lvl4sword / killer Goto Github PK

Would be great to add support for starting with systemctl and documenting it in the README.md.

Create a Vagrantfile with: Windows 7, Windows 10, Ubuntu 16, Ubuntu 18, and Fedora. Any others TBD and can be added as needed. This will make testing much easier since a lot of us don't have access to systems with all of the platforms we want to support, and creating VMs by hand is a pain.

Current Windows test system I have doesn't have Bluetooth, so will need some help on this.

import subprocess
import json
a = subprocess.check_output(["powershell.exe" ,"Get-NetAdapter | select Name, MacAddress, Status |  ConvertTo-Json -Compress"])
b = json.loads(a)
print(b)

is a good beginning to this

No, this project is not dead.

for each in wmi.WMI().Win32_CDROMDrive():
    print(each)

should be a good start for this.

Once Killer has full Linux/Windows/Mac support, I'd like to get this formally packaged so others may pip install it.

Add automated testing of all commits on all supported platforms. We can do this with the traditional TravisCI + Appveyor, or go with Azure Pipelines.

USB Kill ( https://usbkill.com/ - not afilliated ) is something that charges from the USB port and sends this electricity back into the port.

lsusb -v will show you Per-port overcurrent protection if a port can prevent this.
But having had not done any testing whatsoever with a system that has this, no clue if this type of detection can be trusted.

Testing will need to be done and it would need to happen on a system that could potentially be destroyed.
So, not any time soon unless someone wants to donate.

Much like #52 , but applied to Bluetooth.

On Linux, we could take advantage of udev and avoid polling for changes.

It just throws the python error message, which is confusing for non-pythondevs :)

Considering it's just a bunch of Python variables, this should be easy enough.

Shout out to Chris Dent from https://www.experts-exchange.com/questions/27513069/powershell-command-to-identify-the-usb-device-id-based-upon-drive-letter-or-volume-name.html for the original script.

Get-WmiObject Win32_LogicalDisk -Filter 'DriveType=2' | ForEach-Object {
    $_ | Select-Object VolumeSerialNumber
}

This will get all VolumeSerialNumber of USB devices ( dictated by the filter DriveType=2 )

Only issue is that this takes about 3.5 seconds to run on a Windows 10, 1.8GHz i3 3rd gen CPU, 4GB RAM. May have to set the default time for USB checks to around 5 seconds for Windows because of this..

Killer is only supported on Linux. If you're using something else, you're on your own.

Is Mac support in the works?

I'd be glad to be a tester.

Let me know,
Thanks.

xrandr | grep ' connected' | grep 'HDMI'
or
cat /sys/class/drm/card0/*HDMI*/status
taken from https://stackoverflow.com/a/47964800

import wmi

for x in wmi.WMI().Win32_NetworkAdapter():
    if x.NetConnectionStatus is not None:
        print(x.MACAddress)
        print(x.NetConnectionStatus)

Is a pretty good fix for this.

The current Windows installation story is non-standard for a typical Windows user. We should instead distribute it as either a stand-alone executable or a installer. The advantage of an installer is we can install a persistent background Service that the user can toggle on/off, which reduces user disruption (there's no terminal window open). The advantage of a plain exe is it's easy to run and very portable. We could also do both.

Implementation of the exe will be done with PyInstaller and installer with pynsist.

The current flow is:

1. Download the right version of Python from python.org
2. Install Python (and pray the default options work)
3. Open a terminal
4. pip install Killer (and hope they read the docs properly and use --user
5. open terminal as Administrator and run killer (and hope it got put on the path)

Goal for standalone exe:

1. Download killer_portable.exe from GitHub releases (eventually linked from github.io page)
2. Run killer_portable.exe (and request admin rights with UAC when run)

Goal for installer:

1. Download killer_installer.exe from GitHub releases (eventually linked from github.io page)
2. Install killer_installer.exe (and request admin rights with UAC when run)
3. Click "Enable Killer" and "Disable Killer" in start menu, "Configure Killer" to edit the configuration file (open it in Notepad++), and "Killer help" which hyperlinks to docs (GitHub wiki?).

If pkgutil.get_data('killer', 'killer_config.json') fails, the program will error out.

Killer is useless on a system that isn't encrypted. So, this should be checked.

import subprocess

physical_volumes = subprocess.check_output(['pvs', '-o', 'pv_name']).decode().split('\n')[1:-1]
for physical_volume in physical_volumes:
    physical_volume = physical_volume.strip()
    cryptsetup_status = subprocess.check_output(['cryptsetup', 'status', physical_volume]).decode().split('\n')
    _, type = cryptsetup_status[1].split()
    if type == 'LUKS2':
        print(f'{physical_volume} is encrypted with LUKS!')

the above is a great first step. Will need to do verification/checks on external drives that are encrypted, though.
Looks like it works just fine on an external drive connected via USB, as the external doesn't show up.
But am unsure ( and can't test ) on two or more internal drives that are encrypted.

NSA "COTTONMOUTH" cords ( https://upload.wikimedia.org/wikipedia/commons/8/85/NSA_COTTONMOUTH-I.jpg ) and things like it ( https://shop.hak5.org/collections/mischief-gadgets/products/o-mg-cable , not affiliated ) are within the scope of Killer.

Curious of how to detect these things.

Right now there's a lot that needs to be manually done.
Currently on first run the user needs to:

1. Run debug
2. Manually input what was displayed into the configuration file
3. Hope they didn't get it wrong because otherwise the system is shutting off

This should be far more smoother than it is now.

import subprocess
import re
a = re.compile(r'\bID \S+ (.+)')
b = re.findall(a, subprocess.check_output('lsusb', shell=False).decode('utf-8'))
print([each.strip() for each in b])

Would like to follow more than device ids and this is a good start.

Better explain what Killer does/is.
(Un)plugging devices, whitelists, USB connected whitelist, etc

I've decided to stop supporting Windows. I've spent nearly 2 years trying to find out a speedy way of handling the Bluetooth/CD tray issues and it's just not worth it to me.

If you find a way to support both of these, @ me.

This issue will be closed when everything with Windows is torn out.

Need to look into what differentiates a connected/disconnected battery within Win32_Battery

pacmd list-cards seems to show
analog-output-headphones: Headphones (priority 9000, latency offset 0 usec, available: yes)
when the headphones are plugged in, and
analog-output-headphones: Headphones (priority 9000, latency offset 0 usec, available: no)
when unplugged.

Applies to Debian 9 ( Stretch )

Maybe this?
https://unix.stackexchange.com/questions/25776/detecting-headphone-connection-disconnection-in-linux

Shamelessly stolen from @PowerPress via github/usbkill:
Have the app monitor the decibels coming from the microphone and let the user set a threshold. If the threshold is passed shut down the PC. Example being prevented from touching your PC but by screaming or a loud noise would trigger the shutdown allowing a hands free system.

Would be nice to be able to check if a device includes HID/network device features, and approach accordingly.

Lists are not parsed properly. There is no concept of a list in configparser. The canonical way of having lists is to delimit the elements and then split the string by the delimiter when parsing.

Also, the default config is missing some keys for windows. Namely USB_ID_WHITELIST and USB_CONNECTED_WHITELIST.

This would be a nice addition to PureOS from Purism, which is based on Debian, so it can be integrated for the Librem 5 for example.

It would be nice to have this. Though, considering I don't have a system that supports it, this is going to be a while.

Spoofing is an issue, how do we deal with this?

libusb works basically everywhere and provides a single interface to list and interact with usb devices.

NFC is very short range so by adding NFC support you could wear and NFC ring or bracelet and once you get about a foot away it will lose connection making it a great way to shutdown the pc.

Continuation of guardianproject/haven#390

Someone could easily connect a device that has the same Vendor/Product IDs as a device already connected, as this isn't checked. This should be checked and shutdown if detected/attempted.

Realistically you're not going to have two devices with the same Product/Vendor IDs ( please present proof to the contrary ).

import ctypes
from ctypes import wintypes

class SYSTEM_POWER_STATUS(ctypes.Structure):
    _fields_ = [
        ('ACLineStatus', ctypes.c_ubyte),
        ('BatteryFlag', ctypes.c_ubyte),
    ]

SYSTEM_POWER_STATUS_P = ctypes.POINTER(SYSTEM_POWER_STATUS)

GetSystemPowerStatus = ctypes.windll.kernel32.GetSystemPowerStatus
GetSystemPowerStatus.argtypes = [SYSTEM_POWER_STATUS_P]
GetSystemPowerStatus.restype = wintypes.BOOL

status = SYSTEM_POWER_STATUS()
if not GetSystemPowerStatus(ctypes.pointer(status)):
    raise ctypes.WinError()
else:
    print('ACLineStatus', status.ACLineStatus)
    print('BatteryFlag', status.BatteryFlag)

Pulled from https://stackoverflow.com/questions/6153860/in-python-how-can-i-detect-whether-the-computer-is-on-battery-power#6156606 and using ctypes.c_ubyte rather than BYTE.

From https://docs.microsoft.com/en-us/windows/desktop/api/winbase/ns-winbase-_system_power_status the following are valid for the battery being present: [0, 1, 2, 4, 8, 9, 10, 12] , while 128 is if a battery cannot be detected.

Here is another project to get inspiration from https://gitlab.com/shutsentry/shutsentry

WMI doesn't seem to provide this, so am shelving this until a way can be found.

Shamelessly stolen from @HulaHoopWhonix via github/usbkill:
I don't know if custom commands are supported but nuking cryptsetup keyslots would be a good option.

These are far too slow to use in any level of production.

Will fill this out tomorrow eventually.

Yes, I know the package is currently not working.
I'll leave this up and just change the label whenever something has been broken.
Fixed

Due to the following code, located at https://github.com/Lvl4Sword/Killer/blob/main/killer/posix/power.py#L68

def _get_property(device_path: Union[Path, str], property_name: str) -> str:
    """Gets the given property for a device."""
    with open(str(Path(device_path, property_name))) as file:
        return file.readline().strip()

online/present will return as a string, and thus bool() will count them as True regardless.
This issue is being created for transparency sake, and to inform that it's known and will be fixed in the new branch.

Should probably have logging.