Monday, September 7, 2015

WPS on Buffalo APs with DD-WRT

I have a Buffalo 802.11n dual-band router (WZR-600DHP) that comes with a Buffalo-customized version of the DD-WRT firmware. It's worked pretty well for me for more than a year and half, the exceptions being: 1) the 5 GHz range is so bad that it's basically useless. 2) by default, it advertises over Wi-FI that WPS is available, even if WPS is disabled.

In case you don't know, WPS (which stands for Wi-Fi Protected Setup) is a technology that was designed to make it easier to connect to a Wi-Fi network. Unfortunately, it is very easy for someone to gain unauthorized access to a Wi-Fi network with WPS enabled due to a well-known vulnerability.

One of the DD-WRT developers (BrainSlayer) says the implementation of WPS in the Buffalo firmware is not susceptible to a brute-force PIN attack (aka the Reaver attack after the automated tool of the same name):
we know the reaver attack and we immediatly modified the code to solve that issue at the time reaver was comming out. no dd-wrt based product is affected of it
That's sort of reassuring, although there's no documentation of which version of the firmware blocked the attack and which older versions of firmware are vulnerable. Furthermore, later research showed that it was possible to calculate the WPS PIN based on a single guess on certain implementations of WPS, though I don't know if Buffalo DD-WRT is affected by that issue.

Since I never use the WPS functionality anyway, I just went ahead and disabled it altogether.

To disable WPS in Buffalo DD-WRT:
  • Log into your router and go to Wireless > AOSS/WPS.
  • Under WPS, select the Disable radio buttons next to WPS Button and PIN Method.
  • Click the Apply Settings button at the bottom.
Here's the annoying thing: Even if you disable WPS, DD-WRT will persist in advertising to any interested Wi-Fi device that your network supports WPS. I might not be vulnerable to a WPS attack, but I'd rather not attract potential attackers to my network.

Fortunately, some smart people on the DD-WRT forums came up with a workaround:
  • Log into your router and go to Administration > Commands
  • Under Startup, click the Edit button. Paste the below into the Commands field at the top:
/bin/sed s/wps_state\=1/wps_state\=0/g -i /tmp/ath0_hostap.conf
/bin/sed s/wps_state\=1/wps_state\=0/g -i /tmp/ath1_hostap.conf
/bin/ps | /bin/grep '[h]ostapd' | /usr/bin/awk -F" " {'print $1'} | /usr/bin/xargs /bin/kill -HUP 
  • Click the "Save Startup" button at the bottom.
  • Go to Administration > Management and click the "Reboot Router" button at the bottom.
Once your router is done rebooting, you should see that your SSIDs no longer appear to support WPS. w00t!

If it didn't work, try this version of the script instead:
/bin/sed s/wps_state\=2/wps_state\=0/g -i /tmp/ath0_hostap.conf
/bin/sed s/wps_state\=2/wps_state\=0/g -i /tmp/ath1_hostap.conf
/bin/ps | /bin/grep '[h]ostapd' | /usr/bin/awk -F" " {'print $1'} | /usr/bin/xargs /bin/kill -HUP
Note that because the script runs at startup, if you toggle your radios off and on, WPS will start showing up again. To make it go away, you'll either need to restart the router or run the commands manually:
  • Go to Administration > Commands.
  • Click the Edit button below the Startup field to copy the script into the Commands field.
  • Click the Run Commands button at the bottom.

Monday, August 24, 2015

Installing TomatoUSB firmware on a Linksys WRT310N v1

Picked up a used WRT310N v1 for cheap, so thought I'd throw an alternative firmware on there.

Side note: If you want to know if your WRT310N is a v1 or v2, flip it over and look at the serial number on the label:
  • If the serial starts with "CSF0", then it's a v1
  • If the serial starts with "CSF1", then it's a v2
Fortunately, this model supports both DD-WRT and TomatoUSB. I find DD-WRT to be a bit overwhelming, and I've grown fond of the Tomato UI over the years, so TomatoUSB it is.

Weirdly enough, the TomatoUSB website doesn't really have any installation instructions except for one ASUS model, but here's what worked for me:

1. Download a supported build from the Download page. The site indicates only the Kernel 2.4 versions are compatible, so I picked the "NoUSB Std" build of the Kernel 2.4 version.

Update 10/28/15: Apparently Wireless-N (802.11n) support is broken in the build I was using, which meant that my download speeds were capped at 1 mbps. The workaround is to change the Wi-Fi mode to "B/G Mixed," but because I live an XTREME lifestyle, I instead switched to a Shibby build (catchily named "tomato-ND-1.28.5x-124-VPN.trx" and available here) that fixed the issue.

Of note, Shibby has an opt-in feature called TomatoAnon that reports basic stats on your router so people can see what kinds of hardware and builds are being used around the world. The feature uses an MD5 hash of your router's MAC addresses so that it can tell routers apart from each other. The code is open source and the hashing provides a high level of anonymity, so I didn't mind enabling it.

2. Extract TRX file from the RAR file you downloaded. You'll need an archiving utility like 7-Zip to open the RAR file.

3. Change the extension of the TRX file to BIN. So if it was named "tomato-blah-blah.trx" before, it will say "tomato-blah-blah.bin" after. Windows will warn you about changing the extension, but it's fine.

4. Make sure your PC is connected to the router over a wired connection, then log into the Linksys web interface.

5. Go to the Administration tab, then select Firmware Upgrade. Select the BIN file you just renamed, and then upload it to your router.

6. Wait for it to restart, then try to connect to your router again in your web browser. The IP address of your router is now (it might not have been before) and the username and password are admin/admin.

7. You should now be in the Tomato interface! Now that you're in, you'll want to nuke the NVRAM to clear out any cruft in there. It's under Administration > Configuration > Restore Default Configuration > "Erase all data in NVRAM Memory (thorough)." The router will reset again.

8. Log back in and change your admin password now before you forget. Then muck around and set up the router just the way you like it.

Tuesday, August 13, 2013

A new maid cafe in LA?

The LA area has been going maidless since the closure of Culver City's Royal/T Cafe last July with the brief exception of Anime Expo. Now comes word that the Maidreamin chain from Japan plans to open a branch in LA in the Little Tokyo neighborhood. An exact date has yet to be announced, but you can get the latest updates on the Maidreamin USA Facebook page.

Here's hoping they can capture the magic of Akiba maid cafes in a financially sustainable way.

Sunday, August 11, 2013

The future of maid cafes in Japan

Seldom discussed about maid cafes is the actual economics behind them, i.e. how they actually make money. For those of you who have visited one, it's apparent from the table charge and various other fees (playing a game with a maid, taking a picture with a maid) that it's certainly no charity. But opening a cafe is hardly a sure thing - with constant competition, both from the established players and new entrants, the survival rate is less than 50%, according to a Japanese article from business news site PRESIDENT translated by RocketNews24.

According to the author, maid cafes are struggling to define their art in the way that maiko have over centuries at teahouses in Kyoto. My take on the situation? Let's not over-intellectualize the reasons for ups and down in the maid cafe market. Running any kind of restaurant is tough, especially in a fiercely competitive market like Tokyo. Is the turnover of maid cafes really any higher than that of other restaurants in Akihabara? The basic tenets of running a successful restaurant - ambiance, food quality, service - still apply to maid cafes. The ones that provide a consistently great experience are the ones that will survive.

In any case, maid cafes have only been around since 2001, so it's far too early to assess their long-term cultural impact. As they say, let history be the judge...of maid cafes.

Saturday, July 27, 2013

Visiting a Tokyo Maid Cafe

Let's say you're going to Japan on vacation and you'd like to check out one of these fabled maid cafes for yourself.

The center of the maid cafe universe is indisputably the Akihabara "Electric Town" neighborhood of Tokyo, where maids in costume hand out cafe flyers on every corner.

But with such a rich variety of choices, which one should you go to? Here are a few things to keep in mind:

1. If you don't speak Japanese, go to a cafe where they have English speaking maids - the whole experience is bewildering enough even in English.

A couple of the best-known maid cafes have English-speaking maids:

Note that the particular location you visit may not have an English-speaking maid on shift, so you may have to ask: "Eigo o shabereru maido wa imasuka?" (Do you have any English-speaking maids?) or just say "English?" with a hopeful look and they will get the idea. Don't try to take a picture, though; it's against the rules and will just piss them off.

Curtis Hoffmann of Maid Runner made a phenomenal chart with reviews of every maid cafe in Akiba circa 2010, including whether they have English-speaking maids and English menus.

2. If you're visiting as a tourist, go to a cafe where they have entertainment - a reasonably sized stage is a good indicator, such as the fourth floor of @Home's main location. Some cafes are more like actual restaurants, where they give you your order and mostly leave you alone, which is great for regulars and pretty boring for one-time visitors.

3. Know the rules. Yes, there are rules. Curtis of Maid Runner did a great job of writing them up, so take a couple of minutes and read up. One I would add is that there will be a table charge on your bill for occupying space in the cafe (@Home charges 600 yen, or about $6, per hour per person).

4. Enjoy it! Yes, it's totally bizarre, but don't just sit there looking confused. Order a big sundae and spend 500 yen on a photo with a maid. You'll be glad you did.

Maid in the USA?

Maid cafes have had a rough time of it in the US.

Aside from maid cafes at the major anime cons and the floating maid brigades (see right sidebar), there's only one active maid cafe I'm aware of, My Cup of Tea, in Washington D.C.

Fallen by the wayside:
Are there hidden American maid cafes out there? Tell me in the comments.

Sunday, June 23, 2013

4 Unusual Japanese Cafe Concepts

Japan really does takes the themed restaurant thing more seriously than anywhere outside of a Medieval Times.

Here are a few of the stranger cafe and bar concepts you'll find in Tokyo:

1. Nyanron Hanten is a cat/vampire/maid-themed Chinese restaurant in Akihbara. Yes, this is perhaps the first and only usage of "cat-slash-vampire-slash-maid."

Unfortunately, the ambition seems to have exceeded the execution. Despite the cute staff and surprisingly decent-looking mabo tofu, the interior and costumes are nothing special.

Still, there must be some appeal to it since someone saw fit to open another vampire maid bar in Akiba.

Photo: Weekly ASCII
Photo: Moeten
2. Prison Bar Capture in Ueno is a "girls bar" where you are served by women dressed as sexy police officers. (A girls bar is a bar with cute female staff where, in addition to paying for drinks, you pay a fixed charge for however long you stay there, in this case about $20/hr.) The ultramodern interior just doesn't do justice (heh) to the prison theme - a missed opportunity in my book.

3. Girls Office Tokyo was an "office lady" or "OL" themed cafe in Akihabara. In Japan, the term "office lady" (Wikipedia) is a widely-known archetype for women in administrative roles at Japanese companies. The cafe was staffed by attractive young women in business attire, but the bare interior left much to be desired. In any case, the OL-fetish market was clearly not as lucrative as expected since they went under earlier this year.

Photo: Radio Kaikan

That's one sad-looking office. (Photo: Radio Kaikan)

4. Grand Pirates is a pirate-themed maid cafe in Akihabara. The costumes are well-done and while pictures of the inside are scarce, they seem to have done a nice job with the interior design and decorations. I might stop in for a visit next time I'm in Akiba.

Photo: sho Panda

Here's a video showing how to get there from the JR station:

Recommended reading:
  • Twisted Sifter's great round-up of three crazy theme restaurants in Tokyo, a ninja one, a horror prison one, and an Alice in Wonderland one.
  • The Daily Mail's review of the amazing Robot Restaurant in Shinjuku where giant female robots are controlled by real female staff.