Enabling Wi-Fi on First boot

Enrico Mioso mrkiko.rs at gmail.com
Tue Jul 6 12:06:22 PDT 2021


Hello all!!

What I was thinking actually was an option I could enable at build-time (kinda preinit option), at my own risk, when building images.

>From a technical standpoint, will an uci default work in all cases?


Thanks a lot for your ideas guys.

Enrico


On Tue, 6 Jul 2021, Eric Luehrsen wrote:

> Date: Tue, 6 Jul 2021 19:29:19
> From: Eric Luehrsen <ericluehrsen at gmail.com>
> To: openwrt-devel at lists.openwrt.org
> Subject: Re: Enabling Wi-Fi on First boot
> 
>>
>> On Tue, Jul 6, 2021, 1:06 PM Henrique de Moraes Holschuh
>> <henrique at nic.br <mailto:henrique at nic.br>> wrote:
>>
>>     On 06/07/2021 12:05, Nishant Sharma wrote:
>>      > On 06/07/21 7:56 pm, Henrique de Moraes Holschuh wrote:
>>      >> So, to safely and responsibly enable wireless by default in a
>>     device (or
>>      >> firmware) you're delivering to a third-party, you need that
>>     "per-unit
>>      >> unique wireless password" per device thing most vendors are doing.
>>      >>
>>      >> [2] not really: openwrt sysugrade *does not help* in that there
>>     is no
>>      >> way to add variable information to an already *finished* image
>>     file, to
>>      >> be used on first-boot only, and which would *survive a factory
>>     reset*.
>>      >>
>>      >
>>      > How about a first-boot script that enables the Wi-Fi if it is
>>     disabled
>>      > and then sets the password (if not already set) using the first MAC
>>      > address it finds on the device?
>>
>>     MACs are not a secret.  It is absolutely trivial to know them: they're
>>     in just about every WiFi (and ethernet) frame.  Same goes for anything
>>     that is derived *just* from the MAC address.  And anyone that is going
>>     to automatically scan/exploit for that, will also use MAC-1, MAC+1, and
>>     other common variants.
>>
>>     What would work is to reuse the vendor-provided password that is
>>     already
>>     in the label and somewhere in FLASH, if you could always know where it
>>     is in FLASH (you don't).  And some models don't have it.
>>
>>     One also don't know the unit's MAC address beforehand, so any scheme
>>     that depends on that doesn't work (because you'd need that MAC address
>>     to print the label or generate the PDF).  In fact, this precludes the
>>     "generate secret at the device at 1st boot" too.
>>
>>     You could ask the user, but that isn't safe either: if she gets it
>>     wrong
>>     (or openwrt isn't correct about what MAC is in the printed label of
>>     that
>>     exact product version) you now have a device she can't access because
>>     the passwords won't match and it would require an ethernet cable to
>>     bypass and reset.
>
>
> Some models are more obvious about device unique default password
> storage than others. So like on my other reply if it is obvious then use
> it and turn on wifi. For those with wifi-on-first support, make it a
> check box in the hardware support table. Then small business using
> openwrt know what options might meet their deployment needs.
>
> - Eric
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>



More information about the openwrt-devel mailing list