. https://openwrt.org/docs/techref/dfs
Does this mean the 3W and 5W amplified Wi-Fi dongles all over ebay aren't actually legal? :(
I realize they're probably terrible quality, and that they're really just Wi-Fi dongles with amplifiers tacked on, and that overly loud signal amplification destroys close range performance - but still, I'd been meaning to get a couple of these and see how good they are.
The limits in the 2.4 GHz range are 1 W maximum emitted power, amplified via directed antenna up to 4 W maximum. (5 GHz has more complex rules, but is generally more restrictive of emitted power and less restrictive of directed amplification.) Not sure what these dongles are so I can't comment on them specifically.
If you are using them in the US to transmit at their full power in a point-to-multipoint system, they are not legal.
They would be legal for a point-to-point setup, since they achieve their high EIRP due to high antenna gain (as opposed to high output power). But also due to that high gain, they're not really useful for anything but point-to-point (think backhaul between buildings).
You could also use them legally and usefully as a client (pointed at an AP) if you turn the power down so that the EIRP is 4 W (36 dB). You'd still benefit from the high antenna gain in the receiving direction (though not in the transmitting direction, which includes TCP ACKs).
I think this only shows the insanity of FCCs statement, as the Broadcom firmware _is_ locked down and got hacked either way. If somebody wanted to transmit arbitrarily on this bands he or she could just use regular SDRs.
Does it? I feel like it would actually have to cause interference before the FCC's position was actually justified. That seems unlikely considering how pervasive and interference tolerant 2.4GHz devices are.
It is impossible for you to redistribute this software or any sort of resulting binary.
It would be based on both their GPLv3 and their no-military licenses simultaneously. The linked requires another depot based on GPLv3 to function and perform patching. The resulting software would then undistributable as you cannot possibly comply with both the GPLv3 and their no-military
license. GPLv3 would permit distribution to military and not permit you to restrict them and the other would prohibit military.
Additionally this should be considered a violation of Gitbub's Terms of Use. It is intentionally discriminatory against another group: Any given military. For example, the content hosted on GitHub is intentionally discriminatory toward the Deutsches Heer.
Considering the wildly varied performance of smartphone GPS implementations I'd love to use this to build my own WAAS emitter so that when me and 10 of my closest friends play ingress we're where we are supposed to be. But that would be based on using a higher accuracy source (think pucks that have better antennae, higher accuracy GPS chips and can see the other satellites as well).
Unfortunately I don't think some people could ignore the potential for abuse. If only I could be 15 feet to the left where the other guy's crappy GPS puts him. At some point I'm hoping my city will put up a few WAAS transmitters to help in the glass canyon that is our downtown.
Only in WiFi bands.. so not super flexible as you would expect from an actual SDR rig.. or maybe I’m missing that it can actually transmit in other bands ?
RF compliance is really complicated in mobile devices, so there's all kinds of filters to prevent out of band emissions from being generated. The analog parts like the amplifiers are also precisely tuned to only use certain bands.
This particular hardware may be limited to those frequencies but I believe the Mediatek combo chips that do WiFi+BT+GPS+GLONASS+Beidou+FM as well as GSM are capable of a much wider range. WiFi and BT are at 2.4GHz but GSM/UMTS/LTE reach up to 2.6GHz and down to 800-900MHz, and the various navigation systems use frequencies in the 1.x GHz range. From what I've read, only the FM hardware is different due to its vastly different frequency (76-108MHz, although the hardware could probably go beyond those ranges slightly) but everything else is based on the same SDR.
Which chips are those? Most of those solutions I had seen were not actually a single output stage but rather each band had dedicated pins that went out to dedicated PA's in many cases. So wifi/BT has its own antenna and front end etc.. same for the other bands..
The combo chip itself probably has multiple SDRs internally so that e.g. you can use GPS and WiFi/BT simultaneously, but they can be connected externally to the same antenna through a diplexer.
Probably both. The antenna's designed for a specific band, and on top of it the actual frequency synthesis hardware is likely only designed to be capable of generating signals in certain bands, as are all the amplifiers etc.
The license is MIT but not MIT. It’s the MIT license with two additional conditions imposed;
- The one you mentioned about citation.
- “The Software is not used by, in cooperation with, or on behalf of any armed forces, intelligence agencies, reconnaissance agencies, defense agencies, offense agencies or any supplier, contractor, or research associated.”
Even just the one about citation is problematic but IMO the condition about armed forces and so on is even worse. I kind of see where they are coming from but I wish people just used standard MIT and acknowledged that yes your software might end up being used for something that you do not agree with morally.
And if they are going to impose such restrictions, why stop there? Why not also say that you cannot use the software to transmit for example child pornography? And how about saying that you cannot use it to spread false information, fake news etc?
I would be exaggerating, but not much, if I were to say that as soon as you introduce one or more moral restrictions into a software license, you are implicitly saying that any moral concern not mentioned is ok.
How about terrorism? They didn’t say anything about terrorism so I guess using their software for terror is fine as long as the terrorists are not an “armed force”, an intelligence agency etc.
Technology has infitinite uses, a whole host of which are good, probably as many that are bad, and likewise an uncountable amount of uses that are either neither or both, and very many that will be one thing for some people and the other for other people.
It should in my opinion not be the job of a software license to pass moral judgement. Either you release your software for anyone to use for any purpose under the terms of an unmodified license accepted by the community or you might as well not bother trying to be open source at all.
> Why not also say that you cannot use the software to transmit for example child pornography?
Because it's already illegal, so the point would be a noop. On the other hand, contracting for the army is legal and one of the places where licenses may be reviewed/enforced internally.
Same for terrorism. (Also, why would terrorists respect the license)
Well I guess you can divide them in illegal uses (license does not matter) and legal uses (license could matter). I guess from all the legal uses, the authors disliked military etc. use enough to exclude it. Their choice.
Excellent points. I would add this points to the broader issue of "license proliferation" [1] which is a total headache for the lawyers to sort out and as wikipedia describes "affects the whole FOSS ecosystem negatively by the burden of increasingly complex license selection, license interaction, and license compatibility considerations". And it making potential contributors hesitant about even using their project.
"It should in my opinion not be the job of a software license to pass moral judgement."
The MIT licence doesn't prohibit you from rewriting it and changing it to something else and the community isn't a monolith.
A lot of people don't want any of their work associated with military purposes. If someone wants to use the code but falls foul of the licence then they should just look elsewhere.
> It should in my opinion not be the job of a software license to pass moral judgement.
With the same logic it can be argued that is not your job to decide what a software license is for.
Instead, it's the author prerogative to release software with any license they can think of.
It's up to distributions, other developers and users to decide what to do with it.
Most distributions will not package and distribute software under licenses that create gray areas and are difficult to enforce - not because of moral judgments.
License proliferation leads to complicated license compatibility relationships [1].
Imagine someone wanted to, say, provide native support in GNUradio - as has been done for the RTL-SDR. It's impossible unless you relicense one or the other.
Of course, the code's being given away for free; you could argue one shouldn't look a gift horse in the mouth. And it's quite possible no-one would attempt such a merge even if it was permitted by the license.
You have a point. 23cm band gives you a bandwidth of 60MHz to play with. The 13cm (2.3-2.45 GHz) playground also happens to be within the frequency range of your microwave oven (2.45GHz) so experimenting with high ERP in that area will probably have physiological consequences.
Matthias Schulz, Jakob Link, Francesco Gringoli, and Matthias Hollick. Shadow Wi-Fi: Teaching Smartphones to Transmit Raw Signals and to Extract Channel State Information to Implement Practical Covert Channels over Wi-Fi. Accepted to appear in Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2018, June 2018.
Matthias Schulz. Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements through Wi-Fi Firmware Modifications. Dr.-Ing. thesis, Technische Universität Darmstadt, Germany, February 2018.
But the papers are nowhere to be found. Just went through peer review and still waiting for public publication?