I have a raspi medical instrument which monitors xxx every minute or so and sends the reading to my www server. It all works well except the part at first installation where the customer enters his wifi credentials into the raspi. I really do not want to know his wifi or password.
I need some way for the customer to enter his wifi and password at his location, and without me being able to know the wifi and password.
How have others solved this problem?
You could set the Pi up to be an access point and then ask him for the WiFi details to create wpa_supplicant.conf in /boot, remove the AP config and reboot.
If you are not up to creating that code you could use the Balena WiFi code from GITHUB (code here) if the licence fits your use case.
Related
I tried to articulate my question better but that was my best. Basically I want to make a headless setup for a Raspberry Pi and want it to connect Wi-Fi automatically to be used for an MQTT application.
My challenge is, I most of the time work in a cafe shop and it requires user to push/confirm a button(no password needed) as shown below, to be able to connect to internet. And after certain hours it will drop you from internet you need to repeat the same again.
In this case is there any setup that would by pass this step?
We wonder if there is anyway to do an "advance" password change.
Situation: We have some pi zero's in the field. They are connected via wifi. We can ssh into them.
Sometimes the location where they are at changes the wifi password. We have advance notice, and it would be nice to be able to ssh in while they are still connected and the wifi password hasnt changed, and schedule or do something that would make it use the new password when it changes.
Thanks in advance for any ideas.
I'm looking for a way to managing and controlling IoT devices without the (constant) need for a remote server to be part in it and with a PWA instead of a native application on the managing device. The resulting goal is an IoT device that keeps working when a product eventually goes obsolete (no more server running/allocated) and having an application that has PWA benefits like always up-to-date, easy to replicated and cheaply hosted on something like S3.
As an example, let's say I have one or more IoT devices of different classes like an ESP8266 and a Raspberry Pi for instance. Just as with any new IoT device I want to add it to the network and from there on manage its state from an app. The app in this case is a PWA instead of full blown native app.
1) Traditionally, in the initial setup a native app would scan for wifi networks, connecting automatically to one that has the right name. Using PWA's we are limited to just the "state" of the network. So users would have to manually switch to the network of the newly connected IoT device. This is okay.
2) Next up, the user would need to enter his/her wifi credentials. There might be methods to set this up automatically using a native app, but I don't believe this is the case on a PWA. This, also, is okay.
3) The device then restarts, tries to connect to the network set up in (2). If set up correctly it should get its IP using DHCP. And now things get difficult. I want to 'discover' that network from my PWA. There used to be a way to retrieve the IP from a device using the WebRTC API. but that since has changed to show an obfuscated mdns that resolves to localhost. The ip leak would have allowed for a browser based network scan, but that is no longer possible. I always hoped that Android would default to using a users router as a DNS server, but that is not the case. The result is that simply using an mDNS isn't an option either. I do not want user having to check their router, install an app like fing or do anything else that disrupts the flow from a UX perspective.
Step (3) needs to run every time the app starts so you'd want something reliable. Scanning for devices isn't possible using a PWA, so I need to find another method. I was thinking of something like the way Docker containers can find each other in between networks (see etcd for example), using a predefined key that is shared during installation. The problem with this, is that it requires a remote server to store the IPs attached to that key. I don't want that.
Ideas on how to solve this are very much appreciated! I want to be able to offer a solution that would work even when WAN is out. That being said, I am aware that a connection to a remote server is needed if the end user would want to enable any voice assistant or wants to control a device from WAN.
As my iPhone automatically joins my home network once I get home and press the main button, I thought this could be used as a trigger for some home automation ideas I have,
especially disarming the alarm system for example.
I could detect the iPhone by pinging the broadcast address with a script and then look for it's MAC address in the arp cache, but this would have to be done every 15 seconds or so
to be of any use. This really doesn't seem like the most elegant solution though.
Can anyone think of a better way to implement a check like this? I suppose one could assign an IP address dependent on my MAC address, then I would know what to ping, and could thereafter check the MAC address to keep things secure.
Just suppose I cannot assign a DHCP IP based on MAC address, as the problem
of being able to find the MAC address on the network is the part that really interests me.
Secondly I noticed with tcpdump that the iPhone seems to talk to itself all night, but only some sort of Ethernet frames:
23:59:59.740097 00:26:08:ae:ed:eb > 00:26:08:ae:ed:eb, 802.3, length 70: LLC, dsap Null (0x00) Individual, ssap Unknown (0x20) Command, ctrl 0x33: Unnumbered, 23, Flags [Poll], length 56
This happens every 2 minutes.
How could I monitor this traffic so that my "home" knows I am still there using a program? Could be good to automatically alarm the house when I am no longer there...
I think your router here should be the point of control... If you can log the devices that are logged on to the router you can disable your security based on that info.
If you have an openWrt compatible router http://wiki.openwrt.org/toh/start you can certainly extend to get the functionality you want.
Here is a link plugin for the indigo home automation server that does what you want to do bij logging the info from his router. http://www.perceptiveautomation.com/userforum/viewtopic.php?f=19&t=6876&sid=07a351fa04c2eadcd2d3813afc72ae5a
Note: it's really easy to spoof a mac address so might be interesting to have some other verification too :-)
When Apple's Remote app tries to connect to a Mac (running iTunes) on a local network (using WiFi), the user needs to enter a passcode provided by the iPhone as a security measure. This approach has been adopted by a number of other apps (e.g., Rowmote, Pastebot, ...). Is there an API that provides this way of working?
Assuming Bonjour is in play, how does an iPhone checks if the passcode entered on a Mac is correct without resolving the NSNetService the Mac is publishing? Or does the iPhone resolve the NSNetService a Mac is publishing and waits for the passcode to be confirmed before processing any other packets that might be sent via the NSNetService (packets other than the passcode).
I have a solution for my problem, but I would like to know if there's an API I have overlooked that provides a ready-made solution.
Advice and pointers are welcome.
Thanks in advance,
Bart
I don't believe there is an Apple provided API for this. I simply use the Bonjour APIs to open a connection between two devices, then have one randomly create a 4 digit passcode and ask the other device for it. The other device presents a UI to ask the user for the passcode, then transmits it back and waits for an answer. If they match, the devices store each other's identifiers to skip over this process the next time they connect.
Edit: Thanks to tc for pointing out that this implementation isn't totally secure. I'm now having one device create a unique, random password, and send it over to the other device, then store the SHA1 hash of the password for future reference. Then the other device stores the password and sends it back over whenever it connects for authentication. The user does the number code thing once in order to let the devices know that they should trust each other in the future, but now in order for a reverse engineer to connect to a device they would have to know both the identifier of and password for a valid, connected device. (Or they'd have to have access to both devices and do the number code thing; there isn't really a way to stop anyone from doing that, obviously).