minosg
Posts: 2
Joined: Tue Oct 04, 2016 10:48 am

(Security) Picrypt

Thu Oct 06, 2016 11:30 am

I have written a small open source utility that allows seamless folder level encryption for your projects.

The idea came as I have been carrying around several project containing SD cards, and was wondering what could happen if I misplaced them.

The raspberry platform was originally intended for an educational tool, but is widely used for fully fledged embedded projects and production testing. The lack of built-in flash memory makes it hard to protect sensitive code, and unlike most desktop systems that require a log-in key-chain approach, sometimes you just need to power the unit on and just work, without a screen or a keyboard.

So would it not be to have a way to totally encrypt a folder, bind it to the current hardware and software set-up, and automatically unlock it , only when the SD card is run at the intended device without any user input?

The tool collects a lot of information about the hardware/ environment it runs and passes it over to two functions that you need to write yourself which take as input system data and produce a 8 or 16 char passwords fed ecnryptfs that locks, unlocks the directory.

If used at the default level of security it will disallow the following actions:
  • Someone cloning the SD card and placing it on another PI device.
  • Someone copying over the unlock executable and your encrypted code to another sd card and placing it on the intended device attempting to unlock it.
  • Someone running a Qemu instance simulating the original device and trying to unlock it.
As an added bonus it has minimal anti-tamper/ trace/ gdb detection so if someone is inpecting the code the function will know. The action is left up to your implementation of the logic, you can produce a false key, stick the code in a recursion inception or nuke the filesystem using system call "rm -rf /"

Adjusting the tool to your needs, is easy, and about editing two files, a header providing all the hard-coded authorized information and a code file that you need to implement your own password generation logic.

Feel free to read the extended readme at the project's page:
https://github.com/minosg/picrypt

And I am open to any criticism, suggestions or ideas on how it could become even better.

Please note that I do not assume this method is hacker proof, and neither should you.What it does is that it adds a significant amount of pain to third party wanting to read/copy your code.

ThatGuyOverThere
Posts: 10
Joined: Mon Oct 10, 2016 12:54 am

Re: (Security) Picrypt

Wed Oct 12, 2016 4:19 pm

This is an indredibly good idea. I could actually implement this into my Kali Linux Pen-Testing Pi, if that's ok. However, I have some pretty noobish questions;
How would I set this up on my Pi?
What language is it written in?
Have you tested it with the Kali ARM image?
Any help is super appreciated. Thanks in advance.

minosg
Posts: 2
Joined: Tue Oct 04, 2016 10:48 am

Re: (Security) Picrypt

Thu Oct 27, 2016 9:45 am

it is written in C, and it basically requires you to have a basic devel enviroment, the dependancies, and run autocompile.

I have written a pretty extensive readme on the github page.

I have not tested it on the kali arm, but it appears to be an standard debian based distribution, which means it will most likely use the same ecryptfs package as raspbian or Debian Jessie, so it should work.

I fail to see the purpose of using it on a pen testing machine though, considering that those require manual input, they are very rarely fully autonomous devices.

Return to “Other projects”