Side project tunneling a TCP port through WhatsApp, can be useful on airplanes or any WiFi/carrier that has unlimited social network data limits. Appreciate feedback :)
I love this as a check on zero-rating. I think that Facebook zero-rating in emerging economies will prove to have an abysmal toxic legacy. Anything that can tax the value proposition by e.g. forcing a lot of data through the pipe should be encouraged as a way to generally decrease the prevalence of the practice.
I was on a ferry ship from Italy to Greece where they had paid sattelite Internet via WiFi. The WiFi AP was at first a captive portal. You could buy Internet access with cash at the reception or you could pay online. For that they had to enable access to stripe.com. But stripe uses fastly CDN, so they enabled one specific fastly endpoint that stripe uses. You had direct IP traffic to this specific IP address. reddit also uses fastly CDN. So with a /etc/hosts hack I could load reddit pages for free. Not images though, as they are hosted by imgur.
I assume one could also create a tunnel over reddit chat connect to the Internet, but I never did that.
By default, reddit did not work though, as their fastly CDN endpoint is different from stripe's, also the stripe's endpoint did not correctly sign TLS for reddit.com. But setting a Host header of old.reddit.com on that fastly IP successfully downloaded the page.
When I still had phone network by the coast, I set up iodine IP over DNS tunnel, but it did not work, even though DNS requests worked on that WiFi. Maybe they had some sort of protection specifically for iodine.
First of all I was doing all of this on my touchscreen phone, which made me give up soon, as my laptop was packed in the garage.
I used a program called Packet capture that registers as a VPN connection in Android and routes all traffic trough itself. I saw some external IPs with TLS data when visiting the captive portal: http://upload.4a.si/pcap.jpg
When I sent a request to one IP address, I learned from the response that I've reached a fastly endpoint. The response was an error page, claiming they host no one with this domain. I knew from a talk by reddit sysadmins that they use the fastly CDN, so I added a Host header with a value of old.reddit.com:
Then I added a rule in software AdAway for Android (this one is used for DNS blacklisting to remove ads based on DNS queries and requires root access - changes /etc/hosts AFAIK) to overwrite old.reddit.com to this IP address.
I can't remember how I tricked the web browser into ignoring invalid certs.
The word "proxy" used to refer to a human, and this is essentially an automated version of that. The automation of messaging a friend on WhatsApp and asking him to go to a website and send you the information.
Fun, but when the comparison is unlimited WhatsApp versus "not many gigabytes" of other data, my first question is what speed this goes. How long does it take to transfer a gigabyte over WhatsApp?
Depends on the throttle you add and then risking to get your WhatsApp account banned, but can be used to surf when you have no data or use other apps which can be useful, not intended for large files downloading or video streaming although got like 300kbps which wasn't too bad
It looks like you're using base64 encoding. If WhatsApp allows an extended alphabet then you might be able to switch to base85 for a slight performance bump.
Since WhatsApp is end-to-end encrypted you can probably just send bibary data. Stick a prefix on it so that the real client is guaranteed to ignore it as corrupted.
I think the only risk is that if you have a real client running it reports the invalid messages and WhatsApp uses this as a signal to van your account.
The E2EE here is not about privacy, but about being able to send whatever data you want (like binary) since WhatsApp will only see one type of data (encrypted) in transit, in contrast to needing to send data in a specific format to have it transferred at all. Meta can peek at the original "messages" all they want, they will see encrypted packet data anyway.
Yes, used different messages max sizes, with 2000 characters got the best speed but got the account banned, using 20000 is a great middle term and not banned for now, could get banned anyway, its an educational project
During the Facebook outage of a few years ago, WhatsApp messages still worked but I couldn't send an image. I think images are uploaded to Facebook-related servers and messages are through a separate real-time infrastructure, and it's likely that the message includes the fuzzy thumbnail and a url for the image from the other server.
I was on a boat recently where WhatsApp was free to use, and you had to pay to use the rest of the internet. You could send and receive messages but attempting to send an image, which wasn’t even all that big in size, did not work on the free connection.
It must be either message size, or WhatsApp using a separate host name for attachments.
I would not be surprised if the free WA messaging is implemented by whitelisting the signaling ports and domains (XMPP or similar) which only handle text content and small inline attachments. While larger images are uploaded and fetched out of band (HTTP or similar) with only a URL or reference passing over the signaling channel.
They probably use some deep packet inspection on shore side firewall which blocks audio/video. Quite normal on congested satellite connections. Most “next-generation” firewall providers have predefined signatures for WhatsApp file transfer.
Using less characters got you banned? I don't understand why that would happen. I would think using more characters would be more likely to get you banned since it's less like what normal users do.
Well increasing the usage would also increase the number of messages.
How does Whatsapp choose to ban people? Total messages sent? Then increasing the message size doesn't stop you from being banned, it just makes it take longer before you're banned. Messages/second? Then avoiding the ban by a message size restriction seems like a very clumsy way of doing it; it would be much more straightforward to avoid the ban by limiting the messages/second.
Never did IP with it, but i worked with a team that jerry rigged this to transmit some telemetry from a remote location where external data access was cutoff for several weeks using portable radios.
I would love a youtube/vimeo/whatever video on this. And someone publishing regular SS pictures like news footage or something otherwise particularly relevant if I was somehow in the middle of nowhere with an HF radio and an iphone.
We used to call that a 56k dialup modem and when we used it it wouldn't be long until our parents would scream up the stairs "Get off the internet, I'm expecting a call!"
A Personal Hotspot lets you share the cellular data connection of your iPhone or iPad (Wi-Fi + Cellular) when you don't have access to a Wi-Fi network.
Oops. I misunderstood “the phone system on a smartphone” to mean the smartphone’s cellular network, not using the smartphone as a modem connected to a landline.
Termux is such an awesome hidden gem for tunneling cell data. My carrier doesn't allow wifi hotspot use on my phone (and android happily enforces their rules), but I can run sshd on termux and SOCKS5 proxy to my laptop with ssh. It's instant wifi tethering to my laptop without my carrier knowing or blocking it. I can even use adb networking and a USB cable if the laptop can't connect to the phone over wifi for some reason.
The carriers will oftentimes use the TTL to determine if you are tethering or not. So if you adjust the default TTL to 65 on your tethered device it may work.
Yh it's awesome this project could run on termux without having to modify much or even iodine https://github.com/yarrick/iodine which is another awesome tool to avoid network restrictions.
i've done a bunch of dev work at home, ssh'ed & SOCKS5'ed from my main pc into a work laptop right next to it, connected to the same switch via gigabit, and i have to say: I am shocked what an abysmally slow & awful experience it has been. it cannot handle the parallelism of dealing with a lot of requests hardly at all. it's absurdly poorly performing.
it's still my go-to for sharing one system's vpn, but wow oh wow oh wow do i wish i knew some good alternatives. i really want something that works over ssh, but i begin to think that ssh is an inescapably bad starting point for these efforts.
Thank You! I used to do this on my rooted phone back in the day. I've been trying to figure out how to run sshd again, but there seems to be a lot of dodgy stuff on the play store I was never comfortable running.
Kind of absurd that your OS (which is supposed to always be acting in your best interest) enforces these arbitrary carrier data limits -- it's objectively anti-user behavior and wouldn't exist if Android were truly FOSS (emphasis on "free").
This solution is great for permanently bootloader-locked phones (which is unfortunately, most phones).
Alternatively, if installing a custom OS is an option, most Android forks remove the tethering restrictions. I use and highly recommend GrapheneOS [1] if you have a supported phone (Pixels only as of now). DivestOS and LineageOS have much wider device support. ProtonAOSP and CalyxOS are other options for Pixels and a few others.
Tethering is mostly a relic of the late 2000's when 3G cellular networks were pretty sketchy; if enough people tethered back then it'd put a huge strain on the network for anyone on that tower. Nowadays the capacity is already planned out with tethering in mind (all tier A plans, eg. direct-from-carrier plans, have some amount of tethering), but it gets pretty murky when you consider people trying to tether on their MVNOs network at peak times/rush hour, really straining the capacity allocated to that MVNO, degrading the service for others.
Even with large accounts the carriers still impose limits on tethering. If you’re getting unlimited tethering, it’s probably actually a “pool” of data.”
Even there, there’s some differences as prioritization works differently when you are using pool resources.
Really?, Which country are you talking about?
Here is Australia, I can tether with Aldi Mobile, a reseller of the Telstra mobile network. Works fine in Android and iPhone.
Tethered traffic is usually routed differently. Almost all cellular data traffic is CGNATed or proxied, and different priority is assigned to different types of traffic.
For 95% of users, there’s no problem at all. When people push the limits, they find themselves in a pickle. I’m familiar with an organization with >50k devices across 4 major carriers 4-5 years ago. They probably had <500 people who required some sort of exception, ranging from a different plan to a more appropriate device and plan, to someone doing something crazy. (One guy was running a small field office off of a Samsung tablet)
To be fair Android as in ASOP is truly FOSS but because all drivers are baked into the kernel for reasons better lost to the sands of time, Vendor/Carrier pairs can enforce what they like in their required custom builds. This is what Google's project Fushia was/is supposed to solve.
There is a limited amount of throughput a tower can handle, both on its backhaul and antennas. Depending on what you're doing over that tethered connection, you might be using up 2x-10x the throughput they provisioned for "you"; if enough people tether at once during rush hour, there's going to be a significant drop in speeds for both you and people just trying to use their phones normally.
This is why that, when phones tether, those tethered packets are routed separately so that the cell carrier can throttle them when needed to maintal quality of service for everyone else.
By tethering/tunneling through your normal connection, they can't do this, and if this became an epidemic they would either need to do thorough DPI and heuristics to detect and block the tethering/ban the user, or over-provision their towers to handle the varied traffic volumes of both regular cell phone activity and people watching 4k Netflix on their TV through their phone.
In general a few dozen or even thousand techies on HN doing this across the US isn't going to change anything, but it's obvious that we'd eventually have a huge problem if everyone moving into a new apartment or house decided to forego wired internet and instead stream exclusively over a hidden tether to their phone. This is why, when actual fully-supported home internet over 5g is available in an area[0,1], availability tends to be limited and people still sometimes get deprioritized.
If your use affects everyone else in the area, it matters. It's like having a bonfire in California in fire season; sure, it's your property, and your firewood, but you can't pretend it can't possibly affect someone else's enjoyment of theirs.
Because you’re not buying that. The use cases used to build the solution have to make assumptions. Microsoft Outlook uses exponentially more network resources to fetch and send email than a purpose designed mobile app, for example.
You can get plans that support tethering or mobile LANs - they aren’t even that expensive. Carriers will usually prioritize those connections lower than public safety or mobile phone connections to ensure better user experience. LTE and 5G fixed home plans are an easy example of this available to consumers.
On that topic... US federal regulations[0] limit shower heads to a flow rate of 2.5 gallons per minute (GPM). And California[1] limits them to 1.8 GPM! This seems somewhat analogous to the mobile data discussion.
"You are paying for a water service, what does it matter how the water is consumed?" Though of course there are big differences. An obvious one is that water companies aren't profiting off these restrictions like mobile operators at least partially are. And since water is either heavily regulated by or entirely ran by governments, the cost to the consumer doesn't necessarily represent the true cost.
(The California restriction even seems reasonably well enforced. When buying a 2.5 GPM shower head on Amazon[2] you'll get an error if you try to ship it to a California address. Most eBay sellers enforce this as well, though not quite all of them.)
I'd say it's more like showing up at an all-you-can-eat buffet and eating with a fork. It's not anything that one should be charged extra for. If the bandwidth is the issue, they can charge realistic prices for bandwidth.
Perhaps a better analogy is showing up to an all-you-can-eat buffet and grabbing 20 brownies to take home. Sure, it doesn't change much, but if everyone did that there'd be a problem and the service provider should probably police it.
No, that's a worse analogy. The issue is not with the amount consumed. We're well aware that there's no such thing as all-you-can-eat or "unlimited" anything. A Matt Stonie would be banned from any all-you-can-eat buffet.
What's egregious is ISPs also enforcing _how_ I'm allowed to consume the data I'm paying for. So the fork analogy is much more appropriate.
If your business model isn't compatible with the freedom of your customers, you should generally find a new business model, rather than working to reduce that freedom.
See also: modern intellectual "property" laws & enforcement, the businesses that push for it (typically large companies with a wealth of IP), the organizations that facilitate the control of information (governments, Microsoft, Google, Apple, Netflix, etc.), and the business models that depend on it.
There are cases where the benefits are worth a reduction in freedom, but this ain't it.
This analogy is no good. Plans have data limits. It is not an all-you-can-eat buffet. Tethering restrictions are an attempt to paywall features which the device can do without harming anyone else on the network.
A better analogy is a gas station which charges more for gas that goes into sports cars than gas that goes into minivans.
I agree with you that it's a bad analogy. But to be fair, all-you-can-eat buffets are not really all-you-can-eat, and will kick you out if you try to consume more than what they calculated a regular consumer does. All service providers do this when they falsely advertise "unlimited" anything.
Where ISPs cross the line is by trying to also enforce _how_ I can consume the data I'm paying for. Having plans that restrict tethering is consumer-hostile, plain and simple. Whether I'm tethering or not has no relation to how much data I consume. They can continue to restrict bandwidth and data limits if I go overboard, but I'll be damned if I allow them to tell me how I can use it.
So if we're going with the buffet analogy, then it's like them saying I can only use a fork to eat, as someone mentioned above.
The cell network is property of the carrier. It’s in the user’s best interest that they have access to the cell network, which means playing by the carrier’s rules. The user is free to pick a different cell carrier or find a work around.
I got the idea myself on a bar, did a quick look online and didnt find anything, later on when I had it built I found that 8 years ago this guy did a similar one: https://github.com/matiasinsaurralde/facebook-tunnel but probably wont work since its using curl
Since WhatsApp sends binaries (images, documents like PDFs, probably Zip files as well), I wonder if this proxy also encodes the data as binaries. It recompresses JPEGs though, although there is an option to turn that off, and in any case the recompression probably happens client (sender) side.
I remember trying this (Also in Latin America with Zuckerberg's creepy old "internet.com" initiative to make his services free in the third world, which is a done and over with promotion by now at least in Costa Rica) and realizing that ICMP/DNS tunneling was faster and more reliable, you can only get like half-duplex TCP over whatsapp messages and then the frames are limited if you're going to fit them in per message to like 1,024 characters (Though it seems you got more in there?)... DNS or ICMP tunnelling further works on things like getting a foothold for checking your email in some far flung airport network with a broken/sketchy payment gateway, you REALLY need to check your email, and where that passes but nothing else does. Then there's the risk that they decide to ban your SIM chip as you mention, which is like a 2$ mistake in such regions but if you do it on your main number you're risking having to tell everyone "yeah i tried to hack whatsapp and they blocked my old number haha" because that's what they've funnelled everyone into using out there with this free data transfer deal on that platform.
By the way your implementation looks way nicer than what I was working with before.
This might be a stupid question.
If WhatsApp wasn’t blocked in China and the second WhatsApp account (aka server side) was outside of China, could this bypass the great firewall?
groups is weird, the media have the index encrypted but the contents use a shared app key.
commercial accounts are also odd. it's encrypted with the business and whatsapp keys, so employees from both can read the messages.
then here there's the api issues. you are not using a full client, but sending your access token plus the plain text message for it to be encrypted on their servers.
even worse, in this example it's not even you using the api, but you are using twillo's api, who then uses metabook's api for whatsbook. so it's plain text all the way across those.
I'm not encouraging anyone to use this by saying this but WhatsApp traffic it's encrypted and the traffic through the socket its also encrypted, I guess you can't get in trouble for sending and recieving lots of weird messages? Again, intended for educational usage
that's a lot of words to say "yes, an overzealous prosecutor could try and make a case using the CFAA", but that's because the CFAA is a bullshit overly-broad law. that it's bullshit doesn't change the threat to the prosecuted, unfortunately.
not CFAA concerns, but you'd probably be in violation of the WhatsApp TOS: "… (d) interfere with or disrupt the safety, security, confidentiality, integrity, availability, or performance of our Services; …"
Yes, in the own project there is a disclaimer that using this software might get your WhatsApp account banned so use with caution, and anyways is just a fun project for educational purposes. But good to know ofc
Nice idea, congrats to OP. Sadly some people here thinks “if I pay for data I should be free using it the way I want”.
As others explained carriers create plans (price/data/unitOfTime) based on their antenna capacity. If too many people cheats to torrent/4K/whatever, the carriers will need to readjust the plans for the system continuing to works (= prices will go up).
I love FOSS, stop being selfish and think of collective benefit.
If a particular zone is overloaded, the carriers will for sure throttle usually just the offending people. As much as I support the argument in its general meaning, the carriers and ISPs especially in the US are probably the last thing anyone should vouch for given monopolistic policies, total market control and insane prices.
> If too many people cheats to torrent/4K/whatever, the carriers will need to readjust the plans for the system continuing to works (= prices will go up)
This hypothesis assumes that carriers can increase prices and the public will still pay them. If so, it follows that they are now leaving money on the table, which sounds unlikely.
I think it was Tim Hardford who wrote about something similar in his book "The Undercover Economist", in the context of the spectrum auctions in the different countries.
Maybe I wasn’t clear enough, my argument is carriers will need to install and maintain new equipment. That’s what would drive price increase, not laying money on a table. M
