lvl4sword / killer Goto Github PK
View Code? Open in Web Editor NEW๐ช System tamper detector for USB, Bluetooth, AC, Battery, Disk Tray, and Ethernet.
Home Page: https://pypi.org/project/killer/
License: GNU Affero General Public License v3.0
๐ช System tamper detector for USB, Bluetooth, AC, Battery, Disk Tray, and Ethernet.
Home Page: https://pypi.org/project/killer/
License: GNU Affero General Public License v3.0
Would be great to add support for starting with systemctl and documenting it in the README.md
.
Create a Vagrantfile with: Windows 7, Windows 10, Ubuntu 16, Ubuntu 18, and Fedora. Any others TBD and can be added as needed. This will make testing much easier since a lot of us don't have access to systems with all of the platforms we want to support, and creating VMs by hand is a pain.
Current Windows test system I have doesn't have Bluetooth, so will need some help on this.
import subprocess
import json
a = subprocess.check_output(["powershell.exe" ,"Get-NetAdapter | select Name, MacAddress, Status | ConvertTo-Json -Compress"])
b = json.loads(a)
print(b)
is a good beginning to this
No, this project is not dead.
for each in wmi.WMI().Win32_CDROMDrive():
print(each)
should be a good start for this.
Once Killer has full Linux/Windows/Mac support, I'd like to get this formally packaged so others may pip install it.
Add automated testing of all commits on all supported platforms. We can do this with the traditional TravisCI + Appveyor, or go with Azure Pipelines.
USB Kill ( https://usbkill.com/ - not afilliated ) is something that charges from the USB port and sends this electricity back into the port.
lsusb -v
will show you Per-port overcurrent protection
if a port can prevent this.
But having had not done any testing whatsoever with a system that has this, no clue if this type of detection can be trusted.
Testing will need to be done and it would need to happen on a system that could potentially be destroyed.
So, not any time soon unless someone wants to donate.
Much like #52 , but applied to Bluetooth.
On Linux, we could take advantage of udev and avoid polling for changes.
It just throws the python error message, which is confusing for non-pythondevs :)
Considering it's just a bunch of Python variables, this should be easy enough.
Shout out to Chris Dent from https://www.experts-exchange.com/questions/27513069/powershell-command-to-identify-the-usb-device-id-based-upon-drive-letter-or-volume-name.html for the original script.
Get-WmiObject Win32_LogicalDisk -Filter 'DriveType=2' | ForEach-Object {
$_ | Select-Object VolumeSerialNumber
}
This will get all VolumeSerialNumber of USB devices ( dictated by the filter DriveType=2 )
Only issue is that this takes about 3.5 seconds to run on a Windows 10, 1.8GHz i3 3rd gen CPU, 4GB RAM. May have to set the default time for USB checks to around 5 seconds for Windows because of this..
Killer is only supported on Linux. If you're using something else, you're on your own.
Is Mac support in the works?
I'd be glad to be a tester.
Let me know,
Thanks.
xrandr | grep ' connected' | grep 'HDMI'
or
cat /sys/class/drm/card0/*HDMI*/status
taken from https://stackoverflow.com/a/47964800
import wmi
for x in wmi.WMI().Win32_NetworkAdapter():
if x.NetConnectionStatus is not None:
print(x.MACAddress)
print(x.NetConnectionStatus)
Is a pretty good fix for this.
The current Windows installation story is non-standard for a typical Windows user. We should instead distribute it as either a stand-alone executable or a installer. The advantage of an installer is we can install a persistent background Service that the user can toggle on/off, which reduces user disruption (there's no terminal window open). The advantage of a plain exe is it's easy to run and very portable. We could also do both.
Implementation of the exe will be done with PyInstaller and installer with pynsist.
The current flow is:
--user
Goal for standalone exe:
Goal for installer:
If pkgutil.get_data('killer', 'killer_config.json')
fails, the program will error out.
Killer is useless on a system that isn't encrypted. So, this should be checked.
import subprocess
physical_volumes = subprocess.check_output(['pvs', '-o', 'pv_name']).decode().split('\n')[1:-1]
for physical_volume in physical_volumes:
physical_volume = physical_volume.strip()
cryptsetup_status = subprocess.check_output(['cryptsetup', 'status', physical_volume]).decode().split('\n')
_, type = cryptsetup_status[1].split()
if type == 'LUKS2':
print(f'{physical_volume} is encrypted with LUKS!')
the above is a great first step. Will need to do verification/checks on external drives that are encrypted, though.
Looks like it works just fine on an external drive connected via USB, as the external doesn't show up.
But am unsure ( and can't test ) on two or more internal drives that are encrypted.
NSA "COTTONMOUTH
" cords ( https://upload.wikimedia.org/wikipedia/commons/8/85/NSA_COTTONMOUTH-I.jpg ) and things like it ( https://shop.hak5.org/collections/mischief-gadgets/products/o-mg-cable , not affiliated ) are within the scope of Killer.
Curious of how to detect these things.
Right now there's a lot that needs to be manually done.
Currently on first run the user needs to:
This should be far more smoother than it is now.
import subprocess
import re
a = re.compile(r'\bID \S+ (.+)')
b = re.findall(a, subprocess.check_output('lsusb', shell=False).decode('utf-8'))
print([each.strip() for each in b])
Would like to follow more than device ids and this is a good start.
Better explain what Killer does/is.
(Un)plugging devices, whitelists, USB connected whitelist, etc
I've decided to stop supporting Windows. I've spent nearly 2 years trying to find out a speedy way of handling the Bluetooth/CD tray issues and it's just not worth it to me.
If you find a way to support both of these, @ me.
This issue will be closed when everything with Windows is torn out.
Need to look into what differentiates a connected/disconnected battery within Win32_Battery
pacmd list-cards
seems to show
analog-output-headphones: Headphones (priority 9000, latency offset 0 usec, available: yes)
when the headphones are plugged in, and
analog-output-headphones: Headphones (priority 9000, latency offset 0 usec, available: no)
when unplugged.
Applies to Debian 9 ( Stretch )
Maybe this?
https://unix.stackexchange.com/questions/25776/detecting-headphone-connection-disconnection-in-linux
Shamelessly stolen from @PowerPress via github/usbkill:
Have the app monitor the decibels coming from the microphone and let the user set a threshold. If the threshold is passed shut down the PC. Example being prevented from touching your PC but by screaming or a loud noise would trigger the shutdown allowing a hands free system.
Would be nice to be able to check if a device includes HID/network device features, and approach accordingly.
Lists are not parsed properly. There is no concept of a list in configparser. The canonical way of having lists is to delimit the elements and then split the string by the delimiter when parsing.
Also, the default config is missing some keys for windows. Namely USB_ID_WHITELIST
and USB_CONNECTED_WHITELIST
.
This would be a nice addition to PureOS from Purism, which is based on Debian, so it can be integrated for the Librem 5 for example.
It would be nice to have this. Though, considering I don't have a system that supports it, this is going to be a while.
Spoofing is an issue, how do we deal with this?
libusb works basically everywhere and provides a single interface to list and interact with usb devices.
NFC is very short range so by adding NFC support you could wear and NFC ring or bracelet and once you get about a foot away it will lose connection making it a great way to shutdown the pc.
Continuation of guardianproject/haven#390
Someone could easily connect a device that has the same Vendor/Product IDs as a device already connected, as this isn't checked. This should be checked and shutdown if detected/attempted.
Realistically you're not going to have two devices with the same Product/Vendor IDs ( please present proof to the contrary ).
import ctypes
from ctypes import wintypes
class SYSTEM_POWER_STATUS(ctypes.Structure):
_fields_ = [
('ACLineStatus', ctypes.c_ubyte),
('BatteryFlag', ctypes.c_ubyte),
]
SYSTEM_POWER_STATUS_P = ctypes.POINTER(SYSTEM_POWER_STATUS)
GetSystemPowerStatus = ctypes.windll.kernel32.GetSystemPowerStatus
GetSystemPowerStatus.argtypes = [SYSTEM_POWER_STATUS_P]
GetSystemPowerStatus.restype = wintypes.BOOL
status = SYSTEM_POWER_STATUS()
if not GetSystemPowerStatus(ctypes.pointer(status)):
raise ctypes.WinError()
else:
print('ACLineStatus', status.ACLineStatus)
print('BatteryFlag', status.BatteryFlag)
Pulled from https://stackoverflow.com/questions/6153860/in-python-how-can-i-detect-whether-the-computer-is-on-battery-power#6156606 and using ctypes.c_ubyte rather than BYTE.
From https://docs.microsoft.com/en-us/windows/desktop/api/winbase/ns-winbase-_system_power_status the following are valid for the battery being present: [0, 1, 2, 4, 8, 9, 10, 12]
, while 128
is if a battery cannot be detected.
Here is another project to get inspiration from https://gitlab.com/shutsentry/shutsentry
WMI doesn't seem to provide this, so am shelving this until a way can be found.
Shamelessly stolen from @HulaHoopWhonix via github/usbkill:
I don't know if custom commands are supported but nuking cryptsetup keyslots would be a good option.
These are far too slow to use in any level of production.
Will fill this out tomorrow eventually.
Yes, I know the package is currently not working.
I'll leave this up and just change the label whenever something has been broken.
Fixed
Due to the following code, located at https://github.com/Lvl4Sword/Killer/blob/main/killer/posix/power.py#L68
def _get_property(device_path: Union[Path, str], property_name: str) -> str:
"""Gets the given property for a device."""
with open(str(Path(device_path, property_name))) as file:
return file.readline().strip()
online
/present
will return as a string, and thus bool() will count them as True regardless.
This issue is being created for transparency sake, and to inform that it's known and will be fixed in the new branch.
Should probably have logging.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.