Thursday, January 8, 2015

networking - Captive Portal parameters


There are several captive portal parameters one could apply to an Android device via settings put global – the most famous probably being


settings put global captive_portal_detection_enabled 0

to completely turn off captive portal check (for Android < 8). Can someone explain how to use the others – e.g. to define a "custom captive portal server for tin-foils"? For example, one cannot simply do a


settings put global captive_portal_server example.com

as that would, in most cases, cause captive portal check to permanently fail (background: doing so, portal check would construct an URL http://example.com/generate_204 and check against that, expecting a specific response).


So apart from simply deactivating captive portal check altogether (which might, as I've read, lead to other issues like not being redirected to the correct portal in some cases), what else can one do to enhance privacy in this context?



Examples (if I got them right):



  • captive_portal_mode (Android 8+?):

    • 0: Don't attempt to detect captive portals

    • 1: Prompt the user to sign in

    • 2: Immediately disconnect from the network and do not reconnect to that network in the future



  • captive_portal_detection_enabled (Android <8?):


    • 0: Completely disable captive portal checks

    • 1: Enable it (default)




While these examples are pretty much straight-forward: How to use the other parameters?



Answer



Configuring captive portal behaviour




  • captive_portal_detection_enabled (<= Android 7.1.1)

    • works as described in question body



  • captive_portal_mode (>= Android 7.1.2)

    • works as described in question body





Setting captive portal URL(s)



  • captive_portal_server (<= Android 6.0.1)

    • The server that holds a generate_204 page, used to internally craft a URL for captive portal detection (new URL("http", mServer, "/generate_204"); – obsolete as of Android 7.0, see below)



  • captive_portal_use_https (>= Android 7.0)


    • 0: Don't use HTTPS for network validation

    • 1: Use HTTPS (default)



  • captive_portal_http_url (>= Android 7.0)

    • The URL used for HTTP captive portal detection - use in pair with captive_portal_use_https (set to 0)

    • >= Android 7.1.1: OS no longer appends generate_204 to URL automatically, giving input URL some flexibility




  • captive_portal_https_url (>= Android 7.0)

    • The URL used for HTTPS captive portal detection - use in pair with captive_portal_use_https (set to 1)

    • >= Android 7.1.1: OS no longer appends generate_204 to URL automatically




Requirement for the URL to be used


A HTTP 204 response code ("no content") from the server is used for validation, no extra content needed: take the default detection URL for example, curl clients3.google.com/generate_204 returns empty, and inspecting HTTP response by adding --write-out %{http_code} returns 204.'


A small list of usable captive portal server URLs in mainland China (personally tested)




https://captive.v2ex.co/generate_204 (hosted by v2ex.com)


https://connect.rom.miui.com/generate_204 (hosted by Xiaomi, used by default on MIUI)


https://noisyfox.cn/generate_204 (hosted by noisyfox.cn)


https://www.google.cn/generate_204 & https://developers.google.cn/generate_204 (hosted by Google)


https://www.qualcomm.cn/generate_204 (hosted by Qualcomm)



Further notes


The source also mentions parameters captive_portal_user_agent, captive_portal_fallback_url and captive_portal_other_fallback_urls:




  • captive_portal_fallback_url (>= Android 7.1.1) obviously is supposed to hold a single URL, while

  • captive_portal_other_fallback_urls holds multiple further URLs (comma separated list, so the URLs might not contain any comma).


But I personally conducted tests on Android 8.0.0, and both fallback parameters don't work. Assuming they're declarations without an implementation for now.


Some examples of captive portal settings of Android in China show the use of some of the above settings:



adb shell settings put global captive_portal_http_url http://www.google.cn/generate_204
adb shell settings put global captive_portal_https_url https://www.google.cn/generate_204
adb shell settings put global captive_portal_fallback_url http://www.google.cn/generate_204
adb shell settings put global captive_portal_other_fallback_urls http://www.qualcomm.cn/generate_204


Knowing that, "tin foils" even could set up their own verification service. With Apache:



RewriteEngine On
RewriteCond %{REQUEST_URI} /generate_204$
RewriteRule $ / [R=204,L]

or with Nginx:


location / generate_204 { return 204 ; }

References



1, 2 (Chinese), 3 (Chinese)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...