OpenWrt as a Smartphone Quaratine
I recently found an old router in the basement. I searched the model number at OpenWrt.org and saw that the router can be flashed with the latest OpenWrt image and is officially supported.
This sounds like a very cool project I always wanted to stick my nose into. The long term idea is quite off-topic but of course I will tell about it at the end of this blog post.
How do you install OpenWrt?
In my case it was quite easy.
There is a hidden emergency recovery you can access by holding the reset button for 5 seconds while powering the router on.
Then you can get access to the web portal of the router at http://192.168.1.1 by connecting a laptop to the router through LAN. Now you can simply upload the new firmware which you can download as precompiled binary from OpenWrt.
After waiting a minute or two we have OpenWrt up and running. Nice. No hassle.
Of course if you brick your device or if your device does not have the emergency recovery you have to flash through UART or directly on the board (just like a microcontroller).
Since this was so easy I can tell you know what I hopefully will be doing with OpenWrt
What should you do with OpenWrt?
Besides just enjoying an open-source feature-rich router software you can do a lot of other stuff with it, especially if your main router can’t be exchanged.
There is a very nice movement in Germany which is called Freifunk. The idea is to make free Wi-Fi available everywhere.
For a long time period this has been very complicated, because everybody who offers an internet access to other people is responsible for the stuff which other people are doing on the internet. The result is that you barely find an open Wi-Fi when travelling through Germany. Freifunk tried to avoid this by tunneling the traffic through Swedish VPN services, which would then be assumed legal.
Freifunk also provides images based on OpenWrt for routers, so you can flash their customized firmware to deploy an open Wi-Fi access point for everyone around.
As I like contributing to the community I really like the idea, but I don’t think that the costs would cover the usage as there are nearly no people who would benefit from the freifunk access point who could not equally use my Wi-Fi anyway.
So there is another thing which is very interesting:
Smartphone quarantine.
If we flash a custom ROM like LineageOS we know that we can control everything on top of the hardware and the firmware. This is very good and enormously better than having complete closed-source systems you can’t control.
I could not find a few papers from people who just left phones in a watchdog environment to check if the firmware is sending anything. I’d like to try this to see if some connections are even implemented in the firmware (or hardware). A friend of mine said, that the manufactures would probably also just use an app on top of everything instead of hustling around with the firmware (which also can’t be updated that often, which could be important to cover up trails).
So I want to connect an OpenWrt router as a Watchdog between the internet and the devices connected to it. Maybe you can integrate Wireshark or an equivalent into OpenWrt to monitor all the connections made from a device. As I would never want this to be done on my production network (or anything used by real people at all) I need to have a separate network.
I wonder how look it will take for me to actually implement the stuff I mentioned here, but at least I can now say that I had plans for it since 2020…