Android and Server Side code, proposal and reference implementation
This project was started to address a hypothetical case one has volatile data on a remote machine that needs to be removed as fast and as discretely as possible. In such situations opening up a laptop and logging in via SSH, an SFTP/FTP browser etc may simply be too slow.
Rather, it would be more convenient to just long-press a single button on your phone that sends a network packet to the server, triggering a script that proceeds to delete your data and/or back it up to another trusted server. It is considered this functionality may be of use to journalists, activists and others believing that their data may be under threat of physical seizure and have only the phone in their pocket to do something about it.
Someone sniffing on the wire will indeed see a string, the ‘kill signature’, going out in the clear to the remote server at the given port. They will see no other information. If the packet is blocked, captured and sent by an opponent, they do the work for you. If it is simply blocked, your data sees another day.
Only a person with ssh access to the server can modify the kill signature, define target directories for deletion and set the port.
Typical desired actions may include:
- Back up data to remote server using scp and ssh-keys
- Delete directories
- Zero (destroy) partitions (requires ‘root’ option)
- Reboot or power off machine (requires ‘root’ option)
- All of the above, in that order
This preliminary (read ‘alpha’) implementation utilizes ‘socat’ for network packet capture on the server side and a hand-rolled Android application for the client.
While functional, it is only intended for testing and study toward the ends of releasing a finished application.
DISCLAIMER: Nothing beats good disk encryption on the server side.
Android Application
Download
Android client
The Android application can be downloaded here:
SHA256 sum:
07c7fb10b4095d0bac0a1de2ac8f3f926343e938de4e02157b66aecc3f8a3f59
Full source code can be downloaded here:
Server side code
The serverside code (scripts below, and more) can be downloaded here:
SHA256 sum:
29a5c2f96af47a08c50ac588a035b282dc54dae7e8ed93e1b02d7ce7db68a073
Git Repository
This project is hosted on github *here
Installation and use
The basic process for setting up Kill Packet on a server is as follows.
-
SSH to server:
ssh user@theirsite.org
-
Download’s to $HOME over the tunnel and checks against SHA-256 sum above:
cd $HOME #or some other non www-readable location. wget -c http://julianoliver.com/kill-packet/src/KillPacket-0.1.tar.gz && sha256sum KillPacket-0.1.tar.gz
-
Untar the archive:
tar xvzf KillPacket-0.1.tar.gz
-
Change to KillPacket directory and run setup script, defining killsig, server, port, whether root and dd-ing of partitions is required:
cd KillPacket-0.1 sh setup.sh
-
Start server:
sh start.sh
-
Install Android application on client
- Configure with ‘killsig’, server IP and port defined in setup phase
- Long press ‘Send Kill Packet’ to delete data, as required.
Server side scripts
The first script run on the server is ‘setup.sh’, which writes out a configuration file with basic defaults for use:
#!/bin/bash
# This setup script is responsible for writing the 'config/server_config.cfg'
# And setting basic permissions.
CONFIG=config/server_config.cfg
rm -f $CONFIG
echo "*********************************************************************************"
while true; do
read -p "* Do you need to remove directories or files user \
'$(eval echo $USER)' does not own? [Yy/Nn] " yn
case $yn in
[Yy]* )
# create config
echo "ROOT=true" > $CONFIG;
echo "*********************************************************************************"
read -p "* Do you want to destroy/zero any partitions? [Yy/Nn] " yn
case $yn in
[Yy]* )
echo "*********************************************************************************"
read -p "Which partitions do you want to zero?
* Take care to use full paths!
* Separate paritions with a comma
> " dd_dirs
echo "DD_DIRS=$dd_dirs" >> $CONFIG
;;
[Nn]* )
echo "DD_DIRS=NULL" >> $CONFIG
;;
* ) ;;
esac
;;
[Nn]* )
# create config
echo "ROOT=false" > $CONFIG;
echo "DD_DIRS=NULL" >> $CONFIG;
;;
* ) ;;
esac
echo "*********************************************************************************"
read -p "Which directories do you want to delete?
* Use $HOME/path/do/dir or /home/bill/path/to/dir
* Separate multiple directories with a comma
> " dir
echo 'DELETE_DIRS='"$dir" >> $CONFIG
echo "*********************************************************************************"
read -p "Provide a unique passphrase (unused elsewhere)
* Be sure to copy it directly into the Kill Packet app config interface on your phone
* Don't write it down
> " pw
echo 'KILLSIG='"$pw" >> $CONFIG
echo "*********************************************************************************"
read -p "Which port would you like to use?
* Be sure to use a port higher than 1000 (1001-65535).
* Don't write it down and don't forget it!
> " port
echo 'SERVER_PORT='"$port" >> $CONFIG
echo "*********************************************************************************"
read -p "Do you wish to receive an email confirming \
file/folder deletion? [Y\N] " yn
case $yn in
[Yy]* )
echo "*********************************************************************************"
read -p "Please provide a valid email address
> " email; echo "EMAIL=$email" >> $CONFIG;
;;
[Nn]* )
echo "EMAIL=false" >> $CONFIG ;
;;
* ) ;;
esac
echo "*********************************************************************************"
echo "Writing to $CONFIG
You can edit it later, by hand or with this script"
echo "*********************************************************************************"
#setup permissions
chmod go-rwx,u+rwx config/server_config.cfg
chmod go-x,u+x start.sh
chmod go-x,u+x scripts/server_kill.sh
exit
done
The ‘server_kill.sh’ does the dirty work:
#!/bin/bash
CONFIG=config/server_config.cfg
ROOT=$(cat $CONFIG|grep ^ROOT|awk 'BEGIN {FS = "="};{print $2}')
DD_DIRS=$(cat $CONFIG|grep ^DD_DIRS|awk 'BEGIN {FS = "="};{print $2}'|sed -e s/\,/" "/)
DELETE_DIRS=$(cat $CONFIG|grep ^DELETE_DIRS|awk 'BEGIN {FS = "="};{print $2}'|sed -e s/\,/" "/)
SERVER_IP=$(cat $CONFIG|grep ^SERVER_IP|awk 'BEGIN {FS = "="};{print $2}')
SERVER_PORT=$(cat $CONFIG|grep ^SERVER_PORT|awk 'BEGIN {FS = "="};{print $2}')
KILLSIG=$(cat $CONFIG|grep ^KILLSIG|awk 'BEGIN {FS = "="};{print $2}'|sed -e s/\"//g)
EMAIL=$(cat $CONFIG|grep ^EMAIL|awk 'BEGIN {FS = "="};{print $2}')
COPY_DIRS=$DELETE_DIRS
echo $1 $2 $3 $4 $5
echo $KILLSIG
rm -f /tmp/.killpacket_log
rm -f /tmp/.killpacket_err
# If correct KILLSIG is sent by the client
if [ "$5" = "$KILLSIG" ];
then
# Backup existing directories to a remote server
# echo "Backing up $COPY_DIRS.."
# tar cvzf leaks.tar.gz $COPY_DIRS &&
# SCP would run inside an ssh-agent with keys for a user on
# a remote host that has restricted priveleges
# scp volatile.tar.gz backup@my-backup-server.org:. &&
# Delete the volatile archive and ssh-keys for the backup server
# rm -fr volatile.tar.gz $COPYDIRS
# rm -f /home/user/.ssh/backup.rsa
echo "removing directories $DELETE_DIRS"
# we need to eval in case the variable is not expanded
RM=$(rm -fr $(eval echo $DELETE_DIRS) 2>&1);
if [ $? != 0 ]; then
echo $RM
echo "Failed deletion of directories by Kill Packet script with \
error: $RM" >> /tmp/.killpacket_err
mail -s "KillPacket Report: Deletion Failure" $EMAIL < /tmp/.killpacket_err
fi
# write out a report to a user-writable home directory
echo "Deleted $(eval echo $DELETE_DIRS)" > $HOME/kill-report.txt
if [ "$ROOT" == "true" ]; then
if [ "$DD_DIRS" != "NULL" ]; then
echo "zeroing partitions $DD_DIRS"
#DD=$(dd if=/dev/zero of=$(eval echo $DD_DIRS) 2>&1 &);
if [ $? != 0 ]; then
echo "Failed zeroing of partition(s) by Kill Packet script with \
error: $DD" >> /tmp/.killpacket_err
fi
fi
#optional power off machine:
#poweroff
fi
echo "On date $(date) a Kill Packet script deleted $(eval echo $DELETE_DIRS)" \
>> /tmp/.killpacket_log
# Email a user when done
if [ "$EMAIL" != "false" ]; then
if [ -f /tmp/.killpacket_err ]; then
echo "******************* Errors follow ***************************"
cat /tmp/.killpacket_err >> /tmp/.killpacket_log
fi
mail -s "KillPacket Report" $EMAIL < /tmp/.killpacket_log
fi
fi
‘start.sh’ invokes the ‘socat’ binary, which listens on the port specified in the setup stage:
#!/bin/bash
SERVER_PORT=$(cat config/server_config.cfg|grep ^SERVER_PORT|awk 'BEGIN \
{FS = "="};{print $2}')
ROOT=$(cat config/server_config.cfg|grep ^ROOT|awk 'BEGIN {FS = "="};{print $2}')
while true;
do
if [ "$ROOT" == "true" ]; then
if [ "$USER" != "root" ]; then
echo '
You selected root but are not running this script as root.
Please run this script with:
su -c "sh start.sh"'
exit
fi
fi
echo "listening on port $SERVER_PORT"
./bin/socat -u TCP4-LISTEN:$SERVER_PORT STDIO | ./scripts/server_kill.sh `tee`;
#echo "Done. Sleeping for 10 seconds."
sleep 10;
done