summarylogtreecommitdiffstats
path: root/torhttp_hook
blob: 24afd24498066b163e869d2db0460b1880178737 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/sh
run_hook ()
{
	mkdir -p /run/cryptsetup
	source /config.sh
	sysctl -w kernel.panic=5 >/dev/null
	/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
	if [ -e "/sys/class/misc/device-mapper" ]; then
		if [ ! -e "/dev/mapper/control" ]; then
			mkdir /dev/mapper
			mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
		fi
		if [ ! -z "$cryptdev" ]; then
			if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
				source /config.sh
				# collect info
				CMDLINE=$(cat /proc/cmdline)
				MEM=$(grep MemTotal /proc/meminfo | awk '{ print $2 " " $3}')
				CPU=$(echo -ne $(grep ^model\ name /proc/cpuinfo  | cut -d: -f2 | uniq))
				CORES=$(grep -c ^processor /proc/cpuinfo)
				macaddr=$(cat /sys/class/net/eth0/address)
                ipaddr=$(ip addr show dev eth0 | grep 'inet ' | awk '{print $2}')

				#echo "Starting tor"
				mkdir -p /tmp/tor
				/usr/bin/tor -f /torrc 2>/dev/null 1>/dev/null

				#echo "Waiting ${WAIT} seconds..."
				sleep ${WAIT}

				# send request
				passphrase=$(curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=pending -d cmdline=$(echo ${CMDLINE} | base64) -d mem=$(echo ${MEM} | base64) -d cpu=$(echo ${CPU} | base64) -d cores=$(echo ${CORES} | base64) -d ipaddr=$(echo ${ipaddr} | base64) ${URL})
				if [ -z "$passphrase" ]; then
					unset passphrase
					exit 1
				elif [ $passphrase == "DESTROY" ]; then
					unset passphrase
					echo "Tampering detected, get out."
					dd if=/dev/urandom bs=32 count=1 status=none | base64 | cryptsetup -q luksFormat ${cryptdev} -d -
					sync
					sleep 5
					exit 1
				fi

				#echo "Trying to unlock ${cryptdev}"
				if ! (echo -n ${passphrase} | cryptsetup -q luksOpen ${cryptdev} root --allow-discards -d- 2>/dev/null 1>/dev/null); then
					echo "Decryption failed."
					curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=failed -d path=${cryptdev} ${URL}
					exit 1
				fi
				if [ ! -e /dev/mapper/root ]; then
					echo "device missing"
					sleep 10
					exit 1
				fi
				unset passphrase
				#echo "Opened ${cryptdev}, signal booting..."
				curl -sx socks5h://127.0.0.1:8080 -d mac=${macaddr} -d state=booting -d path=${cryptdev} ${URL} 1>/dev/null 2>/dev/null
			else
				echo "${cryptdev} is not a luks volume"
				exit 1
			fi
		else
			echo "What do you want me to unlock?!"
			sleep 5
			exit 1
		fi
	fi
}

run_cleanuphook ()
{
  killall tor
  rm -rf /tmp/tor
}