武汉大学寝室校园网 OpenWrt 上网认证
引言
众所周知,WHU 的校园网限制三台设备,并且晚上七点之后会直接限速到 20Mbps。
所以如果寝室有网口,并且此网口能够正常上网的话,那么外接一个搭载 OpenWrt 设备的路由器,简直可以让体验翻倍。它不仅能够让你的寝室共用一个账号来分摊网费……以及连接老校友的米家设备,还能在晚上七点之后别人限速时,自己畅游网络世界,简直爽歪歪!
目前已知网口能用的宿舍,基本都是新建的,比如信部 18 舍,其余宿舍需要自行探索。先用电脑测试一下网口能不能使用,如果可以用的话,再弄一台设备进行安装即可。
安装准备
想采取此方案的话,你需要做好以下准备:
- 一台搭载 OpenWrt 系统的路由器/软路由
- 认证脚本
- SSH 软件(最好带有 sftp)
本文采用喵二酱编译的 CatWrt 为示例,在系统方面基本上没要求。
脚本需要依赖 bash 以及 curl 如果你是原版 OpenWrt 的话需需要自行检查组件是否已经安装,另外建议预装了 curl 就别再装了以免出现问题。
网络认证的脚本在 Github 上是开源的,项目链接:https://github.com/7Ji/auto-whu-standard
这里我们直接使用其中的 auto-whu.sh 进行一些小小的修改即可使用。
脚本如下:
#!/bin/bash
# Online check
check_online() {
ping -w1 -W1 -c 1 baidu.com 1>/dev/null 2>&1
[[ $? = 0 ]] && echo "Network is already up" && return 0
return 1
}
# Check online and immediately exit if is running by systemd
check_online && [[ $? = 0 ]] && [[ ! -z "$INVOCATION_ID" ]] && exit
echo "Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard"
# Help message
help () {
echo "Usage: $0 -u [username] -p [password] -n [network] -m [manual network] -u [url] -c [config file] -f -s -h"
echo " -u username, should be a number of 13 digits"
echo " -p password, any value not empty"
echo " -n network, single-digit number from 0 to 3, 0 for CERNET, 1 for China Telcom, 2 for China Unicom, 3 for China Mobile"
echo " -m a manually specified network name, replace the -n option"
echo " -c config file, path to the configuration file"
echo " -a eportal authorization URL, DO NOT SET IT unless you totally understand it"
echo " -f foreground mode, ignore the systemd check"
echo " -s skip check for sanity for username, password and network"
echo " -h print this message"
echo " *notice that all other arguments will overwrite the value provided by the config file"
}
# Check arguments
[[ $# = 0 ]] && help && exit
while [[ $# -ge 1 ]]; do
if [[ "$1" = '-u' ]]; then
ARG_USERNAME="$2"
shift
elif [[ "$1" = '-p' ]]; then
ARG_PASSWORD="$2"
shift
elif [[ "$1" = '-n' ]]; then
ARG_NETWORK="$2"
shift
elif [[ "$1" = '-m' ]]; then
ARG_NETWORK_MANUAL="$2"
shift
elif [[ "$1" = '-a' ]]; then
ARG_URL="$2"
shift
elif [[ "$1" = '-c' ]]; then
ARG_CONFIG="$2"
shift
elif [[ "$1" = '-f' ]]; then
ARG_IGNORE_SYSTEMD='1'
elif [[ "$1" = '-s' ]]; then
ARG_IGNORE_SANITY='1'
elif [[ "$1" = '-h' ]]; then
help && exit
fi
shift
done
# Check and read configuration file if neccessary
if [[ ! -z "$ARG_CONFIG" ]]; then
[[ ! -f "$ARG_CONFIG" ]] && echo "ERROR: The configuration file '$ARG_CONFIG' you've provided does not exist."
[[ ! -r "$ARG_CONFIG" ]] && echo "ERROR: Not allowed to read the configuration file '$ARG_CONFIG', check your permission"
source "$ARG_CONFIG"
fi
[[ ! -z "$ARG_USERNAME" ]] && USERNAME=$ARG_USERNAME
[[ ! -z "$ARG_PASSWORD" ]] && PASSWORD=$ARG_PASSWORD
[[ ! -z "$ARG_NETWORK" ]] && NETWORK=$ARG_NETWORK
[[ ! -z "$ARG_NETWORK_MANUAL" ]] && NETWORK_MANUAL=$ARG_NETWORK_MANUAL
[[ ! -z "$ARG_URL" ]] && URL=$ARG_URL
[[ ! -z "$ARG_IGNORE_SYSTEMD" ]] && IGNORE_SYSTEMD='1'
[[ ! -z "$ARG_IGNORE_SANITY" ]] && IGNORE_SANITY='1'
# Default value downgrading
[[ -z "$NETWORK" && -z "$NETWORK_MANUAL" ]] && NETWORK='0' && echo "Neither network number nor manual network name was set, defaulting network to 0(CERNET)"
[[ -z "$URL" ]] && URL='http://172.19.1.9:8080/eportal/InterFace.do?method=login' && echo "Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'"
# Check systemd
if [[ -z "$INVOCATION_ID" && "$IGNORE_SYSTEMD" != 1 ]]; then
echo "You are running this script manually or in a non-systemd environment, it's better to manage this script with systemd."
echo "Check the github repo to learn how to use this script properly: https://github.com/7Ji/auto-whu-standard"
echo "You can set IGNORE_SYSTEMD='1' in the config file or use the argument -f to ignore this check"
fi
# Check intergrity or sanity. return code 1 for insanity.
if [[ "$IGNORE_SANITY" != 1 ]]; then
echo "Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check."
[[ ! "$USERNAME" =~ ^[0-9]{13}$ ]] && echo "ERROR:The username '$USERNAME' you provided is not a number of 13 digits" && exit 1
[[ -z "$PASSWORD" ]] && echo "ERROR:You've specified an empty password" && exit 1
[[ ! "$NETWORK" =~ ^[0-3]$ && -z "$NETWORK_MANUAL" ]] && echo "ERROR:You've specified a network number not supported, only 0-3 is supported, 0 for CERNET(default), 1 for China Telcom, 2 for China Unicom, 3 for China Mobile" && exit 1
echo "Sanity check pass."
fi
# Network number conversion
if [[ -z "$NETWORK_MANUAL" ]]; then
if [[ "$NETWORK" = 0 ]]; then
NETWORK_STRING=Internet
elif [[ "$NETWORK" = 1 ]]; then
NETWORK_STRING=dianxin
elif [[ "$NETWORK" = 2 ]]; then
NETWORK_STRING=liantong
else
NETWORK_STRING=yidong
fi
else
NETWORK_STRING=$NETWORK_MANUAL
fi
# Authorization
echo "Trying to authorize..."
curl -d "userId=$USERNAME&password=$PASSWORD&service=$NETWORK_STRING&queryString=`curl baidu.com | grep -oP "(?<=\?).*(?=\')" | sed 's/&/%2526/g' | sed 's/=/%253D/g'`&operatorPwd=&operatorUserId=&validcode=&passwordEncrypt=false" $URL 1>/dev/null 2>&1
check_online && [[ $? = 0 ]] && exit
echo "Failed to authorize, you may need to check your account info and credit and network connection"食用方法
你可以新建一个脚本,自己命名即可,我这里统一使用auto-whu.sh名字,然后把脚本内容复制进去。
通过 sftp 的工具把此脚本上传到 Catwrt 的 /usr/sbin/目录下,并且使用
chmod 777 /usr/sbin/auto-whu.sh将脚本赋予可执行权限。
这里我们可以使用 Termius 等带有 sftp 文件传输的 SSH 客户端,当然你喜欢的话也可以 vi vim nano 另外复制在编辑器的终端。
测试命令
直接通过在命令行运行
/usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f来进行认证了。
运行命令之后,如果设备成功上线,会输出:
root@CatWrt:~# /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f
Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard
Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'
Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check.
Sanity check pass.
Trying to authorize...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 521 100 521 0 0 130k 0 --:--:-- --:--:-- --:--:-- 254k
Failed to authorize, you may need to check your account info and credit and network connection如果设备已经在线,重复认证会输出:
root@CatWrt:~# /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f
Network is already up
Warning: running auto-whu when already online is dangerous, you may get your account banned for too many login requests. Use systemd and the bundled service and timer file to manage auto-whu instead. Check the repo for more info: https://github.com/7Ji/auto-whu-standard
Using default eportial authorization URL 'http://172.19.1.9:8080/eportal/InterFace.do?method=login'
Starting sanity check for username, password and network, you can set IGNORE_SANITY='1' in config file, or use argument -n to ignore this check.
Sanity check pass.
Trying to authorize...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (52) Empty reply from server
Network is already up此方法在设备重启之后,会自动退出认证并且占用一个校园网账号的设备数,开关无感认证对此情况无影响。因此每次重启之后都需要把之前的设备踢掉,再进入设备后台执行命令。
添加自启
在测试完成确认无误后,添加一个开机自启任务,这样的话每次重启只需要把之前的设备踢掉,路由器会自己进行认证。操作方法如下:
打开 系统 - 启动项
拉到最下面,在 exit0 前面添加一行 /usr/sbin/auto-whu.sh -u your_student_account -p your_password -n 0 -f
这样的话,脚本命令就会随着设备启动而执行了。
总结
经过上述操作之后,你就可以在 WHU 的宿舍愉快使用校园网了。当然,最好还是一个账号哦。
脚本参数 - 附录
-u [username] 声明登录用户名,应为13位数字
-p [password] 声明密码,不应为空字段
-n [network] 声明登陆网络类型,0-3 的整数,0 为教育网(默认),1 为电信,2 为联通,3 为移动
-m [network_manual] 手动声明网络名称,会覆盖 -n 参数,例如教育网在此处为 -m Internet,除非后期网络情况有变,或你计划把 auto-whu 使用在非武大校园网的环境中,否则不应该使用此参数
-c [config file] 配置文件路径,将会从中读取用户名、密码、网络类型、手动网络名称、验证 URL、是否检测 systemd、各变量合法性等,这些选项将会被命令行提供的参数覆盖(例如,-u 会覆盖配置文件中的USERNAME项)
-a [authorization URL] eportal 的验证 URL,只推荐非武大校园网环境的用户声明此项。如果你自行抓包发现武大校园网的验证方法有变动,你应当 fork 本 repo 后修改并提出 pull request。
-f 开启前台模式,将会禁用 systemd 检测
-s 跳过参数合法性检查,包括禁用13位数字用户名检查,非空密码检查,0-3整数网络编号检查
-h 打印帮助文本
例如,一位用户名为 2024300000000 的用户,他的密码是 123456 ,
/usr/sbin/auto-whu.sh -u 2024300000000 -p 123456-n 0 -f希望登录 电信 网络,他应该使用下面这条命令 (-f 可以省略):
/usr/sbin/auto-whu.sh -u 2017300000000 -p 123456 -m dianxin -f参考
https://github.com/7Ji/auto-whu-standard