Classic Keystroke Faking still useful

Many text-book solutions are based on either Linux or Windows. But many of us live in a world where we need to jump back and forth. And sometimes this creates a “the past meets the future” experience. Today’s blog is an example of this.

In the Second Edition of my book I mention OpenWRT (see also Table of Contents). This is a great site where you can find a lot of Linux-based open source code – mainly for routers. OpenWRT has introduced UCI – Unified Configuration Interface. This is a neat way to have a simple generic command-line interface – across many devices – that allows you to perform a basic setup.

Once, I needed to setup a lot of these devices with different SSID’s and passwords from a Windows PC. I was using the standard firmware from OpenWRT, and did not want to recompile this to create an API for setup.

UCI seemed the easy way, but it’s not an API. So how to automate from Windows?

The simple solution was to make a small script – faking the keystrokes. This is not very robust and would not be a good solution for anything in the field, but for a desktop job it was fine. So I created a WBScript using telnet and the WBScript “SendKeys” command. Note that once an administrator password is set, telnet is a “nogo”, so it must be done before this. In my case this was the first step after firmware download – so no problem. Here’s the script – also setting a few other parameters:

'Call: wscript sendkeys.vbs <SSID> <Password>

Dim txtssid
Dim txtpwd
'Either use 0 arguments (not recommended) or 2 (ought also to test for 1)
if WScript.Arguments.Count = 0 then
 txtssid = "uci set wireless.@wifi-iface[0].ssid=MySSID" 
 txtpwd = "uci set wireless.@wifi-iface[0].key=12345678"
else
 txtssid = "uci set wireless.@wifi-iface[0].ssid=" & WScript.Arguments(0) 
 txtpwd = "uci set wireless.@wifi-iface[0].key="+WScript.Arguments(1)
end if


set OBJECT=WScript.CreateObject("WScript.Shell")

'Open a Telnet to send the fake key-strokes
OBJECT.SendKeys "telnet 192.168.1.1 {ENTER}"
WScript.Sleep 2000

'Select automatic channel selection
OBJECT.SendKeys "uci set wireless.radio0.channel=auto {ENTER}" 
WScript.Sleep 1000

'Allow for short guard - raising us from 65 to 72 Mbps
OBJECT.SendKeys "uci set wireless.radio0.ht_capab='SHORT-GI-20 SHORT-GI-40 RX-STBC1' {ENTER}"
WScript.Sleep 1000

'ENABLE the radio from power-on
OBJECT.SendKeys "uci set wireless.radio0.disabled=0 {ENTER}"
WScript.Sleep 1000

'Send the SSID given as parameter
OBJECT.SendKeys txtssid 
OBJECT.SendKeys "{ENTER}"
WScript.Sleep 1000

'Setup WPA2 encryption
OBJECT.SendKeys "uci set wireless.@wifi-iface[0].encryption=psk2 {ENTER}"
WScript.Sleep 1000

'Setup the password
OBJECT.SendKeys txtpwd 
OBJECT.SendKeys "{ENTER}"
WScript.Sleep 1000

'Commit the changes
OBJECT.SendKeys "uci commit wireless {ENTER}"
WScript.Sleep 1000

'Show the result on screen
OBJECT.SendKeys "uci show wireless {ENTER}"
WScript.Sleep 1000

OBJECT.SendKeys "exit {ENTER}"

Note that the above script allows for the setup to set a default password and SSID on all devices. This is a clear security problem and should not be done. However, I left the code in there to illustrate the use of command-line parameters and tests on these.

Leave a Reply

Your email address will not be published. Required fields are marked *