Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connecting to WiFi without a QR code #52

Open
davidjb opened this issue May 1, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@davidjb
Copy link
Contributor

commented May 1, 2019

I'm keen & able to make a PR for this, but wanted to broach the topic first to get your thoughts, @TheCrypt0.

When setting up a Yi camera and plugging in (temporary) wifi details to the app, I noticed that the QR code requires Internet access to be generated. That's pretty concerning since your credentials are being sent into the ether, but also it's cumbersome as setup/changing details is a fiddly manual process (I like automation) but also dependent on their app.

I've got no interest in using their app so as an alternative, one can bypass the dispatch process and its QR reading by just supplying your own wifi config for wpa_supplicant and starting it on boot. A very hacky solution is to pop this into /tmp/sd/yi-hack-v4/startup.sh (using wpa_passphrase to generate the wpa_supplicant.conf):

ifconfig wlan0 up
sleep 1
/home/base/tools/wpa_supplicant -c/tmp/sd/yi-hack-v4/wpa_supplicant.conf -g/var/run/wpa_supplicant-global -iwlan0 -B &
/home/app/script/wifidhcp.sh &

and tada, wifi with no QR code needed. Obviously, things could be a lot better via init.d scripts or the like (and dispatch needs restarting to stop the annoying "Waiting to connect" blather) so hence me opening this issue first to ping you before I go off and implement a permanent solution.

So, thoughts?

(Thanks for all the work you're doing on this btw!)

@ozeraser

This comment has been minimized.

Copy link

commented May 1, 2019

Funnily enough i have been working on something similar this afternoon.

I have been reading the wiki on https://github.com/TheCrypt0/yi-hack-v4/wiki/Reverse-Engineering-the-QR-Code as I was not wanting to install the YI app and bugger about with region locking.

I also stumbled upon some open vulnerabilities in the camera's QR reading software. https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0572

You will notice that it states the application does not send the SSID or the password to the YI server or over the network, the image and encryption is created locally on your phone.

I currently have a hacky c# application that builds the encoded string that allows the camera to connect to WIFI, however as it cant verify me as I do not have a YI account or valid Bind ID (I'm using 0000001), on next power up it wont connect to wifi until I show it the QR, but your idea does mean i could bypass that and never need to use the YI app from initial purchase to using the device.

@davidjb

This comment has been minimized.

Copy link
Contributor Author

commented May 1, 2019

Interesting reading, thanks for the link on the vuln report. Good to know the SSID/key aren't being shared but that's proof that the QR scanning is best avoided (and disabled). In any case, the idea of having the camera 'just work' after flashing an SD card is what I'm hoping to achieve 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.