Merge pull request #845 from dadav/develop

ready to merge

.editorconfig

@@ -1,7 +1,31 @@
-# top-most EditorConfig file
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
 root = true
 
-# Matches the exact files either package.json or .travis.yml
-[{*.yml,*.yaml,config.yml,defaults.yml}]
+[*]
 indent_style = space
 indent_size = 2
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[Makefile]
+indent_style = tab
+
+[*.py]
+indent_style = space
+indent_size = 4
+
+[*.json]
+insert_final_newline = ignore
+
+[*.js]
+indent_style = ignore
+insert_final_newline = ignore
+
+[*.{md,txt}]
+indent_size = 4
+trim_trailing_whitespace = false

bin/pwnagotchi

@@ -2,20 +2,14 @@
 import logging
 import argparse
 import time
-import yaml
 import signal
 import sys
 import toml
 
 import pwnagotchi
-from pwnagotchi import grid
 from pwnagotchi import utils
-from pwnagotchi import plugins
+from pwnagotchi.plugins import cmd as plugins_cmd
 from pwnagotchi import log
-from pwnagotchi.identity import KeyPair
-from pwnagotchi.agent import Agent
-from pwnagotchi.ui import fonts
-from pwnagotchi.ui.display import Display
 from pwnagotchi import restart
 from pwnagotchi import fs
 from pwnagotchi.utils import DottedTomlEncoder
@@ -89,11 +83,12 @@ def do_auto_mode(agent):
                 plugins.on('internet_available', agent)
 
         except Exception as e:
-            logging.exception("main loop exception")
+            logging.exception("main loop exception (%s)", e)
 
 
 if __name__ == '__main__':
     parser = argparse.ArgumentParser()
+    parser = plugins_cmd.add_parsers(parser)
 
     parser.add_argument('-C', '--config', action='store', dest='config', default='/etc/pwnagotchi/default.toml',
                         help='Main configuration file.')
@@ -118,15 +113,30 @@ if __name__ == '__main__':
 
     args = parser.parse_args()
 
+
+    if plugins_cmd.used_plugin_cmd(args):
+      config = utils.load_config(args)
+      log.setup_logging(args, config)
+      rc = plugins_cmd.handle_cmd(args, config)
+      sys.exit(rc)
+
     if args.version:
         print(pwnagotchi.__version__)
         sys.exit(0)
 
     config = utils.load_config(args)
+
     if args.print_config:
         print(toml.dumps(config, encoder=DottedTomlEncoder()))
         sys.exit(0)
 
+    from pwnagotchi.identity import KeyPair
+    from pwnagotchi.agent import Agent
+    from pwnagotchi.ui import fonts
+    from pwnagotchi.ui.display import Display
+    from pwnagotchi import grid
+    from pwnagotchi import plugins
+
     pwnagotchi.config = config
     fs.setup_mounts(config)
     log.setup_logging(args, config)

builder/data/usr/bin/bettercap-launcher

@@ -1,6 +1,14 @@
 #!/usr/bin/env bash
 source /usr/bin/pwnlib
 
+# we need to decrypt something
+if is_crypted_mode; then
+  while ! is_decrypted; do
+    echo "Waiting for decryption..."
+    sleep 1
+  done
+fi
+
 # start mon0
 start_monitor_interface
 

builder/data/usr/bin/decryption-webserver

@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+
+from http.server import HTTPServer, BaseHTTPRequestHandler
+
+
+HTML_FORM = """
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Decryption</title>
+  <style>
+    body { text-align: center; padding: 150px; }
+    h1 { font-size: 50px; }
+    body { font: 20px Helvetica, sans-serif; color: #333; }
+    article { display: block; text-align: center; width: 650px; margin: 0 auto;}
+    input {
+      padding: 12px 20px;
+      margin: 8px 0;
+      box-sizing: border-box;
+      border: 1px solid #ccc;
+    }
+    input[type=password] {
+      width: 75%;
+      font-size: 24px;
+    }
+    input[type=submit] {
+      cursor: pointer;
+      width: 75%;
+    }
+    input[type=submit]:hover {
+      background-color: #d9d9d9;
+    }
+  </style>
+</head>
+<body>
+  <article>
+      <h1>Decryption</h1>
+      <p>Some of your files are encrypted.</p>
+      <p>Please provide the decryption password.</p>
+      <div>
+        <form action="/set-password" method="POST">
+          <input type="password" id="password" name="password" value=""><br>
+          <input type="submit" value="Submit">
+        </form>
+      </div>
+  </article>
+</body>
+</html>
+"""
+
+
+class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
+
+    def do_GET(self):
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write(HTML_FORM.encode())
+
+    def do_POST(self):
+        content_length = int(self.headers['Content-Length'])
+        body = self.rfile.read(content_length)
+        self.send_response(200)
+        self.end_headers()
+        password = body.decode('UTF-8').split('=')[1]
+
+        with open('/tmp/.pwnagotchi-secret', 'wt') as pwfile:
+          pwfile.write(password)
+
+
+httpd = HTTPServer(('0.0.0.0', 80), SimpleHTTPRequestHandler)
+httpd.serve_forever()

builder/data/usr/bin/pwnagotchi-launcher

@@ -1,11 +1,19 @@
 #!/usr/bin/env bash
 source /usr/bin/pwnlib
 
+# we need to decrypt something
+if is_crypted_mode; then
+  while ! is_decrypted; do
+    echo "Waiting for decryption..."
+    sleep 1
+  done
+fi
+
 # blink 10 times to signal ready state
 blink_led 10 &
 
 if is_auto_mode; then
   /usr/local/bin/pwnagotchi
 else
   /usr/local/bin/pwnagotchi --manual
-fi
+fi

builder/data/usr/bin/pwnlib

@@ -84,4 +84,80 @@ is_auto_mode_no_delete() {
 
   # no override, but none of the interfaces is up -> AUTO
   return 0
-}
+}
+
+# check if we need to decrypt something
+is_crypted_mode() {
+  if [ -f /root/.pwnagotchi-crypted ]; then
+    return 0
+  fi
+  return 1
+}
+
+# decryption loop
+is_decrypted() {
+  while read -r mapping container mount; do
+    # mapping   = name the device or file will be mapped to
+    # container = the luks encrypted device or file
+    # mount     = the mountpoint
+
+    # fail if not mounted
+    if ! mountpoint -q "$mount" >/dev/null 2>&1; then
+      if [ -f /tmp/.pwnagotchi-secret ]; then
+        </tmp/.pwnagotchi-secret read -r SECRET
+        if ! test -b /dev/disk/by-id/dm-uuid-*"$(cryptsetup luksUUID "$container" | tr -d -)"*; then
+          if echo -n "$SECRET" | cryptsetup luksOpen -d- "$container" "$mapping" >/dev/null 2>&1; then
+            echo "Container decrypted!"
+
+          fi
+        fi
+
+        if mount /dev/mapper/"$mapping" "$mount" >/dev/null 2>&1; then
+            echo "Mounted /dev/mapper/$mapping to $mount"
+            continue
+        fi
+      fi
+
+      if ! ip -4 addr show wlan0 | grep inet >/dev/null 2>&1; then
+        >/dev/null 2>&1 ip addr add 192.168.0.10/24 dev wlan0
+      fi
+
+      if ! pgrep -f decryption-webserver >/dev/null 2>&1; then
+        >/dev/null 2>&1 decryption-webserver &
+      fi
+
+      if ! pgrep wpa_supplicant >/dev/null 2>&1; then
+        >/tmp/wpa_supplicant.conf cat <<EOF
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
+update_config=1
+ap_scan=2
+
+network={
+    ssid="DECRYPT-ME"
+    mode=2
+    key_mgmt=WPA-PSK
+    psk="pwnagotchi"
+    frequency=2437
+}
+EOF
+        >/dev/null 2>&1 wpa_supplicant -D nl80211 -i wlan0 -c /tmp/wpa_supplicant.conf &
+      fi
+
+      if ! pgrep dnsmasq >/dev/null 2>&1; then
+        >/dev/null 2>&1 dnsmasq -k -p 53 -h -O "6,192.168.0.10" -A "/#/192.168.0.10" -i wlan0 -K -F 192.168.0.50,192.168.0.60,255.255.255.0,24h &
+      fi
+
+      return 1
+    fi
+  done </root/.pwnagotchi-crypted
+
+  # overwrite password
+  >/tmp/.pwnagotchi-secret python3 -c 'print("A"*4096)'
+  sync # flush
+
+  pkill wpa_supplicant
+  pkill dnsmasq
+  kill "$(pgrep -f "decryption-webserver")"
+
+  return 0
+}

builder/pwnagotchi.yml

@@ -101,10 +101,8 @@
           - bc
           - fonts-freefont-ttf
           - fbi
-          - python3-flask
-          - python3-flask-cors
-          - python3-flaskext.wtf
           - fonts-ipaexfont-gothic
+          - cryptsetup
 
   tasks:
   - name: change hostname
@@ -218,6 +216,16 @@
       dest: /usr/local/src/pwnagotchi
     register: pwnagotchigit
 
+  - name: create /usr/local/share/pwnagotchi/ folder
+    file:
+      path: /usr/local/share/pwnagotchi/
+      state: directory
+
+  - name: clone pwnagotchi plugins repository
+    git:
+      repo: https://github.com/evilsocket/pwnagotchi-plugins-contrib.git
+      dest: /usr/local/share/pwnagotchi/availaible-plugins
+
   - name: fetch pwnagotchi version
     set_fact:
       pwnagotchi_version: "{{ lookup('file', '/usr/local/src/pwnagotchi/pwnagotchi/_version.py') | regex_replace('.*__version__.*=.*''([0-9]+\\.[0-9]+\\.[0-9]+[A-Za-z0-9]*)''.*', '\\1') }}"

pwnagotchi/__init__.py

@@ -3,10 +3,8 @@
 import time
 import re
 
-import pwnagotchi.ui.view as view
-import pwnagotchi
 
-from pwnagotchi import fs
+
 from pwnagotchi._version import __version__
 
 _name = None
@@ -110,10 +108,13 @@ def temperature(celsius=True):
 def shutdown():
     logging.warning("syncing...")
 
+    from pwnagotchi import fs
     for m in fs.mounts:
         m.sync()
 
     logging.warning("shutting down ...")
+
+    from pwnagotchi.ui import view
     if view.ROOT:
         view.ROOT.on_shutdown()
         # give it some time to refresh the ui
@@ -141,6 +142,7 @@ def reboot(mode=None):
     else:
         logging.warning("rebooting ...")
 
+    from pwnagotchi.ui import view
     if view.ROOT:
         view.ROOT.on_rebooting()
         # give it some time to refresh the ui

pwnagotchi/_version.py

@@ -1 +1 @@
-__version__ = '1.4.3'
+__version__ = '1.5.0'