This HOWTO has instructions to build your own Newstweek device, a small innocuous wallplug allowing you to remotely manipulate news read by other people on wireless networks. If you want to learn more about Newstweek, click here.

The version you'll be building uses low-cost (and low-power) hardware, capable of fitting into a small plastic enclosure; power transformer and all. This version is not suitable for modifying data on large LANs, rather small LANs with moderate traffic of up to 5 client machines (including tablets and smartphones).

This initial version doesn't support APs with HTTP authentication or encryption. It's intended for experimentation on open, unencrypted ('public') APs. Consider it a starting point intended to get you going with the hardware and building your own filters. We'll be releasing versions that do and developing it further of course!

Rather than using IRC as a control interface (as seen in the project video) we've implemented phone-friendly browser interfaces for local and remote control of the device. The local configuration page is designed for on-site configuration: you plug in the device, associate with it, and select your target network/AP. When it reboots it is 'armed' and awaiting filters. After you leave the location you visit the remote control browser interface, write filters and issue command scripts from the comfort of your home. The device will then periodically 'dial home' looking for your updates. If it's ever bumped offline for any reason, it will go back into local configuration mode, awaiting a new target or a pickup by its owner.



Hardware

ATHEROS BASED ROUTER

Theoretically you should be able to use any Atheros AR2 based mini-router with our Newstweek firmware. To make it easy
(and cheap) we suggest you snap up a Planex or Xiertek GW-MF54G2 (AKA Abocom WAP2102), the hardware we'll use in this HOWTO.













Here are some sources for you:

Source 1 (Deutschland)
Source 2 (USA)
Source 3 (Amazon USA)
Source 4 (Planex direct)
Source 5 (Amazon Japan)

WALL PLUG ENCLOSURE:

We found a wall plug enclosure from Conrad, Deutschland to be a great fit. It's roomy and has the added feature of pass-through power, making it more a part of the room, of the wall. Naturally you'll need to get a plug enclosure compatible with the socket type used in your country. For Europeans the below enclosure will be fine of course, just order it from Conrad or walk into a branch and buy it. In German, they are called Steckergehäuse.














Source (Deutschland)

Tools
Newstweek Linux Kernel

Newstweek filesystem and userland

1 x Fine tip soldering iron
1 x mini USB -> USB adaptor
1 x Ethernet cable (standard RJ45)
1 x FTDI and FM->M test leads








1 x small flat head screwdriver
1 x small crosshead screwdriver
1x Dremmel or cutter (for cutting open power adaptor)
Good illumination and clean working area
Download the Newstweek Firmware



Wedge flat-head screwdriver in and under the lid. It will just pop out.




















Attach pins following this pattern




















Attach mini USB








































You need to download two files. Download them to the directory TFTP uses. On Ubuntu/Debian, it is /tftpboot
Software



Ubuntu/Debian:


OS X: an installer for OS X can be found here.

WIndows users, please install tftp32.



On Ubuntu/Debian, create the file /etc/xinetd.d/tftp and include the following text:

















Create the directory to store our files:







Restart xinet.d




OS X users, please see this page about setting up tftp.



On Ubuntu/Debian:



OS X users can get Minicom using Fink.

Windows users will have to install a Minicom-alike app called Hyperterminal. It can be downloaded just about anywhere.



These are the settings we need for all OSs







To set these settings on Ubuntu/Debian type (the 'port' argument will probably be /dev/ttyUSB0):



On Ubuntu/Debian you can check the settings are set by looking in this file ~/.minirc.dfl.

To set these setting on OS X, type:



Check that the values look the same as those for Ubuntu/Debian.

On Windows, you need to use Hyperterminal's setup interface. It is located in \ Program \ Accessories \ Communication. Run the program and pick a name for the connection. Pick the correct COM-port in 'Connect with' and ensure it has similar settings to those above.

sudo apt-get install xinetd tftpd tftp
sudo apt-get install minicom
Install TFTP, a file transfer daemon.
Install Minicom, a serial communications modem and console




1/ Connect the RJ45 Ethernet cable to the device and to your computer.

2/ Set its IP to 192.168.1.1. On Ubuntu/Debian this is done easily. For instance, if your ethernet device is 'eth0', type:




3/ Start up minicom. On Ubuntu/Debian/OS X this is done by typing 'minicom' in a terminal. Windows, use the start menu.

4/ Connect the power to the board. You should see minicom or Hyperterminal listening on a port. On Ubuntu/Debian it is /dev/ttyUSB0

5/ Press CTRL+C the moment you see this text. If you miss the opportunity, and the device boots up. Power off and on
and try again:



6/ At the prompt that says "Redboot>" issue the following command to setup networking on the device.



7/ Now try pinging the device from your computer. You should see output as follows:












Using the Redboot console, type the following commands, hitting enter at the end of each line:








The firmware is now installed. Now unplug the device from the power.

Redboot and Newstweek use different baudrates, so we need to change a Minicom setting. Type:



.. and change the baudrate from 38400 to 9600. You'll see nothing but garbage otherwise.

Now power on the device and watch it boot. When it has finished, hit ENTER. You should see:




















This represents a successful boot.

The last thing we need to do is set up a password for our system. It's very important that it contains only alphanumeric characters, no spaces and is less that 64 characters long. "d899jklicecream019" is a valid password. "[Greg's cackling b0x]" is not.

To generate a new password, type:




Be sure to write it down! Without it your Newstweek device is not accessible remotely, a child in the wild!

We're now ready to start working on the enclosure.
Configure Minicom
pu baudrate 38400
pu bits 8
pu parity N
pu stopbits 1
pu rtscts No
minicom -s
Configure TFTP.

service tftp
{
protocol = udp
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
disable = no
}
sudo mkdir /tftpboot
sudo chmod -R 777 /tftpboot
sudo chown -R nobody /tftpboot

sudo /etc/init.d/xinetd start
minicom -s
Open up case and attach pins to USB FTDI
Flash the firmware to the device
Configuring the TFTP network
sudo ifconfig eth0 192.168.1.1
sudo ifconfig eth0 up
you@computer:~$ ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=3.80 ms
64 bytes from 192.168.1.2: icmp_req=2 ttl=64 time=1.29 ms
64 bytes from 192.168.1.2: icmp_req=3 ttl=64 time=1.19 ms
64 bytes from 192.168.1.2: icmp_req=4 ttl=64 time=1.27 ms
64 bytes from 192.168.1.2: icmp_req=5 ttl=64 time=1.28 ms
== Executing boot script in 1.000 seconds - enter ^C to abort
Redboot> ip_address -l 192.168.1.2/24 -h 192.168.1.1
Flashing the firmware
fis init
load -r -b 0x80041000 newstweek-atheros-vmlinux.lzma
fis create vmlinux.bin.l7
load -r -b %{FREEMEMLO} newstweek-atheros-root.squashfs
fis create rootfs
reset
minicom -s
Disassembling the power pack


Take the dremmel or other instrument and try not to dismember yourself while cutting the plastic shell of the 3.3v power supply.






















Crack it open, behold the exotic fruit inside.












































BE SURE TO CHECK THE POLARITY BEFORE SOLDERING!
How you wish to adapt the 3.3v adaptor to fit your particular enclosure is your concern. As a reference, what we do is wire them into the pass-through of the enclosure and then pass power back straight to points on the system board itself, at the base of power socket. Zip ties help to bind the power adaptor to the pass through.

Hopefully these images convey this approach well enough!



















































































Fix the actual board to the enclosure however you like. In our enclosures there are screw holes that nicely coincide with a mount point on the board. That and a little hotglue does the trick!








Connecting power to enclosure and board
A final test before screwing it all together.

Attach the antenna and lie it along the length of the board. Use a little hotglue to fix it in place if necessary. It shouldn't rattle around.. Now, use an extension lead to give power to the board. You should see the blue light on the board come up. Wait thirty seconds or so and then, using your smartphone or computer, look for the access point 'Newstweek'.

If you do find it, you know it's all worked just fine! Unplug the lead and screw the case together. If not, attach the test leads to the board and FTDI and try booting up with Minicom (or Hyperterminal) and try to diagnose the fault.
Field research prior to installation.

It's of great importance that you do some field research before planting a Newstweek device. Simply walking around sniffing for open hotspots and then sticking the device in a socket will likely result in disappointment.

Here's a guide for field research: 

0/ Turn off and on your laptop. Open up your browser and clear your cache and all cookies. Ensure all extraneous network services are turned off; you'd be amazed how much your browser is saying about you behind your back.

1/ ADVANCED USERS ONLY: change your MAC address on your wireless interface to add another layer of network anonymity. On GNU/Linux systems this can be done with 'ifconfig'. Be sure to pack an AC adaptor, ideally a phone charger. Put your laptop into hibernate.

2/ Go to the location you know has an open network. Resume from hibernation.

3/ Associate with the target network and try reach http://newstweek.com in a browser. If you can't then it may have browser authentication, which is no good for this version of the Newstweek firmware. Perhaps it has a paywall anyway, and so isn't popular.

4/ ADVANCED USERS ONLY: If you can ping, use a tool like Wireshark or airodump-ng to get a sense of just how popular that LAN is. Remember, too much traffic is no good for this version! Five or so active clients is a good limit.

Here's a quick non-stealthy-yet-harmless command that'll reveal the IPs of all clients on the LAN. It'll work on any GNU/Linux system with nmap installed.




Pick out an IP from the list and try to ping it. If you can't it's highly possible that this network has partitioned address space, making it impossible to work with it.

4/ Look around the room and note whether:

* Is it a workplace? If so, are people suspicious of you being there?
* Are people on battery or plugged to the wall?
* Are the sockets easily reached?
* Are they hidden or exposed?
* If you find a candidate socket, is it working? Plug in your AC adapter to check.
* Where is the router in relation to the clients? In general you want to install the Newstweek device as close to the router as possible.
* Note the opening and closing hours of the site. Come back after hours and check if the router is on at night (stand outside with your smartphone and look for the AP). If it's turned off at night the Newstweek device will default to configuration mode..





sudo nmap -sP $(route | grep "*" | awk '{ print $1 }' | sed 's/0/*/') | grep report
Installing and setting the Newstweek device.

So, you've made your choice. You know where, when and how you're going to install your Newstweek device.

A Newstweek device needs to be 'set' at the site. We have made a (preliminary) interface for doing this.

The steps are as follows:

1/ Plug the device in the wall

2/ Wait until you can see an ESSID 'Newstweek'. Associate with it and ask for an IP.

3/ When you're connected, visit http://192.168.0.1 in your favourite browser and you will see the following:






















4/ Here you type in the target ESSID (Access Point name "BuckStars", "spothot" etc). It's important that the case and spelling is identical, so take care! You don't have to enter in the BSSID. Quite often however there are two BSSIDs with the same ESSID and one may be more active than another. This field allows you to be more specific. When ready, hit 'Submit Query'.






















At this point the device will reboot and try and join the local network. If it is successful it will move into 'armed mode', awaiting your remote instruction (see the next stage). If it doesn't succeed it will try joining four more times before giving up and defaulting back to configuration mode.

Be sure to write down the Unique Key. Without this you cannot remotely interact with the device; it's a child in the wild! We recommend taking a screenshot at this point, just in case..

Now onto the fun stuff.. remote controlling your Newstweek device.
Installing network modifying devices on a LAN you don't own, without permission, is probably illegal in most countries, unless you work for government. We don't take any responsibility for your choice to do this, or the trouble you get in if you're caught! We thoroughly condone manipulating the browser-defined realities of friends and family however.
On a lighter note, this HOWTO is best performed on a GNU/Linux system (Ideally a Debian based version, like Ubuntu or Linux Mint). It'll just be a bit easier, that's all!
password
Remote controlling your Newstweek device
Newstweek is largely built atop the super OpenWrt embedded GNU/Linux distribution. The particular attack we're using in this version is called ARP Spoofing, a well known attack that exploits a 'flaw' in all modern switched networks by responding to ARP requests with new mapping, situating the Newstweek device as a Man in The Middle of all traffic. We use Ettercap in this version to both perform the attack and run the filters on packet payloads.

The core scripts we wrote for the device are available here, available under the GNU GPL License, v3. System and config files we modified and wrote are on the firmware (typically in /etc) and are readable when installed.
Source code and further information.

So! Now your in the comfort of your own home or another internet cafe and ready to start passing filters to your device.
Here's the address you need to visit in your browser.






























Choose the ID of your device by simply clicking on it in the above table. Note that IPs and Newstweek IDs have been blurred out for purposes of privacy.


















































Now select your target from the dropdown menu. Targets currently selectable include:













We chose BBC as our target. Please note that more targets may have been added by the time you read this. Moreso, we are currently implementing a feature allowing you to add your own targets.

When you click "Newstweek it!" the filter is written to disk on the server, awaiting to be retrieved by the Newstweek client script, running on your device. This retrieval happens approximately every 30 minutes, with a small randomly generated time delay to add a little stealth and go under the radar of network admins looking at traffic on their LAN.




On visiting the BBC's Asia Pacific section, we noted the word 'ceasefire' had changed to the word 'custard':

http://remote.newstweek.com
BBC
CNN
Le Monde
Lenta Ru
Le Figaro
Der Spiegel
Il Tempo
El Mundo
The Guardian
The Result
This website has been made with HOTGLUE