First time poster here. I do a good bit of scripting for work and wanted to share my version of the Linux script. First, I wanted to thank those that made the original guides as they put the groundwork down for my script.
I'm very security minded but lazy so I wanted something that would be secure and make it so that I didn't need to unset my default 3DS Wi-Fi connection. I also wanted to be able to choose one relay at a time from a list so I don't fill my Plaza queue and just cycle through needlessly like the other scripts. I also added the BestBuy SSID as an option for events like bonus items in Animal Crossing.
I did not encode anything as I wanted this to be easily customizable so you can tune it to your own needs. I will explain how along the way.
I have a spare notebook with ethernet out, built-in wi-fi in. I'm using Mint but any Ubuntu based Debian distro will work just fine... I just prefer Mint because it comes with Cinnamon by default and doesn't assume you're an idiot like Unity.
The goal is that this notebook will run 24/7 as a secure access-point for mine and my wife's 3DS.
First you will need to do the same thing as any other Linux setup and add the following to the top of /etc/dnsmasq.conf with gedit, vim, nano, w/e:
no-resolv
bind-interfaces
interface=wlan0
dhcp-range=172.168.1.2,172.168.1.5,12h
server=8.8.8.8
server=8.8.4.4
Next, install some required programs:
sudo apt-get install dnsmasq
sudo apt-get install hostapd
sudo apt-get install macchanger
Choose a folder where you want to store everything. Anywhere in your home folder is fine, I chose /home/username/Documents. Now you will create 3 .conf files to use with hostapd.
gedit streetPass.conf
interface=wlan0
driver=nl80211
ssid=NZ@McD1
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
gedit bestbuy.conf
interface=wlan0
driver=nl80211
ssid=Bestbuy
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=0
gedit ndsRouter.conf
interface=wlan0
hw_mode=g
channel=2
ieee80211d=1
country_code=<your own country code>
wmm_enabled=1
ssid=<your own SSID>
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=<your own passphrase>
For the ndsRouter.conf make sure you choose your proper country code, an SSID that is different from your regular home router, and a passphrase with at least 16 characters.
Next are the two bash scripts.
gedit ndsRouter.sh
#!/bin/bash
# simple script for setting up a secured access point
#set the hotspot ip
ifconfig wlan0 up 172.168.1.1 netmask 255.255.255.0
sleep 2
#kill existing dnsmasq and hostapd, restart dnsmasq
killall dnsmasq 2>/dev/null
killall hostapd 2>/dev/null
/etc/init.d/dnsmasq start
#setup NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT
#turn your computer into a router
sysctl -w net.ipv4.ip_forward=1
ifconfig wlan0 down
macchanger -p wlan0
ifconfig wlan0 up
hostapd ./ndsRouter.conf
And finally, the main script.
gedit streetPass.sh
#!/bin/bash
# A streetpass home relay with some better security & prompting that actually
# makes sense for meaningful streetpass usage.
# If running Ubuntu/Mint/any other flavor of Ubuntu-based Debian and are having issues
# with "nl80211: could not configure driver mode," add the following lines to
# /etc/NetworkManager/NetworkManager.conf:
# [keyfile]
# unmanaged-devices=mac:yourwifiapmacaddress
# Input validation and usage statement
usage(){
echo -e "A security-conscious Nintendo StreetPass relay maker.\n"
echo "Usage: $0 <relay number>"
echo -e "You must be root to run this script.\n"
echo -e "-l --list \t Get a list of available relays."
exit 1
}
# sanity checks
[[ $# -eq 0 ]] && usage
if [ "$(id -u)" != 0 ]; then
echo "Are you sure you ran this as root?"
exit
fi
# relay list
if [ $1 == "-l" ] || [ $1 == "--list" ]; then
echo -e "1 \t 4E:53:50:4F:4F:40"
echo -e "2 \t 4E:53:50:4F:4F:45"
echo -e "3 \t 4E:53:50:4F:4F:46"
echo -e "4 \t 4E:53:50:4F:4F:47"
echo -e "5 \t 4E:53:50:4F:4F:49"
echo -e "6 \t 4E:53:50:4F:4F:4F"
echo -e "7 \t BestBuy (for special items)"
exit
fi
#this creates the function that will run once both sanity checks clear
#this is the heart of the script
streetPassSetup(){
#set the hotspot ip
ifconfig wlan0 up 172.168.1.1 netmask 255.255.255.0
#kill existing dnsmasq and hostapd, restart dnsmasq
killall dnsmasq 2>/dev/null
killall hostapd 2>/dev/null
/etc/init.d/dnsmasq start
#setup NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT
#turn your computer into a router
sysctl -w net.ipv4.ip_forward=1
# set mac address based on input
ifconfig wlan0 down
if [ $1 == 1 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:40
elif [ $1 == 2 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:45
elif [ $1 == 3 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:46
elif [ $1 == 4 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:47
elif [ $1 == 5 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:49
elif [ $1 == 6 ]; then
ifconfig wlan0 hw ether 4E:53:50:4F:4F:4F
elif [ $1 == 7 ]; then
ifconfig wlan0 hw ether <your own MAC>
fi
ifconfig wlan0 up
# set the hostapd config based on relay
if [ $1 == 7 ]; then
echo -e "\nYou have chosen the BestBuy zone. Please remember that this network has no security."
echo -e "Be sure to ctrl+c this once you are finished and run ./ndsRouter.sh\n"
hostapd ./bestbuy.conf
else
timeout 60s hostapd ./streetPass.conf
ifconfig wlan0 down
fi
echo "Finished. Reverting to secure wi-fi"
sleep 2
./ndsRouter.sh
}
# second sanity check
case $1 in
[1-7])
echo "Relay checks out... time for Street Pass!" && streetPassSetup $1
exit
;;
*)
echo "That is not a valid option. Double-check the list with $0 -l or --list"
exit
;;
On line 77, put your own wi-fi adapter's MAC address. You can find this with ifconfig before doing any changes, or sudo macchanger -p
On Ubuntu based distros, you may find that the Network Manager utility will interfere with your setup and tell you there is an error with the nl80211 driver. In this case, add the following lines to /etc/NetworkManager/NetworkManager.conf:
[keyfile]
unmanaged-devices=mac:yourwifiapmacaddress
This will force Network Manager to leave your wi-fi nic alone.
Once you've made all the files do a chmod +x on ndsRouter.sh and streetPass.sh
You can easily modify the listed MAC addresses or add more. Just look at the syntax for lines 65-77 and make another line with the next number in sequence. Then go to what was line 99 and change the 7 to whatever the highest number in sequence. You may also want to add your MACs to the list (lines 29-35).
There is a usage statement if you forget, but basically it's "sudo ./streetPass.sh #"
# being the relay you want to load. For a list of them, try "sudo ./streetPass --list"
There are a number of sanity checks in the script... making sure you ran with root privs and input validation so as not to break anything.
The script will setup a street pass relay of your choice for 60 seconds (more than enough time for old and new 3ds to register), then automatically switch over to your WPA2 secured hotspot... Just add this hotspot as your only connection on you 3ds and you will never have to switch around again. If you reboot/crash/whatever and just want your AP, do "sudo ./ndsRouter.sh" If you want to use your relay again, just ctrl+c run streetPass.sh
Hopefully that wasn't too long-winded and helps anyone who was concerned with having unsecured wifi leaking from their home. Let me know if you have any questions.