
Show HN: AndIodine raw UDP mode on xfinitywifi - ZnZirconium
https://gitlab.com/Zinnia_Zirconium/andiodine/-/tree/xfinitywifi
======
ZnZirconium
Hey hey hacker techbros.

I discovered a way to open random UDP ports on xfinitywifi. Then I modified
AndIodine to enable raw mode on random ports. So much speedier than DNS mode.
Fun times were had.

I know Hacker News is The Number 0x01 Best Place because when I search for
"xfinitywifi" and "iodine" Hacker News comes right up.

So to do this the way I did it you would need to build AndIodine which is open
source and Android SDK is easy to install right? And you need an iodine server
and a cloud account somewhere to host it and a DNS zone you can delegate. Oh
and the host running your iodine server needs to redirect all incoming UDP
traffic into port 53 with iptables. Whew! Too much preparation?

Or just adapt my changes to your favorite censorship circumventing UDP based
VPN app. You know you want to.

There should be like a whole startup dedicated to a "residential neighborhood
guest network road warrior" app for no reason.

Sorry I can code.

~~~
Denatonium
This is cool, but does stock AndIodine not work out of the box with raw UDP
mode where you live?

The local xfinitywifi networks in my area work with raw UDP. That being said,
I've been to some areas where the local xfinitywifi networks did not, and it
reverted to DNS tunneling.

I'm also curious who you are using for a cloud provider, as many
throttle/block inbound traffic on udp/53 to prevent DDoS attacks against
improperly-configured DNS servers.

As for commercializing/publicizing this, I wouldn't recommend it. Judging from
the effective MTU of xfinitywifi hotspots, it seems as though the gateways
broadcasting xfinitywifi are establishing an IPSEC tunnel to a local Comcast-
operated server. It would be trivial for them to shut this down in one fell
swoop by transparently redirecting all outbound traffic on port 53 to an
internal resolver.

~~~
ZnZirconium
Comcast didn't configure xfinitywifi the same way everywhere in Comcast
country? Then what's the point of having one big internet service provider if
it doesn't provide homogeneity as a service?

There's nothing to monetize here. I think censorship circumvention services
like for example Psiphon should try harder than just hoping ports 53 are open.
But Comcast country is part of the allegedly uncensored first world where
there's no market for censorship circumvention.

