About
You may become a supporter of this work via one-time in-app purchases. There are two separate models, iOS and Android.
The iOS model (came first) offers unlimited standard features, and a tip jar "Supporter" which unlocks extra features.
The Android model (newest) offers unlimited basic (free) features, unlimited standard features for small fee (30% of iOS lowest supporter tier), and extra features (includes standard) for a premium fee (half the iOS lowest supporter tier).
| feature set | iOS | Android |
|---|---|---|
| basic | free | free |
| standard | free | free: add one new Network in-app Standard: unlimited |
| premium-extra | in-app supporter tier | in-app: Premium |
- basic:
- select between multiple Raspberry Pi in bluetooth reach of the App
- Changing Connection between networks previously set up on your Raspberry Pi.
- bluetooth data is sent in clear text
- standard: (includes basic)
- Add new Networks on any Raspberry Pi via App (select SSID)
- Add hidden Network (SSID not advertized)
- Premium-extra: (includes standard):
- Deleted Network from Raspberry Pi - Android only.
- Encryption: Bluetooth data is encrypted
- Control who can connect to your Raspberry Pi (with password)
- Extra info on Networks 0 included Raspberry Pi's IP Address
- User define info sent back and displayed on the App.
See user guide for details with screenshots or how to videos
Encryption
TLDR, What encryption does
The encryption, when turned on encrypts the data related to network SSID and password, which is exchanged between the phone app and the Raspberry Pi.
An encryption password is set on the RPi, and must be manually entered once in the phone app. This is used to create an encryption key. This key is used to encrypt/decrypt all data. Eavesdroppers and man-in-the-middle attacks see only encoded data (gibberish to them).
The password also acts as a lock: If the user does not have it, The Bluetooth connection is immediately terminated (from the Raspberry Pi). Thus you are locking the PI. Anybody can download and install the phone App. They can see your Raspberry Pi is the list for the purpose of connecting to it via Bluetooth - but they can;t connect and change anything on the pi without the password.
Important: Do not forget to change the default password created when you installed the btwifiset python code on the RPi. See how
Why use encryption
The free version of the app exchanges data with the Raspberry Pi without any data encryption. This means that passive eavesdropping with a so-called Bluetooth Sniffer can intercept the network SSID and password sent from th iOS/Android device to the Raspberry Pi.
If you are only using the phone app in an area where you know your bluetooth transmissions cannot be intercepted, encryption is not necessary. (Bluetooth 5.0 is quoted to reach up to 400m indoors - but this depends on both your iOS/Android device and raspberry Pi version). On the other hand, anytime you use the BTBerryWifi app in a public space or in a building where other rooms/apartments are close enough to eavesdrop on your bluetooth connection, you run the risk of the SSID & passwords being intercepted.
Why locking the Raspberry Pi
If You have switched on Encryption on the Raspberry Pi (using the App), other user of the BTBerryWifi app must supply the correct password in the app in order to stay connected to your Raspberry Pi.
In practice, anybody can download the phone app BTBerryWifi, turn it on, and see if there are any Raspberry Pi (with the btwifiset.python code installed), in the vicinity. They can then connect to the Raspberry Pi, receive the list of Networks available, and have the Raspberry Pi connect to any of those.
So, if your Raspberry Pi(s) is used in a public place, a user with the free BTBerryWifi app can change the wifi on your Pi. This could be a problem if they have switched your Pi to a wifi network that they now have access to with their laptop for example, they can attempt to SSH into it, or use various other wifi enabled apps available for iOS and Android to control/modify your RAspberry Pi.
By Locking the Pi - the user must know the encryption password to stay connected and move on past the connection screen. If the Encryption/Lock the RPi feature is turned on, and the user does not have the password, the phone app immediately disconnects from the RPi and requests that the password be entered.
Encryption can be turn on or off using the Lock Tab screen on the App - after establishing a bluetooth connection with the Raspberry Pi.
Encryption Password management
If you used the automatic installer script when you first installed the Python code on the RPi, you were asked for an encryption password. If you did not enter one, the host name of your Raspberry Pi was used as a default.
Warning: this is not a very safe password since the hostname of your RPi is displayed in the list when a user connects. So you should change the password with the procedure described here.
The password on the RPi is stored in a simple (text) file named: Crypto (no extension) found in the /usr/local/btwifiset directory where the btwifiset.py code was installed on your Raspberry Pi.
Please do not change the name of this file, or encryption will not work. A small python utility (btpassword.py) can be launched to view or change the password. SSH in the Raspberry Pi/open a terminal session and do this:
cd /usr/local/btwifiset
sudo ./btpassword.py
The password is easy to find/see because it is assumed that users who can already ssh in the RPi or have physical access via monitor/keyboard have the rights to see or change the password for the BTBerryWifi app.
The password on the iOS/Android device must be entered once manually in the App. Once entered, it is checked against the password on the RPi using encryption, and if successful, the password is stored on your device: you do not need to enter it again. The device remembers each different password for each separate RPi it connects to.
Extra Information
Supporters have access to extra information about the RPI and the wifi connection. The following information is displayed on the Info Tab on the iOS device screen, after establishing a bluetooth connection with the RPi.
IP Address
If the RPi is connected to a wifi network, both the IP4 and IP6 local wifi network addresses is displayed. This can be useful if you need to use the IP address to ssh into the Raspberry Pi after setting up a new wifi connection.
Note: this is the ip address on your local area network - not the internet connection IP address that is exposed through the network - if the network has a connection (WAN) to the internet. If encryption is turned on, these are encrypted.
MAC Address
The mac addresses for the ethernet (eth0), wifi (wlan0) and bluetooth (hci0) adapters of the RPi as displayed. If encryption is turned on, these are encrypted.
Network signal strength/channel
A list of all wifi networks available to the Raspberry Pi are displayed. For each network, the following information is displayed:
- Network SSID name
- Signal strength expressed in dBM (negative number: less negative is stronger)
- the channel and the frequency used by the router/access point for this network. (this is useful when setting up a router to analyze interference with existing routers/Access Points) If encryption is turned on, these are encrypted.
User defined other information
The iOS screen will display text generated by the Raspberry Pi, at the time when the tab "info" is entered. This data is most often generated via a bash call (linux command line), but it can be generated by any program you write. The only limitation is that the resulting information is packaged as a Python String.
You need to edit the btwifiset.py code in one specific location - to define the information you want:
- Open the python file btwifiset.py in an editor. The file is located at: /usr/local/btwifiset. You will need to launch the editor with sudo since the file is owned by root.
- Locate the method "otherInfo" in the class "WifiUtil"
- Follow the instructions in the doc strings.
- The default implementations makes bash calls that return the cpu temperature and the memory usage.
This information data is not encrypted between the RPi and the iOS device (to satisfy the USA encryption export regulation exemption that this app uses).