Is it possible to "fake" being connected to a router?

Question

A friend of mine is taking a UNIX systems class and mentioned to me that when they take exams they do so on their computers. That is all students are using their own computer/laptop. Students are not being provided a computer by the professor. In an attempt to prevent cheating and googling of the answers, all student's are required to connect to a router that the professor has set up in order to take the exam. This router is not connected to the internet.

If anyone disconnects from the router during the exam time the professor then knows that they were potentially trying to use the internet. Apparently he has told his class that this system is "foolproof" and is so confident in its ability to prevent student network access he often leaves the room during the exam.

I admit that I'm not particularly well versed in this area of networking but theoretically couldn't this safeguard be defeated by using something resembling a man in the middle attack. You spoof a MAC address and IP and send that to the target router, which then thinks you are connected even though there is no real connection? Or is this problem network card based, where the vast majority of computers only have 1 wifi card and can therefore only do network related tasks for 1 network at a time.

I don't believe there is a textbook for the class, all the material is purely based off lectures. That being said, and as others have mentioned, there are plenty of ways to cheat that don't involve directly interacting with the router. I just thought it was interesting to see how you could directly beat the intended safeguard. — Ryan, Apr 27 '17 at 03:33
I do hope this question has been asked purely for referential purposes, otherwise humanity is apparently doomed. If students these days can't fool an exam system with this level of _security_ themselves, I don't dare imagine what they actually _do_ learn:) — Pavel, Apr 27 '17 at 07:06
How would you ever know a computer is connected or not? Just by default OS-network traffic? Seeing a number of IPs taken by dhcp and those IPs talking? — SchreiberLex, Apr 27 '17 at 07:28
how do you take the test? in a browser? the quiz webapp can easily just try to ping an outside site and if it replies (using a 2nd net connection to the wan), you're busted. of course, this can be blocked, but how many undergrands can setup custom routing and a 2nd nic? — dandavis, Apr 27 '17 at 07:28
Does he fail you for cheating if your battery dies? If he's not even in the room, I don't see how his system would even stand up to scrutiny if you came up with a plausible excuse. Heck, sometimes network connections just go down for no apparent reason. How could he prove that didn't happen? And what if *his* computer experiences a problem and loses all the connections? — jpmc26, Apr 27 '17 at 09:37
After more than 10 Years, I'm giving you my 1rst cheat. _Step1._ Get the same mouse as your Computer Lab _Step2._ Get usb Micro SD only card reader, usb wifi dongle. _Step3._ Put them into the mouse. If you have time you can add a controller in it. And even click monitoring to activate the rogue dongle. If the mouse is a M90 or older version. You can easly make the card reader usable with out opening the mouse. You now have a mouse with 32Gb of storage, portable Vm, wifi connexion. — Drag and Drop, Apr 27 '17 at 10:01
Technically, "foolproof" means only that a fool can't break the system, right? — Federico Poloni, Apr 27 '17 at 13:42
If the professor leaves the room - why doesn't every student just pull out their smartphones? — Arminius, Apr 27 '17 at 13:43
You might change the word "router" to "access point" or "wireless access point". I did not at all understand that you meant a wireless access point until I read the highest voted answer, and from a networking standpoint (my field) it didn't make a lot of sense. — Todd Wilcox, Apr 29 '17 at 21:10
@lex the link state on directly connected equipment would change. So either it is a switch not a router or there are only a few machines and all directly plugged into the router. — eckes, Apr 30 '17 at 12:17
If the router is accessible by hand, plug the router into another router that *is* connected to the internet. All of a sudden, everyone has internet. — Mast, May 01 '17 at 06:59
Bluetooth connection to a mobile phone with Internet sharing (tethering) enabled. — user147106, May 01 '17 at 08:20
you need to provide more detail on the **location, environment, and conditions where this exam is happening**, and whether connection to the professor's router is by hardline (cat5 lan cable) or by wireless. Because if by wire, then most laptops also have wireless. First thing that comes to mind is If your phone gets signal then you can just tether your laptop to your smartphone which never leaves your pocket, and unless the professor physically checks everyone and uses a wifi scanner to detect the tethering then the professor would never know. — ron, May 01 '17 at 12:28
Wow. That is truly craptacular. It would be so much fun to run aireplay-ng in that room. Just kick everyone off the network, that way he won't know who is doing it. And by the way, I wonder if he ever changed the default credentials for the admin page on his "secure" router... — B00TK1D, May 01 '17 at 15:48
Use the [Innernette](https://www.youtube.com/watch?v=GIA17H-b7Qs)! — transistor1, May 02 '17 at 01:12

Arminius · Accepted Answer · 2017-05-01T06:16:34.593

119

Well, obviously it's not "foolproof". Depending on your capabilities, there are plenty of ways to cheat.

Your professor has a point in that your standard wireless network card won't simply support a simultaneous connection to multiple different APs, thus preventing your from using that particular interface for an Internet connection. (Although with some tinkering you could possibly alternate between networks without letting the professor's AP take notice by tweaking your driver to omit the layer-2 management frames that are supposed to notify the AP of your intent to dis-/reassociate.)

However, there are also easy workarounds:

Build in a second network adapter (or plug in an external USB one, once the professor leaves) to connect to a network with Internet access. You can easily do this without interrupting your existing connection.
Connect with your phone or another device instead of your real computer. On that device you can configure the broadcasted MAC address to match the one of your computer. This could fool your professor but probably wouldn't withstand a forensic investigation of the traffic.
Use Bluetooth. Most laptops have built-in BT, so you could just tunnel your traffic via BT to a hidden device that itself is connected to the internet.
Get creative. There are plenty of ways to bridge an apparent air gap. You might use your sound card to transmit data in a small range (or even your hard drive for that matter) - but then again you could also spend that time studying for the exam.

One effective countermeasure might be capturing every student's screen during the exam, but personally I find that very intrusive. Ultimately, if the professor allows students to use their own computers there will always be some way to prepare the devices to cheat.

edited May 01 '17 at 06:16

answered Apr 27 '17 at 00:56

Arminius

43,922
13
140
136

"second network adapter" - I would guess you're going to be having a fun time toying with the IP tables in that case? – John Dvorak Apr 27 '17 at 06:42
12

@JanDvorak Not at all. Use two different subnets and set the default route for the "hidden" internet access and you're ready. – rbialon Apr 27 '17 at 06:49
75

@JanDvorak: or give exclusive use of the second adapter to a VM, and use *that* for internet access - thus keeping your host machine connected *only* to the professor's machine, and in turn obeying the letter of the law, if not the spirit. – flith Apr 27 '17 at 06:52
You'd need to check that there wasn't a script running sending packets to a device the other side of the router. Changing the default gateway would stop those packets going down his router and make them go out your internet connection instead, thereby indicating to him that you had connected something elsewhere. – Matthew Steeples Apr 27 '17 at 07:45
The professor would surely detect use in addition to simply the connection (how else would they establish if a student is "googling for the answers"?). – ti7 Apr 27 '17 at 15:34
8

@ti7: By just not having the router connected to the internet at all? – psmears Apr 27 '17 at 16:48
1

Right, forgetting my undergraduate studies SO 103 (Advanced Topics in Commenting): Read the question again and eat before putting things up .. My example is was in error, but most computers leak information about themselves to the network in the form of periodic queries. If your professor is this nutty, they could compare the signatures between tests to determine if devices had changed .. @flith 's example handily gets around this. – ti7 Apr 27 '17 at 18:57
7

I think 2 interfaces on one machine are easy to detect. (doesn't affect filth's answer) I'd do the following as the professor: on the test website add a script which periodically tries to get a resource from a list of "normal public addresses". (for example CDNs) If any of them are requested properly, you're auto-reported for cheating. Now you not only have to have proper routing, but also bind your browser to a single interface only (doable with network namespacing in linux) – viraptor Apr 27 '17 at 23:05
3

another way is to perform a DoS attack on the router so that it will lose all connections/reboot/etc. – Display Name Apr 28 '17 at 07:38
Modify the route metric so your phone prefers the cellular connection to Wi-Fi. – chrylis -cautiouslyoptimistic- Apr 28 '17 at 14:35
You don't even need a second wireless NIC. You can create a virtual one without any issue, complete with it's own spoofed MAC address and unique IP address, and use that to connect to the internet. – Hydranix Apr 28 '17 at 19:06
2

@Hydranix: Most wireless network interfaces can only associate with a single access point at once. – R.. GitHub STOP HELPING ICE Apr 29 '17 at 03:09
@viraptor You could just disable javascript – Roshan Bhumbra Apr 29 '17 at 19:19
2

Using a virtual machine that uses the second wifi adapter might help avoid detection. Not sure. – Buttle Butkus Apr 30 '17 at 02:19
@RoshanBhumbra You don't need JS for this. An iframe with meta refresh and an image tag will do just fine. (detect it on server side) Alternatively you can require JS for the test itself to work. – viraptor Apr 30 '17 at 02:39
2

Another absurd way to bridge the gap: [IP over QR codes](http://hackaday.com/2016/11/22/ip-over-qr-codes/). – tadman Apr 30 '17 at 04:43
2

I'd like to note that it's possible the instructors intent is them getting past this..... – Anoplexian May 01 '17 at 14:43

score 55 · Answer 2 · answered Apr 27 '17 at 00:56

55

You don't need to fake being connected to a router. The simplest way to ensure that you're detected as being connected to a router is to be genuinely connected to that router. That doesn't mean you're connected only to that router.

A $10 USB wifi adapter or a slightly more expensive 3G/4G adapter can connect a PC to the Internet, bypassing any other network connection that they might have. The PC would of course need to be configured carefully, make sure that it isn't forwarding packets between its connection to the Internet and its connection to the professor's router or the game would be up.

The only way for the professor to know that the students are cheating would be to retain full control over the computers, i.e. ensure that the students can't make changes to the network configuration and can't activate any hotplugged peripherals. And of course the professor should ensure that the students aren't discreetly using a mobile phone.

answered Apr 27 '17 at 00:56

Gilles 'SO- stop being evil'

50,912
13
120
179

4

In college, worked in a computer lab where every time exam time came around, we had to re-image all the machines to have no internet or network access at all. Boy ever was *that* fun; something went wrong every time. – KRyan Apr 27 '17 at 18:19
4

@KRyan Couldn't you just delete the network drivers? That has the added bonus of hideous error messages whenever somebody tries to do anything (though those are usually printed to `/dev/tty0` and not the GUI). – wizzwizz4 Apr 27 '17 at 19:04
1

@wizzwizz4 I don’t honestly know what was or wasn’t done—I should be clearer, I worked in the lab as the TA for the exam, rather than actually being in charge of the lab and the re-imaging. – KRyan Apr 27 '17 at 19:09
@KRyan Couldn't they set up VLANs so the test machine could only access the test server? Or if it's no network access at all... just unplug the room's switch? – user253751 Apr 28 '17 at 01:48
2

@immibis No access to the school network, but linked together in a little private network of just the machines in that room, for turning the exam in. And I’m sure it could have been done better; the sys admin was an ancient, jovial little man who didn’t really seem to be 100% up on his game there. – KRyan Apr 28 '17 at 02:05
@KRyan So it should be very easy to unplug the room's switch from whatever is upstream of it. – user253751 Apr 28 '17 at 04:08
@wizzwizz4 would you like a professor going onto *your* personal computer and deleting stuff off it it? The students get to use their own PC. – user64742 Apr 29 '17 at 20:14
They probably set the machines up at start of school, and who knows what got on them over the semester, including tools and information. So by wiping them back to vanilla before exams seems quite prudent. – Engineer Apr 30 '17 at 06:28
@TheGreatDuck Fair point; I'd forgotten. (Although, if somebody managed to do that on _my_ system, I'd be quite impressed. Furious, but also impressed.) – wizzwizz4 Apr 30 '17 at 08:05

score 14 · Answer 3 · edited Apr 27 '17 at 16:58

14

In addition to the existing answers: some laptops have built-in SIM card slots. My previous laptop had one which could only be accessed by removing the battery. You could connect the built-in wifi card to the wifi provided by the router, and use the mobile internet for your cheating. This has the advantages that there is no additional wifi network - which the professor could easily track down - and no dongle that the professor might find suspicious. On the downside, you need to have a laptop with that feature (or use a dongle which provides this feature, destroying one of the advantages).

edited Apr 27 '17 at 16:58

psmears

900
7
9

answered Apr 27 '17 at 16:38

UTF-8

2,300
1
9
24

3

In order to use a dongle without suspicion, you could use a bluetooth mouse, and claim the dongle is for that mouse. This does require the laptop has built-in bluetooth, but most do nowadays. – Mateon1 Apr 28 '17 at 18:09
1

no need, `iw phy0 interface add cheat0 type station` will create a virtual wireless interface called cheat0. using `ip` you can set it's MAC address and you're ready to rock.. – Hydranix Apr 28 '17 at 19:14

AnoE · Answer 4 · 2017-04-30T11:57:01.360

11

Caution, may contain humour.

Yes, it's enough

Alright, now I got your attention.

Basically, I use an ontological argument: the fact that he is a professor who should know this kind of stuff, and is so sure, tells me that the room you are taking the test in has absolutely no possibility of WLAN or Mobile access. I.e., an underground room with lots of steel and very thick walls around.

I also deduce that the professor has verified, using all kinds of different smartphones/WLAN routers and different SIM cards (different providers), that not a single corner of the room allows any meaningful connection.

In this case, yes, he can be sure, because...

Physical connection

He can be sure that your ethernet port is and stays physically connected to his router. His router will log physical plugging/unplugging of ports (the lowest layer of the network stack - link level). There is nothing in the world you can do against it without it being very obvious. In far fetched theory (James Bond style) you could theoretically somehow screw with the cable - separate individual strands while it is connected, and connect some kind of quite involved electronic gadget with alligator clips that keep the link layer up while you disconnect your laptop.

But

We have to take more assumptions: it would be trivial for you to connect a USB-Ethernet-Adapter to your laptop and run that into some Ethernet port on the walls or on your desk which gives you internet access. Since the professor is a) knowledgeable and b) very sure of himself, this logically means that there are no such Ethernet ports available in the room.

This, and now comes the crux, means that everything he did was in vain. I.e., there was no reason to actually connect you to the router in the first place - if there is no Ethernet port available, there is no reason for you to "plug up" your laptop's port.

This, sadly, brings the whole beautiful thought building crumbling down. The professor is obviously having no clue, and everything is pointless.

Conclusion and outlook

As we look for only the best in all people, it is obvious to me that the professor is not having no clue. The point of the exercise is to detect which of the students is first to hack his protection. Those will obviously get bonus points (in the form of knowledge gained through the Internet access).

So it all makes sense. The professor is a brilliant genius who teaches you to question authority, not to blindly follow technical leaders, and think out of the box. Congratulations!

edited Apr 30 '17 at 11:57

answered Apr 28 '17 at 19:46

AnoE

2,370
1
8
12

Inventive, but I don't think so. – Wildcard Apr 29 '17 at 01:26
7

This made me want to curl into a ball and cry – Nic Apr 29 '17 at 03:51
2

If that were the case, then the professor would've told people that they get bonus points for successfully sending him and email during the exam (without him being alerted either visually or technologically) and then *stayed within the room* for the exam. To me, this seems like an overconfident person. – user64742 Apr 29 '17 at 20:18
I'd hoped that the huge amount of tongue-in-cheek in my answer would be enough to set the stage for the last paragraph. ;) – AnoE Apr 29 '17 at 20:36
Based on AnoEs reputation on the academia website. It's reasonable to assume they are a professor. I surely hope he/she is @Ryan professor. – spuder Apr 29 '17 at 23:02
@TheGreatDuck "...then the professor would've told people that they get bonus points for successfully sending him and email during the exam (without him being alerted either visually or technologically)" `echo ' echo hi professor | mail professor@school' | at $EXAMTIME` from some other computer – infixed May 01 '17 at 16:49
I think the idea of making it _physically_ impossible to connect to another WiFi is actually not so insensible. Shielding a room in a totally foolproof way is a bit tough, but _decently_ shielding a room and then using a [jammer](https://en.wikipedia.org/wiki/Radio_jamming) to make any WiFi connections impossible within should be quite doable. – leftaroundabout May 01 '17 at 22:57
@infixed oh shuddup. It was just an example. :p – user64742 May 01 '17 at 23:02
Well there could be other internal networks within range of the room that the students could connect to which would then justify why they should have all their laptops connected to the professor's network. Plus, the professor could just pace around the room and see if anyone's got a dongle sticking out of their laptop – Adam Prax May 02 '17 at 06:23
@leftaroundabout except that it is illegal to operate a jammer in some countries. – Nathan Osman May 02 '17 at 17:55
@NathanOsman definitely don't operate a purpose-built jammer in an unshielded room. But burrowing, say, a Tesla coil and letting it run during the exam, in the shielded room, can hardly be legally objectionable. The point is, the shielding makes both any transmissions from the outside weaker (so a low-power jammer will take care of the rest) and it reduces the jammer's interfering effect to any _outside_ wireless transmissions. – leftaroundabout May 02 '17 at 19:16

score 9 · Answer 5 · answered Apr 29 '17 at 09:39

9

Let's just make your professor's router act up a bit.

You can use an ESP8266 to launch a de-auth attack that disconnects everyone from the router, basically tricking the professor to think there's something wrong with his router. https://hackaday.io/project/9333-weekend-on-the-dark-side

Another option for the same attack but without dedicated hardware, launch the attack from your laptop: http://hackaday.com/2011/10/04/wifi-jamming-via-deauthentication-packets/

answered Apr 29 '17 at 09:39

Pranav

91
2

2

This doesn't actually answer the question, but I like this idea. – Kaia Leahy May 01 '17 at 12:16
1

@sethrin: I'm pretty sure it does. If the professor doesn't know who's doing it his plan is defeated, and it would serve him right for this horrendous anti-cheat idea. Nobody should be requiring reliable wireless networks for anything. This is an abomination. – Joshua May 01 '17 at 15:55
2

@sethrin: It is a very common pattern in hacks. "But X wasn't protecting against Y". Sure, but everyone thought X was, so nobody actually bothered to provide additional protection against Y. Hacking often is the art of finding gaps between assumptions and reality; rarely a matter of brute force. – MSalters May 01 '17 at 19:15
Yea, it's more of a "Screw them all" sort of hack. – Pranav May 02 '17 at 19:20

score 3 · Answer 6 · answered Apr 29 '17 at 15:22

3

A cellular modem? One can be installed inside the machine. Remembering an instructor who invited me to try to break into a server, I can't help wondering what this professor is really doing. Do you get a better mark if you defeat his system?

answered Apr 29 '17 at 15:22

kurtdriver

31
1

3

Lots of questions to answer if he has equipment to snoop on LTE... – trognanders Apr 29 '17 at 23:26
1

@BaileyS: For whom? There will be LTE chatter all the time, but you'd need to decrypt it to know what's being said. Is it just Facebook pushing notifications to smartphones, or a laptop in use? And given the high likelihood of at least _some_ LTE traffic being entirely legit, it would mean the professor would be violating a handful of laws. – MSalters May 01 '17 at 19:18
@MSalters I meant he would have a lot of questions to answer _to law enforcement_ . Even using the gear to monitor for cheating on an exam would be a crime. Just having it is probably a crime. – trognanders May 01 '17 at 19:36

score 1 · Answer 7 · answered Apr 30 '17 at 14:27

Well, this is definitely enough. When younger, we passed our exams (in a high school) each in our own room, with all books and other documents being available. The rationale for that was that if you needed to read a lesson to make an exercise, you would not have enough time to complete it.

You can certainly cheat the poor protection set up by the professor. But:

it will certainly take some time, that will no longer be usable for completing the exam
if you need to search on Internet to complete an exercise, you will spend too much time to be able to complete the exam
there is a risk that you get caught while actually connected to internet. What do you think will happen after? You have willingly cheated on a exam, bypassing a security system. Chances are that you are simply excluded from the exam.

People have always tried to cheat for their exams, and those that always passed were the ones that simply learned enough to be able to answer without cheating. You may pass once by cheating, but if there are different tests for your examination, the risk of being caught is much too high IMHO.

That being said, it is indeed very easy to setup a second router with a USB cable to a smartphone...

score 0 · Answer 8 · answered Jun 12 '17 at 15:24

The simplest solution would be to connect to your smart phone via blue tooth and connect to the internet that way. I'm ofc assuming your laptop has built in blue tooth, if it doesn't buy a blue tooth dongle.

Better yet, if he requires a physical ethernet connection to your laptop, just connect to your phone's wifi hotspot with your laptop's wifi card and skip blue tooth all together!

Is it possible to "fake" being connected to a router?

8 Answers8

Yes, it's enough

Physical connection

But

Conclusion and outlook