Access The Straits Times Print Edition on Android Tablet for Free

The Straits Times Android tablet app had a bug previously where it allowed free access to premium content – for both the ‘Tablet Edition’ and ‘PDF Edition’. This bug was patched after the app was updated (sometime in Aug 2014, if I am not wrong). That’s the bad news. The good news is that there is another workaround to access the premium content again for free.

Overview of Workaround

The app now checks if you have a valid subscription before you get access to premium content. Once you are authenticated, you get free access to the content. The app authenticates a user by sending HTTP requests to staws.straitstimes.com. If the response from the site indicates a valid subscription, the app allows unrestricted access to the ‘Tablet Edition’ and ‘PDF Edition’ sections of the app.

But there’s a flaw in the subscription logic – the access restriction is only enforced at the app level. The actual content can be accessed without any form of authentication by using a web browser. So, if the app can be fooled into thinking that you have a valid subscription, you will get access to the premium content via the app for free.

What we will need to do is to redirect HTTP requests sent to staws.straitstimes.com using iptables to another web server. This web server has to return a fake HTTP response to the app. This is sufficient to fool the app.

Requirements

We will need to perform a DNAT (Destination Network Address Translation) using iptables. There are two places where you can perform this translation – either on the Wi-Fi router or on a rooted Android tablet that is installed with the Straits Times app.

Not all Wi-Fi routers give you access to iptables. I am using a Asus RT-N66U with Asuswrt-Merlin firmware. I believe most of the routers running on DD-WRT or OpenWRT firmware will work well. If your router does not fit the bill, you will need a rooted Android tablet.

You will also need to run a web server (nginx) either on the Wi-Fi router or on a home PC. To run nginx on the router, it has to support Optware. Do note that not all revisions of DD-WRT firmware support Optware packages. If the router does not support Optware, then you will need to run nginx on your home computer.

To summarise, one of the following requirements must be met:

iptables on Wi-Fi router ; nginx running on Wi-Fi router with Optware support
iptables on Wi-Fi router ; nginx running on PC
iptables on rooted Android tablet ; nginx running on PC

Bypass Subscription

To install nginx on a Wi-Fi router with Optware support, ssh to the router and run the following commands.

$ ssh admin@router
router# opkg update
router# opkg install nginx

$ ssh admin@router

router# opkg update

router# opkg install nginx

If Optware is not supported on the router, then you will need to install nginx on your computer. On Linux, use the package installer, such as apt-get or yum to install nginx. If you are on Windows, download and install the nginx binaries.

# apt-get install nginx

1	# apt-get install nginx

# yum install nginx

1	# yum install nginx

Once nginx has been installed, modify the nginx.conf (under /etc directory) configuration file. Change the listening port from 80 to 8080 and add a new rewrite rule as shown below. Do not make any other changes to the file.

    server {
        # modify listen port from 80 to 8080
        listen       8080;
        ...
        ...	
        # insert a new rewrite rule
        rewrite ^/ldap?$ /ldap.html last;
    }

server {

# modify listen port from 80 to 8080

listen 8080;

...

# insert a new rewrite rule

rewrite ^/ldap?$ /ldap.html last;

}

Sometimes nginx Optware packages are packaged wrongly. The default document root directory and the compiled (--prefix) options are different. For example, nginx will be compiled to look for HTML files under /opt, but the package will install the default files in some other directory. To prevent such issues, define the absolute document root directory as well for nginx. For the example below, I am telling nginx to locate the HTML files under /opt/share/nginx/html.

        location / {
            #root   html;
            root   /opt/share/nginx/html;
            index  index.html index.htm;
        }

location / {

#root html;

root /opt/share/nginx/html;

index index.html index.htm;

}

Next, create a ldap.html file with the following contents.

{"Login Id":"username","Active":"Success","Service":"Success","System Id":"","Concurrent-Config":"","Display Name":"username","User-Password":"Success"}

1	{"Login Id":"username","Active":"Success","Service":"Success","System Id":"","Concurrent-Config":"","Display Name":"username","User-Password":"Success"}

Copy the ldap.html to the document root directory of nginx. For Optware or Linux, this is usually /usr/share/nginx/www or /usr/share/nginx/html or /opt/share/nginx/html. On Windows, copy it to the html sub-directory.

Next, start the nginx process. For Optware enabled Wi-Fi routers, a restart of the router should bring up the nginx process. On Linux, use the init.d script to start the process.

# service nginx start

1	# service nginx start

On Windows, just double click on nginx.exe to start the process.

The next step is to perform a DNAT using iptables. Let’s assume that your Wi-Fi router’s LAN IP address is 192.168.1.1 and the home PC’s IP address is 192.168.1.10.

If you are running iptables from the Wi-Fi router and if the nginx process is also running on the Wi-Fi router, run iptables like this on the Wi-Fi router.

# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.1:8080

1	# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.1:8080

If you are running iptables from the Wi-Fi router and if the nginx process is running on your home PC, run iptables like this on the Wi-Fi router.

# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.10:8080

1	# iptables -t nat -I PREROUTING -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to-destination 192.168.1.10:8080

If you are running iptables from a rooted Android tablet and if the nginx process is running on your home PC, run iptables like this through an adb shell.

$ adb shell
shell@android $ su
root@android # iptables -t nat -I OUTPUT -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to 192.168.1.10:8080

$ adb shell

shell@android $ su

root@android # iptables -t nat -I OUTPUT -p tcp -d staws.straitstimes.com --dport 80 -j DNAT --to 192.168.1.10:8080

You will need to modify the IP address passed to iptables accordingly. The IP address should point to the machine where nginx is running.

Once done, lanuch the app from the Android tablet. Make sure that you are using the Wi-Fi for network connection on your Android tablet before launching the app. When you get a prompt to login, enter some bogus details and you will be logged in.

Final Words

In my opinion, access restriction of any content should always be implemented at the source level; in this case, the site hosting the content should be responsible for access restriction.

Update (24-Aug-2015): This workaround does not work anymore.

Mohamed Ibrahim

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }