client mode added (#888)

* client mode added

* Prevent OTA daemons dmclient and upgrade from running and phoning home to Verizon

* Fix workflow

* WIFI changes to support moxee. May need to rebase as delivering refactoring under other PR.

* code changes for rust based wifi client mode docs next

* Doc changes & security fixes

* Added watchdog and recover if crash occurs for wifi.

* Remove changes which were from device UI work (seperate feature which snuck into this branch)

* Add missing wifi and firewall module declarations

* cleaning up the code a bit

* Gate wpa_suplicant in installer and workflow to avoid building binary every push

* fix to check diskspace

* Improved support for subnet colisions, and attempts to rejoin network.

* Add WiFi client support and S01iptables to T-Mobile and Wingtech installers

Both installers now deploy wpa_supplicant, wpa_cli, udhcpc-hook.sh, and
the S01iptables boot-time firewall script. Config generation uses the
shared install_config/install_wifi_creds helpers instead of manual string
replacement.

* Revert "Add WiFi client support and S01iptables to T-Mobile and Wingtech installers"

This reverts commit 944b369c4f.

* Fix build: ignore unused wifi_ssid/wifi_password fields in T-Mobile and Wingtech installers

* Moved to a wifi crate

* Add host route and arp_filter to prevent subnet collisions

* add wakelock so kernel doesn't shut down wifi on battery when wifi is enabled

* Move wifi to external wifi-station crate, remove wifi from installer, extract OTA blocking

* fixed outdated info, moved udhcpc hook to wifi-station crate.

* Update to new version of wifi-station

* Address PR review feedback: replace Docker wpa build, add iw, remove OTA, revert unrelated changes

- Replace Docker-based wpa_supplicant build with shell script (scripts/build-wpa-supplicant.sh)
- Add iw cross-compilation and deployment to Orbic installer
- Skip wifi tool install if binary already exists on device
- Remove OTA daemon blocker (extracted for separate PR)
- Revert unrelated UZ801 and T-Mobile installer changes
- Remove connection.rs test scaffolding
- Rewrite S01iptables init script to read config.toml directly
- Pin url crate to 2.5.4 to fix MSRV

* Fix build script: use bash for parameter substitution

The ${VAR//pattern/replacement} syntax is a bash extension that
doesn't work in dash (Ubuntu's /bin/sh).

* Fix iw build: export PKG_CONFIG_LIBDIR as env var

Passing PKG_CONFIG_LIBDIR as a make variable doesn't export it to
$(shell pkg-config ...) calls. Set it as an environment variable
so pkg-config finds the cross-compiled libnl.

* Point wifi-station to GitHub rev 97c579a

* add comment

* Update daemon/src/config.rs

Add decorators

Co-authored-by: Andrej Walilko <walilkoa@gmail.com>

* Update daemon/src/server.rs

add utopia doc support

Co-authored-by: Andrej Walilko <walilkoa@gmail.com>

* Update daemon/src/server.rs

add utopia doc support

Co-authored-by: Andrej Walilko <walilkoa@gmail.com>

* Update to wifi-station with utoipa doc strings

* add utoipa to wifi-station

* added WPA3 support

* fix firewall port detection, update wifi-station to c267d37

fix ntfy port_or_known_default, comment out ntfy_url in config
template, update wifi-station with resolv.conf bind mount
fallback, udhcpc_bin config, and module path fix for UZ801

* show wifi UI for tmobile and wingtech, add udhcpc_bin config

both devices have wifi hardware and backend support. wingtech
verified on hardware (QCA6174 via PCIe). uz801 excluded for now
due to driver scan limitations with hostapd active.

* install wifi tools from orbic-usb installer, fix DNS default to Quad9, bump wifi-station rev

* fix Modal scroll listener leak, correct file transfer timeout math, document firewall fail-open, clarify UZ801 wifi status

* build-dev.sh: build wifi tools so install-dev works for orbic-family devices

* update Cargo.lock for wifi-station e8ec5b4

* fix setup_timeout_server crypto provider install, apply rustfmt

* Update installer/src/connection.rs

Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>

* Update installer/src/orbic.rs

Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>

* apply rustfmt to AdbConnection::run_command

---------

Co-authored-by: Andrej Walilko <walilkoa@gmail.com>
Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>

installer/build.rs

@@ -17,6 +17,11 @@ fn main() {
         .join(&profile);
     set_binary_var(&include_dir, "FILE_ROOTSHELL", "rootshell");
     set_binary_var(&include_dir, "FILE_RAYHUNTER_DAEMON", "rayhunter-daemon");
+
+    let wpa_dir = Path::new(env!("CARGO_MANIFEST_DIR")).join("../tools/build-wpa-supplicant/out");
+    set_binary_var(&wpa_dir, "FILE_WPA_SUPPLICANT", "wpa_supplicant");
+    set_binary_var(&wpa_dir, "FILE_WPA_CLI", "wpa_cli");
+    set_binary_var(&wpa_dir, "FILE_IW", "iw");
 }
 
 fn set_binary_var(include_dir: &Path, var: &str, file: &str) {

installer/src/connection.rs

@@ -43,6 +43,47 @@ pub async fn install_config<C: DeviceConnection>(
     Ok(())
 }
 
+/// Install wifi tools (wpa_supplicant, wpa_cli, iw) to /data/rayhunter/bin.
+///
+/// Skips any binary that is already present on the device (e.g. provided by firmware),
+/// since those may be newer or better-integrated than the bundled versions.
+pub async fn install_wifi_tools<C: DeviceConnection>(
+    conn: &mut C,
+    wpa_supplicant: &[u8],
+    wpa_cli: &[u8],
+    iw: &[u8],
+) -> Result<()> {
+    let tools: &[(&str, &str, &[u8])] = &[
+        (
+            "wpa_supplicant",
+            "/data/rayhunter/bin/wpa_supplicant",
+            wpa_supplicant,
+        ),
+        ("wpa_cli", "/data/rayhunter/bin/wpa_cli", wpa_cli),
+        ("iw", "/data/rayhunter/bin/iw", iw),
+    ];
+    for &(name, dest, payload) in tools {
+        if device_has_binary(conn, name).await {
+            println!("{name} already on device, skipping");
+        } else {
+            conn.write_file(dest, payload).await?;
+            conn.run_command(&format!("chmod +x {dest}")).await?;
+        }
+    }
+    Ok(())
+}
+
+async fn device_has_binary<C: DeviceConnection>(conn: &mut C, name: &str) -> bool {
+    // `command -v` is a POSIX shell builtin, so it works on minimal busybox firmware
+    // even when /usr/bin/which is absent.
+    conn.run_command(&format!(
+        "\"command -v {name} >/dev/null 2>&1 && echo FOUND || echo MISSING\""
+    ))
+    .await
+    .map(|out| out.contains("FOUND"))
+    .unwrap_or(false)
+}
+
 /// Check if a directory exists using a DeviceConnection
 pub async fn dir_exists<C: DeviceConnection>(conn: &mut C, path: &str) -> bool {
     conn.run_command(&format!("test -d '{path}' && echo exists || echo missing"))
@@ -172,7 +213,13 @@ impl TelnetConnection {
 
 impl DeviceConnection for TelnetConnection {
     async fn run_command(&mut self, command: &str) -> Result<String> {
-        crate::util::telnet_send_command_with_output(self.addr, command, self.wait_for_prompt).await
+        crate::util::telnet_send_command_with_output(
+            self.addr,
+            command,
+            self.wait_for_prompt,
+            std::time::Duration::from_secs(10),
+        )
+        .await
     }
 
     async fn write_file(&mut self, path: &str, content: &[u8]) -> Result<()> {

installer/src/orbic.rs

@@ -13,7 +13,7 @@ use sha2::{Digest, Sha256};
 use tokio::time::sleep;
 
 use crate::RAYHUNTER_DAEMON_INIT;
-use crate::connection::{DeviceConnection, install_config};
+use crate::connection::{DeviceConnection, install_config, install_wifi_tools};
 use crate::output::{print, println};
 use crate::util::open_usb_device;
 
@@ -53,8 +53,15 @@ pub struct AdbConnection<'a> {
 }
 
 impl DeviceConnection for AdbConnection<'_> {
+    /// Runs through /bin/rootshell so commands execute as root (install_wifi_tools needs
+    /// chmod on root-owned files). setup_rootshell must have succeeded before an
+    /// AdbConnection is created; callers in this module (setup_rayhunter) enforce that
+    /// ordering.
     async fn run_command(&mut self, command: &str) -> Result<String> {
-        adb_command(self.device, &["sh", "-c", command])
+        adb_command(
+            self.device,
+            &["/bin/rootshell", "-c", &format!("\"{command}\"")],
+        )
     }
 
     async fn write_file(&mut self, path: &str, content: &[u8]) -> Result<()> {
@@ -146,7 +153,11 @@ async fn setup_rootshell(adb_device: &mut ADBUSBDevice) -> Result<()> {
 async fn setup_rayhunter(mut adb_device: ADBUSBDevice, reset_config: bool) -> Result<ADBUSBDevice> {
     let rayhunter_daemon_bin = include_bytes!(env!("FILE_RAYHUNTER_DAEMON"));
 
-    adb_at_syscmd(&mut adb_device, "mkdir -p /data/rayhunter").await?;
+    adb_at_syscmd(
+        &mut adb_device,
+        "mkdir -p /data/rayhunter/scripts /data/rayhunter/bin",
+    )
+    .await?;
     install_file(
         &mut adb_device,
         "/data/rayhunter/rayhunter-daemon",
@@ -159,6 +170,13 @@ async fn setup_rayhunter(mut adb_device: ADBUSBDevice, reset_config: bool) -> Re
             device: &mut adb_device,
         };
         install_config(&mut conn, "orbic", reset_config).await?;
+        install_wifi_tools(
+            &mut conn,
+            include_bytes!(env!("FILE_WPA_SUPPLICANT")),
+            include_bytes!(env!("FILE_WPA_CLI")),
+            include_bytes!(env!("FILE_IW")),
+        )
+        .await?;
     }
 
     install_file(
@@ -173,8 +191,15 @@ async fn setup_rayhunter(mut adb_device: ADBUSBDevice, reset_config: bool) -> Re
         include_bytes!("../../dist/scripts/misc-daemon"),
     )
     .await?;
+    install_file(
+        &mut adb_device,
+        "/etc/init.d/S01iptables",
+        include_bytes!("../../dist/scripts/S01iptables"),
+    )
+    .await?;
     adb_at_syscmd(&mut adb_device, "chmod 755 /etc/init.d/rayhunter_daemon").await?;
     adb_at_syscmd(&mut adb_device, "chmod 755 /etc/init.d/misc-daemon").await?;
+    adb_at_syscmd(&mut adb_device, "chmod 755 /etc/init.d/S01iptables").await?;
     println!("done");
     print!("Waiting for reboot... ");
     adb_at_syscmd(&mut adb_device, "shutdown -r -t 1 now").await?;

installer/src/orbic_network.rs

@@ -8,7 +8,9 @@ use serde::Deserialize;
 use tokio::time::sleep;
 
 use crate::RAYHUNTER_DAEMON_INIT;
-use crate::connection::{TelnetConnection, install_config, setup_data_directory};
+use crate::connection::{
+    TelnetConnection, install_config, install_wifi_tools, setup_data_directory,
+};
 use crate::orbic_auth::{LoginInfo, LoginRequest, LoginResponse, encode_password};
 use crate::output::{eprintln, print, println};
 use crate::util::{interactive_shell, telnet_send_command, telnet_send_file};
@@ -229,6 +231,15 @@ async fn setup_rayhunter(admin_ip: &str, reset_config: bool, data_dir: &str) ->
     let mut conn = TelnetConnection::new(addr, false);
     setup_data_directory(&mut conn, data_dir).await?;
 
+    // Ensure bin and scripts directories exist under the data dir (via symlink)
+    telnet_send_command(
+        addr,
+        "mkdir -p /data/rayhunter/scripts /data/rayhunter/bin",
+        "exit code 0",
+        false,
+    )
+    .await?;
+
     telnet_send_file(
         addr,
         "/data/rayhunter/rayhunter-daemon",
@@ -237,6 +248,14 @@ async fn setup_rayhunter(admin_ip: &str, reset_config: bool, data_dir: &str) ->
     )
     .await?;
 
+    install_wifi_tools(
+        &mut conn,
+        include_bytes!(env!("FILE_WPA_SUPPLICANT")),
+        include_bytes!(env!("FILE_WPA_CLI")),
+        include_bytes!(env!("FILE_IW")),
+    )
+    .await?;
+
     install_config(&mut conn, "orbic", reset_config).await?;
 
     telnet_send_file(
@@ -254,6 +273,13 @@ async fn setup_rayhunter(admin_ip: &str, reset_config: bool, data_dir: &str) ->
         false,
     )
     .await?;
+    telnet_send_file(
+        addr,
+        "/etc/init.d/S01iptables",
+        include_bytes!("../../dist/scripts/S01iptables"),
+        false,
+    )
+    .await?;
 
     telnet_send_command(
         addr,
@@ -276,6 +302,13 @@ async fn setup_rayhunter(admin_ip: &str, reset_config: bool, data_dir: &str) ->
         false,
     )
     .await?;
+    telnet_send_command(
+        addr,
+        "chmod 755 /etc/init.d/S01iptables",
+        "exit code 0",
+        false,
+    )
+    .await?;
 
     println!("Installation complete. Rebooting device...");
     telnet_send_command(addr, "shutdown -r -t 1 now", "", false)

installer/src/util.rs

@@ -17,6 +17,7 @@ pub async fn telnet_send_command_with_output(
     addr: SocketAddr,
     command: &str,
     wait_for_prompt: bool,
+    command_timeout: Duration,
 ) -> Result<String> {
     if command.contains('\n') {
         bail!("multi-line commands are not allowed");
@@ -41,7 +42,7 @@ pub async fn telnet_send_command_with_output(
     writer.write_all(format!("echo RAYHUNTER_'TELNET'_COMMAND_START; {command}; echo RAYHUNTER_'TELNET'_COMMAND_DONE\r\n").as_bytes()).await?;
 
     let mut read_buf = Vec::new();
-    timeout(Duration::from_secs(10), async {
+    timeout(command_timeout, async {
         while let Ok(byte) = reader.read_u8().await {
             read_buf.push(byte);
 
@@ -57,7 +58,7 @@ pub async fn telnet_send_command_with_output(
         }
     })
     .await
-    .context("command timed out after 10 seconds")?;
+    .with_context(|| format!("command timed out after {}s", command_timeout.as_secs()))?;
     let string = String::from_utf8_lossy(&read_buf);
     let start = string.rfind("RAYHUNTER_TELNET_COMMAND_START");
     let end = string.rfind("RAYHUNTER_TELNET_COMMAND_DONE");
@@ -79,7 +80,9 @@ pub async fn telnet_send_command(
     wait_for_prompt: bool,
 ) -> Result<()> {
     let command = format!("{command}; echo command done, exit code $?");
-    let output = telnet_send_command_with_output(addr, &command, wait_for_prompt).await?;
+    let output =
+        telnet_send_command_with_output(addr, &command, wait_for_prompt, Duration::from_secs(10))
+            .await?;
     if !output.contains(expected_output) {
         bail!("{expected_output:?} not found in: {output}");
     }
@@ -93,6 +96,9 @@ pub async fn telnet_send_file(
     wait_for_prompt: bool,
 ) -> Result<()> {
     print!("Sending file {filename} ... ");
+    // Allow 30s base + 2s per MB for the nc command to complete (covers slow WiFi links)
+    let transfer_timeout =
+        Duration::from_secs(30 + (payload.len() as u64 / (1024 * 1024)).max(1) * 2);
     let nc_output = {
         let filename = filename.to_owned();
         let handle = tokio::spawn(async move {
@@ -100,6 +106,7 @@ pub async fn telnet_send_file(
                 addr,
                 &format!("nc -l -p 8081 2>&1 >{filename}.tmp"),
                 wait_for_prompt,
+                transfer_timeout,
             )
             .await
         });

installer/src/wingtech.rs

@@ -26,6 +26,7 @@ pub async fn install(
     Args {
         admin_ip,
         admin_password,
+        ..
     }: Args,
 ) -> Result<()> {
     wingtech_run_install(admin_ip, admin_password).await