From 51c76ff4e020c7fb8adf13d572175e5a1e185563 Mon Sep 17 00:00:00 2001
From: arul <arulbalaji00@tutamail.com>
Date: Tue, 14 Oct 2025 13:30:42 +0530
Subject: [PATCH] bash scripts that helps you to setup the hotspot for
 raspberry pi

---
 README.md                 |   0
 patch-hostapd             |   3 +
 setup-rpi-hotspot         | 161 ++++++++++++++++++++++++++++++++++++++
 setup-systemd-rpi-hostapd |  34 ++++++++
 4 files changed, 198 insertions(+)
 create mode 100644 README.md
 create mode 100755 patch-hostapd
 create mode 100755 setup-rpi-hotspot
 create mode 100755 setup-systemd-rpi-hostapd

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/patch-hostapd b/patch-hostapd
new file mode 100755
index 0000000..7d6553c
--- /dev/null
+++ b/patch-hostapd
@@ -0,0 +1,3 @@
+sudo sed -i 's/^wpa_passphrase=.*/wpa_passphrase=pipass123/' /etc/hostapd/hostapd.conf
+sudo systemctl restart hostapd
+
diff --git a/setup-rpi-hotspot b/setup-rpi-hotspot
new file mode 100755
index 0000000..bbf2802
--- /dev/null
+++ b/setup-rpi-hotspot
@@ -0,0 +1,161 @@
+#!/bin/bash
+# setup_hotspot_fixed.sh
+# Full hotspot setup for Parrot RPi — handles special chars in password (escapes backslashes and #),
+# saves iptables persistently, and enables hostapd/dnsmasq at boot.
+set -euo pipefail
+
+# ---------------- User-configurable ----------------
+AP_IF="wlan0"
+WAN_IF="wlan1"
+AP_ADDR="10.0.0.1/24"
+SSID="HackBox"
+# put your exact passphrase here (can contain $, #, %, @, spaces, etc.)
+PASS='pipass123'
+DHCP_RANGE="10.0.0.10,10.0.0.100,12h"
+# --------------------------------------------------
+
+echo "[+] Starting hotspot setup (fixed) ..."
+
+# Install required packages
+echo "[+] Installing packages (hostapd dnsmasq iptables-persistent) ..."
+export DEBIAN_FRONTEND=noninteractive
+apt update
+apt install -y hostapd dnsmasq iptables-persistent || true
+
+# Stop services while we configure
+echo "[+] Stopping hostapd/dnsmasq temporarily ..."
+systemctl stop hostapd 2>/dev/null || true
+systemctl stop dnsmasq 2>/dev/null || true
+
+# Backup existing configs
+echo "[+] Backing up existing configs (if present) ..."
+mkdir -p /root/hotspot-backups
+timestamp=$(date +%s)
+[ -f /etc/hostapd/hostapd.conf ] && cp /etc/hostapd/hostapd.conf /root/hotspot-backups/hostapd.conf.bak.$timestamp || true
+[ -f /etc/dnsmasq.conf ] && cp /etc/dnsmasq.conf /root/hotspot-backups/dnsmasq.conf.bak.$timestamp || true
+[ -f /etc/dhcpcd.conf ] && cp /etc/dhcpcd.conf /root/hotspot-backups/dhcpcd.conf.bak.$timestamp || true
+[ -f /etc/iptables/rules.v4 ] && cp /etc/iptables/rules.v4 /root/hotspot-backups/rules.v4.bak.$timestamp || true
+
+# Configure static IP for AP interface using dhcpcd (ensure dhcpcd installed)
+if ! command -v dhcpcd >/dev/null 2>&1; then
+  echo "[+] dhcpcd not found; installing dhcpcd5 ..."
+  apt install -y dhcpcd5 || true
+  systemctl enable --now dhcpcd || true
+fi
+
+echo "[+] Writing /etc/dhcpcd.conf for $AP_IF ..."
+# Keep other dhcpcd settings (append block). If file already contains an interface block for AP_IF, replace it.
+# Remove any old interface block for AP_IF first
+sudo awk -v ifname="$AP_IF" '
+  BEGIN {skip=0}
+  /^interface / { if ($2==ifname) { skip=1; next } }
+  /^$/ { if (skip==1) { skip=0; next } }
+  { if (skip==0) print }
+' /etc/dhcpcd.conf > /tmp/dhcpcd.conf.clean || cp /etc/dhcpcd.conf /tmp/dhcpcd.conf.clean
+cat > /etc/dhcpcd.conf <<EOF
+$(cat /tmp/dhcpcd.conf.clean)
+
+interface $AP_IF
+    static ip_address=${AP_ADDR}
+    nohook wpa_supplicant
+EOF
+rm -f /tmp/dhcpcd.conf.clean
+systemctl restart dhcpcd || true
+
+# Configure dnsmasq (simple)
+echo "[+] Writing /etc/dnsmasq.conf ..."
+mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig.$timestamp 2>/dev/null || true
+cat > /etc/dnsmasq.conf <<EOF
+interface=$AP_IF
+dhcp-range=$DHCP_RANGE
+domain-needed
+bogus-priv
+EOF
+
+# Prepare SAFE_PASS for hostapd:
+# - escape backslashes first (so a single backslash becomes two backslashes)
+# - escape '#' so it won't start a comment in hostapd conf
+# Other characters (%, @, $, spaces, etc.) are fine.
+echo "[+] Escaping passphrase for hostapd ..."
+SAFE_PASS=$(printf '%s' "$PASS" | sed -e 's/\\/\\\\/g' -e 's/#/\\#/g')
+
+# Write hostapd config (wpa_passphrase without surrounding quotes and with escaped chars)
+echo "[+] Writing /etc/hostapd/hostapd.conf ..."
+mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig.$timestamp 2>/dev/null || true
+cat > /etc/hostapd/hostapd.conf <<EOF
+interface=$AP_IF
+driver=nl80211
+ssid=$SSID
+hw_mode=g
+channel=6
+wmm_enabled=0
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wpa=2
+wpa_passphrase=$SAFE_PASS
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+EOF
+
+# Ensure hostapd default points to our config
+if grep -q '^DAEMON_CONF=' /etc/default/hostapd 2>/dev/null; then
+  sed -i "s|^DAEMON_CONF=.*|DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"|" /etc/default/hostapd
+else
+  echo 'DAEMON_CONF="/etc/hostapd/hostapd.conf"' >> /etc/default/hostapd
+fi
+
+# Enable IP forwarding
+echo "[+] Enabling IP forwarding (sysctl) ..."
+if ! grep -q '^net.ipv4.ip_forward=1' /etc/sysctl.conf 2>/dev/null; then
+  sed -i 's/^#*\s*net.ipv4.ip_forward=.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf || echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+fi
+sysctl -w net.ipv4.ip_forward=1 >/dev/null || true
+
+# Apply iptables rules (idempotent-ish: remove duplicates if necessary)
+echo "[+] Applying iptables NAT/forward rules ..."
+# remove any identical rules first (to avoid duplicates)
+iptables -t nat -C POSTROUTING -o "$WAN_IF" -j MASQUERADE 2>/dev/null || true
+if ! iptables -t nat -C POSTROUTING -o "$WAN_IF" -j MASQUERADE 2>/dev/null; then
+  iptables -t nat -A POSTROUTING -o "$WAN_IF" -j MASQUERADE
+fi
+
+iptables -C FORWARD -i "$WAN_IF" -o "$AP_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
+  iptables -A FORWARD -i "$WAN_IF" -o "$AP_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+iptables -C FORWARD -i "$AP_IF" -o "$WAN_IF" -j ACCEPT 2>/dev/null || \
+  iptables -A FORWARD -i "$AP_IF" -o "$WAN_IF" -j ACCEPT
+
+# Save iptables persistently
+echo "[+] Saving iptables rules via netfilter-persistent (iptables-persistent)..."
+netfilter-persistent save || iptables-save > /etc/iptables/rules.v4 || true
+
+# Enable hostapd/dnsmasq
+echo "[+] Enabling hostapd and dnsmasq at boot ..."
+systemctl unmask hostapd 2>/dev/null || true
+systemctl enable hostapd
+systemctl enable dnsmasq
+
+# Start services now
+echo "[+] Starting hostapd and dnsmasq ..."
+systemctl restart hostapd || systemctl start hostapd || true
+systemctl restart dnsmasq || systemctl start dnsmasq || true
+
+# Small final checks
+echo
+echo "=== SETUP FINISHED ==="
+echo "SSID: $SSID"
+echo "Password (raw): $PASS"
+echo "AP IP: ${AP_ADDR%/*}  (ssh user@${AP_ADDR%/*})"
+echo
+echo "[*] AP interface info (iw):"
+iw dev "$AP_IF" info || true
+echo
+echo "[*] IPTABLES NAT rules (nat POSTROUTING):"
+iptables -t nat -L POSTROUTING -n -v || true
+echo
+echo "[*] If clients fail to connect: FORGET the HackBox network on the client and retry typing the password."
+echo "[*] To watch hostapd auth logs live: sudo journalctl -u hostapd -f"
+echo
+echo "Backups written to /root/hotspot-backups/ (timestamp $timestamp)"
+
diff --git a/setup-systemd-rpi-hostapd b/setup-systemd-rpi-hostapd
new file mode 100755
index 0000000..d348b3c
--- /dev/null
+++ b/setup-systemd-rpi-hostapd
@@ -0,0 +1,34 @@
+# move scripts into place (if not already)
+sudo mv ~/setup-rpi-hotspot /usr/local/bin/setup-rpi-hotspot
+sudo mv ~/patch-hostapd /usr/local/bin/patch-hostapd
+
+# make sure they are executable and do not contain sudo (systemd runs as root)
+sudo chmod +x /usr/local/bin/setup-rpi-hotspot /usr/local/bin/patch-hostapd
+
+# write the unit file
+sudo tee /etc/systemd/system/hotspot-chained.service > /dev/null <<'EOF'
+[Unit]
+Description=Raspberry Pi Hotspot Setup (setup-rpi-hotspot → patch-hostapd)
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+StandardOutput=journal
+StandardError=journal
+RemainAfterExit=yes
+TimeoutStartSec=120
+ExecStart=/bin/bash -lc '/usr/local/bin/setup-rpi-hotspot && sleep 2 && /usr/local/bin/patch-hostapd'
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# reload systemd and enable/start
+sudo systemctl daemon-reload
+sudo systemctl enable --now hotspot-chained.service
+
+# check status/logs
+sudo systemctl status hotspot-chained.service --no-pager
+sudo journalctl -u hotspot-chained.service -n 200 --no-pager
+