No secret agent device worth its name would be complete without a self-destruct mechanism. While we can't quite make the Pi disappear in a puff of smoke, we can rig a sneaky booby trap that will eliminate all traces of our secret agent setup if the Pi were to get caught behind enemy lines.
First we are going to encrypt our entire home directory. Since we've been doing all of our pranks and projects inside the pi
user's home directory, if someone were to read the SD card on another computer, they wouldn't be able to get any valuable data from the card except for a pretty standard Raspbian installation.
Then we'll add an optional wipe trigger-mechanism, which can be initiated either locally from a USB keyboard, or remotely via SSH, that will erase our encrypted home directory and replace it with an empty, innocent-looking, and original home directory.
eCryptfs is a stacked cryptographic file system. Unlike the cryptsetup/LUKS encryption system that we saw in the previous section, it is layered on top of an existing file system and encrypts/decrypts individual files on the fly (as they are read and written).
Note: For this exercise to work successfully, you need to be logged directly into the Pi's Terminal as the root user and not over a SSH session:
root@raspberrypi ~ # apt-get install ecryptfs-utils
lsof cryptsetup
ecryptfs
kernel module:root@raspberrypi ~ # modprobe ecryptfs
ecryptfs
provides a handy script that will make some initial safety checks and then guide us through the whole process. The script will ensure that no running process is reading or writing files to our home directory. Now we can try running the ecryptfs
home directory migration script:root@raspberrypi / # ecryptfs-migrate-home -u pi
If it finds any files being accessed in /home/pi,
it will print the process that is holding the file open together with its process ID (PID). You'll have to shut down the offending application nicely, or kill it using the kill [pid]
command.
pi
user.The script will now rename your current home directory, create an encrypted home directory, and copy all the contents back, encrypting everything as it goes.
Once the migration script has finished, we're going to follow the advice it gave us very closely.
pi
user. You'll notice that the time it takes to log in has increased dramatically because of the automatic ecryptfs
mounting that's going on in the background.ls
to verify that your home directory looks roughly intact. Then type mount
to verify that an ecryptfs
file system is really mounted over /home/pi
, like in the following screenshot:
/home/pi.[XXXXXXXX]
. Type ls /home
to find the name of yours, then issue the following command:pi@raspberrypi ~ $ sudo rm -rf /home/pi.[XXXXXXXX]
pi@raspberrypi ~ $ ecryptfs-unwrap-passphrase
This randomly generated passphrase can be used to recover your data from another computer.
/var/swap
and is very rarely used. But just to make absolutely sure our encrypted home directory data doesn't leak into the swap file, we can run the following command:pi@raspberrypi ~ $ sudo ecryptfs-setup-swap
Even though your home directory is much more secure now that it's encrypted, there are still situations where one might want to abort a mission and pull the plug on the important data. For instance, let's say you're continuously recording inside a tmux
session; your data remains mounted and unencrypted until the pi
user logs out.
We will construct a booby trap hooked into the Raspbian login system. There will be two versions of the trigger mechanism:
pi
home directory is wiped clean and recreated.pi
user will be used as a trigger signal to wipe the encrypted home directory and recreate it.The beauty of having both versions is that the special login name can be triggered by you from a distance, and the failed login attempt could be triggered by a foe trying to gain access to the Pi.
pi@raspberrypi ~ $ sudo nano /etc/pam.d/common-auth
This directive specifies how many rules to skip if the user login is successful. We change it to 2
because we're going to add a new rule next.
Create a new line under the one we just changed and put the following:
auth optional pam_exec.so /home/slatfatf.sh
This rule means that when a user login fails, a script that we'll write, called /home/slatfatf.sh
, will be run. You're free to name the script whatever you want and place it in any location (except the pi
home directory).
auth optional pam_exec.so /bin/rm -f /home/slatfatf.count
This rule will reset the bad login counter whenever pi
logs in successfully:
pi@raspberrypi ~ $ sudo nano /home/slatfatf.sh
#!/bin/bash
TRIGGER_USER="phoenix"
MAXFAIL=3
COUNTFILE=/home/slatfatf.count
self_destruct() {
pkill -KILL -u pi
umount /home/pi
rm -rf /home/pi
mkhomedir_helper pi
rm -rf /home/.ecryptfs
rm -f $COUNTFILE
# rm -f /home/slatfatf.sh
}
if [ $PAM_USER == $TRIGGER_USER ]; then
# self_destruct
exit
fi
if [ $PAM_USER == "pi" ]; then
if [ -f $COUNTFILE ]; then
FAILCOUNT=$(cat $COUNTFILE)
((FAILCOUNT++))
if [ $FAILCOUNT -ge $MAXFAIL ]; then
# self_destruct
exit
else
echo $FAILCOUNT > $COUNTFILE
fi
else
echo "1" > $COUNTFILE
fi
fi
TRIGGER_USER
variable holds the username that will trigger an immediate wipe of the home directory. Note that this should not be a real user account on the system.MAXFAIL
variable sets the number of failed login attempts in a row by the pi
user that triggers a wipe of the home directory.COUNTFILE
variable holds the path to a text file that will be used to keep track of the number of failed login attempts by the pi
user.self_destruct
function is where all the action is. It deletes and recreates the pi
user's home directory and erases a few traces of eCryptfs.PAM_USER
variable is passed to our script from the pam_exec.so
module that started our script. It contains the name that was entered at the login prompt and failed to authenticate.TRIGGER_USER
, then start the self_destruct
sequence.pi
, see whether the number in FAILCOUNT
is greater, or equal to MAXFAIL
and if so, start the self_destruct
sequence.pi@raspberrypi ~ $ sudo chmod +x /home/slatfatf.sh
To verify that your trigger mechanism is set up correctly, you can make a failed login attempt with the pi
user to see that the /home/slatfatf.count
file is created.
18.119.131.10