The Straits Times Android tablet app had a bug previously where it allowed free access to premium content – for both the ‘Tablet Edition’ and ‘PDF Edition’. This bug was patched after the app was updated (sometime in Aug 2014, if I am not wrong). That’s the bad news. The good news is that there is another workaround to access the premium content again for free.
Overview of Workaround
The app now checks if you have a valid subscription before you get access to premium content. Once you are authenticated, you get free access to the content. The app authenticates a user by sending HTTP requests to staws.straitstimes.com
. If the response from the site indicates a valid subscription, the app allows unrestricted access to the ‘Tablet Edition’ and ‘PDF Edition’ sections of the app.
But there’s a flaw in the subscription logic – the access restriction is only enforced at the app level. The actual content can be accessed without any form of authentication by using a web browser. So, if the app can be fooled into thinking that you have a valid subscription, you will get access to the premium content via the app for free.
What we will need to do is to redirect HTTP requests sent to staws.straitstimes.com
using iptables
to another web server. This web server has to return a fake HTTP response to the app. This is sufficient to fool the app.
Requirements
We will need to perform a DNAT (Destination Network Address Translation) using iptables
. There are two places where you can perform this translation – either on the Wi-Fi router or on a rooted Android tablet that is installed with the Straits Times app.
Not all Wi-Fi routers give you access to iptables
. I am using a Asus RT-N66U with Asuswrt-Merlin firmware. I believe most of the routers running on DD-WRT or OpenWRT firmware will work well. If your router does not fit the bill, you will need a rooted Android tablet.
You will also need to run a web server (nginx
) either on the Wi-Fi router or on a home PC. To run nginx
on the router, it has to support Optware
. Do note that not all revisions of DD-WRT firmware support Optware
packages. If the router does not support Optware
, then you will need to run nginx
on your home computer.
To summarise, one of the following requirements must be met:
iptables
on Wi-Fi router ;nginx
running on Wi-Fi router withOptware
supportiptables
on Wi-Fi router ;nginx
running on PCiptables
on rooted Android tablet ;nginx
running on PC
Bypass Subscription
To install nginx
on a Wi-Fi router with Optware
support, ssh to the router and run the following commands.
1 2 3 |
$ ssh admin@router router# opkg update router# opkg install nginx |
If Optware
is not supported on the router, then you will need to install nginx
on your computer. On Linux, use the package installer, such as apt-get
or yum
to install nginx
. If you are on Windows, download and install the nginx
binaries.
1 |
# apt-get install nginx |
1 |
# yum install nginx |
Once nginx
has been installed, modify the nginx.conf
(under /etc
directory) configuration file. Change the listening port from 80 to 8080 and add a new rewrite rule as shown below. Do not make any other changes to the file.
1 2 3 4 5 6 7 8 |
server { # modify listen port from 80 to 8080 listen 8080; ... ... # insert a new rewrite rule rewrite ^/ldap?$ /ldap.html last; } |
Sometimes nginx
Optware packages are packaged wrongly. The default document root directory and the compiled (--prefix
) options are different. For example, nginx
will be compiled to look for HTML files under /opt
, but the package will install the default files in some other directory. To prevent such issues, define the absolute document root directory as well for nginx
. For the example below, I am telling nginx
to locate the HTML files under /opt/share/nginx/html
.
1 2 3 4 5 |
location / { #root html; root /opt/share/nginx/html; index index.html index.htm; } |
Next, create a ldap.html
file with the following contents.
1 |
{"Login Id":"username","Active":"Success","Service":"Success","System Id":"","Concurrent-Config":"","Display Name":"username","User-Password":"Success"} |
Copy the ldap.html
to the document root directory of nginx
. For Optware
or Linux, this is usually /usr/share/nginx/www
or /usr/share/nginx/html
or /opt/share/nginx/html
. On Windows, copy it to the html
sub-directory.
Next, start the nginx
process. For Optware enabled Wi-Fi routers, a restart of the router should bring up the nginx
process. On Linux, use the init.d
script to start the process.
1 |
# service nginx start |
On Windows, just double click on nginx.exe
to start the process.
The next step is to perform a DNAT using iptables
. Let’s assume that your Wi-Fi router’s LAN IP address is 192.168.1.1
and the home PC’s IP address is 192.168.1.10
.
If you are running iptables
from the Wi-Fi router and if the nginx
process is also running on the Wi-Fi router, run iptables
like this on the Wi-Fi router.
1 |
# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.1:8080 |
If you are running iptables
from the Wi-Fi router and if the nginx
process is running on your home PC, run iptables
like this on the Wi-Fi router.
1 |
# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.10:8080 |
If you are running iptables
from a rooted Android tablet and if the nginx
process is running on your home PC, run iptables
like this through an adb shell.
1 2 3 |
$ adb shell shell@android $ su root@android # iptables -t nat -I OUTPUT -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to 192.168.1.10:8080 |
You will need to modify the IP address passed to iptables
accordingly. The IP address should point to the machine where nginx
is running.
Once done, lanuch the app from the Android tablet. Make sure that you are using the Wi-Fi for network connection on your Android tablet before launching the app. When you get a prompt to login, enter some bogus details and you will be logged in.
Final Words
In my opinion, access restriction of any content should always be implemented at the source level; in this case, the site hosting the content should be responsible for access restriction.
Update (24-Aug-2015): This workaround does not work anymore.
Related: How to Download The Straits Times Print Edition in PDF for Free.
Related: How to Download The Business Times Print Edition in PDF for Free