blob: 24afd24498066b163e869d2db0460b1880178737 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/bin/sh
run_hook ()
{
mkdir -p /run/cryptsetup
source /config.sh
sysctl -w kernel.panic=5 >/dev/null
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
mkdir /dev/mapper
mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
if [ ! -z "$cryptdev" ]; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
source /config.sh
# collect info
CMDLINE=$(cat /proc/cmdline)
MEM=$(grep MemTotal /proc/meminfo | awk '{ print $2 " " $3}')
CPU=$(echo -ne $(grep ^model\ name /proc/cpuinfo | cut -d: -f2 | uniq))
CORES=$(grep -c ^processor /proc/cpuinfo)
macaddr=$(cat /sys/class/net/eth0/address)
ipaddr=$(ip addr show dev eth0 | grep 'inet ' | awk '{print $2}')
#echo "Starting tor"
mkdir -p /tmp/tor
/usr/bin/tor -f /torrc 2>/dev/null 1>/dev/null
#echo "Waiting ${WAIT} seconds..."
sleep ${WAIT}
# send request
passphrase=$(curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=pending -d cmdline=$(echo ${CMDLINE} | base64) -d mem=$(echo ${MEM} | base64) -d cpu=$(echo ${CPU} | base64) -d cores=$(echo ${CORES} | base64) -d ipaddr=$(echo ${ipaddr} | base64) ${URL})
if [ -z "$passphrase" ]; then
unset passphrase
exit 1
elif [ $passphrase == "DESTROY" ]; then
unset passphrase
echo "Tampering detected, get out."
dd if=/dev/urandom bs=32 count=1 status=none | base64 | cryptsetup -q luksFormat ${cryptdev} -d -
sync
sleep 5
exit 1
fi
#echo "Trying to unlock ${cryptdev}"
if ! (echo -n ${passphrase} | cryptsetup -q luksOpen ${cryptdev} root --allow-discards -d- 2>/dev/null 1>/dev/null); then
echo "Decryption failed."
curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=failed -d path=${cryptdev} ${URL}
exit 1
fi
if [ ! -e /dev/mapper/root ]; then
echo "device missing"
sleep 10
exit 1
fi
unset passphrase
#echo "Opened ${cryptdev}, signal booting..."
curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=booting -d path=${cryptdev} ${URL} 1>/dev/null 2>/dev/null
else
echo "${cryptdev} is not a luks volume"
exit 1
fi
else
echo "What do you want me to unlock?!"
sleep 5
exit 1
fi
fi
}
run_cleanuphook ()
{
killall tor
rm -rf /tmp/tor
}
|