Raj KAJ (scottobear) wrote,

Proxyham. Build your own.

“ProxyHam” created controversy because the talk was supposedly suppressed by the US government. In this post, I’ll describe how you can build your own, with off-the-shelf devices, without any code.

First, head on over to NewEgg. For a total of $290.96, buy two locoM9 repeaters (for $125.49 each), and two WiFi routers, like the TL-WR700N for $19.99 each.

Grab your first WiFi device. Configure it in “client” mode, connecting it to the “Starbucks” SSID. In this mode, you can then connect your laptop via Ethernet to this device, and you’ll have access to the Internet via your WiFi device to Starbucks. In other words, it acts as a WiFi dongle, but one that you attach via Ethernet instead of USB.

Now grab your two locoM9 devices and configure them for “transparent bridging”. In this mode, whatever Ethernet packets that are received on one end get sent over the air to the other end. Connect each localM9 via the TL-WR700N via the supplied Ethernet cable.

Now grab the second WiFi device and configure it as a normal WiFi router.

Now, assuming you aim the localM9′s correct toward each other with reasonable line-of-sight, you’ve got a “ProxyHam”.

The reason this works so easily is that everything has been designed to work this way. Bands like 900 MHz, 2.4 GHz, and 5 GHz are the “ISM bands” that are largely unregulated by the government. Unregulated means that if somebody is causing interference in those bands, you can’t complain to the government to make them stop.

The 900 MHz band is attractive because the signal will go a lot further than 2.4 GHz. On the other hand, it’s a smaller band, so can’t carry the same speed as 2.4 GHz band or the 5 GHz band.

Industrial equipment use the 900 MHz band extensively. There are an enormous number of devices that’ll bridge two wires in this band. Most of them are for simple serial protocols like RS232. Some are for Ethernet, like the locoM9. They tend be industrial grade things that cost a lot more. The locoM9 is the cheapest device that does this from Ubiquiti, but they have a lot of more expensive stuff to choose from, often with better directional antennas that’ll go farther.

WiFi, too, is supposed to work this way. When you buy a WiFi router, you normally set it up in “access-point” mode. But virtually every router supports other modes, such as the “client” or “bridging” mode described above. It’s supposed to work this way.

The point of “ProxyHam” isn’t that there is some new magic out there, but that hackers can take existing stuff, for their expected purpose, but achieving an unexpected outcome.



How To Build A ProxyHam

Image from the original Wired Announcement
Image from the original Wired Announcement

In the Wired article trumpeting the ProxyHam to the world, [Ben Caudill] is shown with a laptop wired to a small box with a rather large yagi antenna. This antenna is pointed well above the horizon, indicating the device is not being used, but that’s completely besides the point. The ProxyHam box contains something with an RJ45 connector on one end, and two RF connectors on the other. A quick perusal of Newegg lands on this, a radio base station designed to bridge networks via 900MHz radio. You’ll need to buy two of those to replicate the ProxyHam.

The Wired article describes the ProxyHam further: “…a Raspberry Pi computer connected to a Wi-Fi card and a small 900 megaherz antenna…” Newegg also stocks Raspberry Pisantennas, and WiFi adapters. You might want to pick up a few SD cards too.

900MHz router seen in the original promo image
900MHz router seen in the original promo image

To set up the ‘throwaway’ part of the ProxyHam, you’ll need to first connect to the desired WiFi network, then bridge the WiFi and wired connections. Bridging networks with the Raspberry Pi is left as an exercise for the reader with sufficient Google-fu. Of course the 900MHz base station must also be configured, but according to the user guides on theUbiquiti product page it’s not much harder than configuring a WiFi router. Set the radio to ‘bridge’ mode.

From there, it’s a simple matter of connecting a large yagi antenna to the ‘mobile’ part of the ProxyHam. Here’s how you build one. Configure the base station, and plug an Ethernet cable into a laptop. Congratulations, you’ve just replicated a talk at DEFCON by buying stuff from Newegg.

That’s how you build a ProxyHam. That’s also how to violate the FCC Part 97 prohibition against encryption – you can not use SSH or HTTPS over amateur radio. It’s also how you can be charged with the Computer Fraud & Abuse Act; connecting to a library’s WiFi from miles away is most certainly, “exceeding authorized access.”

Do not attempt this build. It’s illegal, it’s dumb, and the 900MHz band is flooded anyway. Also, if your plan for anonymity online revolves around stealing WiFi from Starbucks, why not just steal Starbucks WiFi from the McDonald’s across the street?

Let’s Speculate Why The ProxyHam Talk Was Cancelled

It’s July. In a few weeks, the BlackHat security conference will commence in Las Vegas. A week after that, DEFCON will begin. This is the prime time for ‘security experts’ to sell themselves, tip off some tech reporters, exploit the Arab Spring, and make a name for themselves. It happens every single year.

The idea the ProxyHam was cancelled because of a National Security Letter is beyond absurd. This build uses off the shelf components in the manner they were designed. It is a violation of the Computer Fraud & Abuse Act, and using encryption over radio violates FCC regulations. That’s illegal, it will get you a few federal charges, but so will blowing up a mailbox with some firecrackers.

If you believe the FBI and other malevolent government forces are incompetent enough to take action against [Ben Caudill] and the ProxyHam, you need not worry about government surveillance. What you’re seeing is just the annual network security circus and it’s nothing but a show.

The ProxyHam is this year’s BlackHat and DEFCON pre-game. A marginally interesting security exploit is served up to the tech media and devoured. This becomes a bullet point on the researcher’s CV, and if the cards land right, they’re able to charge more per hour. There is an incentive for researchers to have the most newsworthy talk at DEFCON, which means some speakers aren’t playing the security game, they’re playing the PR game.

In all likelihood, [Ben Caudill] only figured out a way to guarantee he has the most talked-about researcher at DEFCON. All you need to do is cancel the talk and allow tech journos to speculate about National Security Letters and objections to the publication of ProxyHam from the highest echelons of government.

If you think about it, it’s actually somewhat impressive. [Ben Caudill] used some routers and a Raspberry Pi to hack the media. If that doesn’t deserve respect, nothing does.

Via -

Originally published at The Scotto Grotto. You can comment here or there.

Tags: uncategorized

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.