A tool to help NJUPTer to connect the campus network conveniently.
- User-unaware automatic login
- Highly simulate manual operation
- Proxy-friendly
- Low privacy exposure outside of school networks
It will listen for the network changed notifications and automatically do the authentication.
Configurator is available in v0.1.1 and afterwards.
- Download the binaries or build from the source on your own.
- Open
njupt_wifi_login_configurator, write down your account and click Save button. - Reboot your computer
- Download the binaries or build from the source on your own.
- Write down your userid and password into the configuration file (eg.
njupt_wifi.yml).# Your ISP type # CMCC for China Mobile (中国移动) # CT for China Telecom (中国电信) # EDU for China Education and Research Network (中国教育和科研计算机网) isp: CT # Your account information userid: "B22999999" password: "password123456" # Specifies the time interval for proactive checks. # The default value is 1200 seconds (20 minutes), 0 means no proactive checks. # It is recommended to enable proactive checks, # for interface changing events may not be captured in some cases. check_interval: 1200 # Bind the request to a specific interface (e.g., eth0). # Leave empty to not specify. # If you have multiple network interfaces or TUN/TAP devices, # you may need to specify the interface. interface: null # Set the rolling log policy. # When the log file exceeds the size limit, the file will be rotated, # and the oldest file will be deleted if the file count exceeds the limit. # The rotated files will be named as `*.log.1`, `*.log.2`, etc. log_policy: size_limit: 3MiB file_count: 2
- Config to run
njupt_wifi_loginat startup and it will automatically do the rest.
Windows 10 or later is required.
Pre-built binaries for Linux x86-64 are provided, with both glibc and musl libc support (glibc is used in most distributions, while musl is used in OpenWRT & Alpine). If it doesn't meet your needs, you need to build it from the source.
Tip
For OpenWRT users, you can install libopenssl to meet the requirements.
opkg update
opkg install libopensslFeel free to open an issue if you want to use it on other platforms.
It will use no proxy during the authentication for the proxy may be not available until the network is logged in.
It will use specific DNS Servers (in the white list of the firewall) internally to avoid dns not available during authentication.
We write it meticulously with Rust, thus you are mostly not needed to worry about the cost of performance.
This tool is meticulous in design to lower the privacy exposure when connecting to non-NJUPT networks.
Account information is only sent when the NJUPT AP Portal's certificate is valid, thus preventing account information from being stolen.
Before certificate verification, the initial network traffic sent is a connectivity check to connect.rom.miui.com, which results in a DNS request and an HTTP plaintext request. In most cases, this is the only traffic leaked to an unknown network environment. Considering that all Xiaomi phones send similar connectivity check requests, this hardly reveals any information.
The worst-case scenario is that the adversary forges the result of the connectivity check and returns a redirect request that appears to come from the NJUPT AP Portal gateway. In this case, a DNS request to p.njupt.edu.cn is leaked, which may expose you as an NJUPT student. However, since the adversary cannot impersonate the NJUPT AP Portal (lacking the certificate), the account information will not be sent.
Licensed under MIT license.