SlideShare uma empresa Scribd logo

Hacking and Forensics on the Go with Low-Power Devices

44CON
44CON

This document discusses hacking and forensics using small, low-power devices like the Beagleboard and Beaglebone. It describes choosing the Beagleboard as a platform due to its small size, low power usage, and features like built-in Ethernet and USB ports. It outlines selecting Ubuntu as the base OS and leveraging existing repositories to obtain forensics and hacking tools. It also covers building tools from source by either natively compiling on the device or cross-compiling from a desktop. The document demonstrates using udev rules to automatically mount external USB drives in read-only mode for forensics purposes when connected to a special USB hub. It concludes by discussing future directions like optimizing more packages and port

1 de 45
Baixar para ler offline
Hacking and Forensics on the Go Philip A. Polstra, Sr. @ppolstra DrPhil@polstra.org http://ppolstra.blogspot.com
What is this talk about? ● Hacking and/or forensics with small, low- power devices ● ARM-based Beagleboard & Beaglebone running full suite of security/forensics tools ● Porting tools to a new platform ● USB forensics (now at high speed!!)
Why You Should Care ● A full set of tools that can fit in a child's lunch box ● A full-featured Linux install for flexibility ● Low-power devices can run for days or weeks on battery power ● Small devices can be planted for later retrieval ● Did I mention high-speed USB?
Who is this handsome man with the sexy accent anyway? ● If you were at last year's 44Con & you don't know, you partied much too hard Thursday night ● For the rest of you: – Professor at a medium size (1800 student) private university in Dubuque, Iowa – Programming from age 8 – Hacking hardware from age 12 – Also known to fly and build airplanes
Roadmap ● Choosing a platform ● Selecting a base OS ● Building a base system ● The easy part – leveraging repositories ● The slightly harder part – building tools ● Building your own accessories ● Demonstrations ● Future directions
Choosing a Platform ● Small ● Low-power ● Affordable ● Mature ● Networking built in ● Good USB support ● Convenient input and output
And the Winning Platform is... ● Beagleboard – 3.25” square – <10 Watts – £125 (or buy in USA for only $149) – Based on Cortex A8 – 100 Mbs Ethernet built in – 4 high-speed USB plus USB-on-the-go – DVI-D, S-video, and LCD output – RS-232, webcam, audio, and microSD
Beagleboard
Selecting a Base OS ● Angstrom comes in the box – Optimized for hardware – Nice package management – Poor repository support for our purposes ● Ubuntu is available – Backtrack is based on Ubuntu – Ubuntu is very popular – Good repository and community support
Building a Base Device ● Upgrade to 16GB microSD (8GB would work, but go big) ● Download an image for microSD card – Canonical image or – Robert C. Nelson demo images – I used Nelson's because they are tweaked for Beagleboard and updated frequently ● Good instructions available at http://elinux.org/BeagleBoardUbuntu
The Easy Part – Using Repositories ● Many of the tools we want are available in the standard Ubuntu repositories ● Some are also available as .deb files – Packages written in interpreted languages (Java, Python, PERL, Ruby) usually work out of the box – C-based packages depend on libraries that may or may not be available/installed
The Harder Part – Building Your Own Tools ● Native or cross-compile? ● Native – Straightforward – Can be slow on 1GHz ARM with 512 MB RAM ● Cross-compile – A bit more complicated – Take advantage of multi-core desktop with plenty of RAM
Native Compilation ● “Sudo apt-get install build-essential” is about all you need to be on your way ● Something to keep in mind if you SSH in and use DHCP: Ethernet is via USB chipset and MAC address varies from one boot to next which leads to different address being assigned
Cross-Compile Method 1 ● Download a toolchain “wget http://angstrom- distribution.org/toolchains/angstrom-<ver>-armv7a...” ● Untar toolchain “tar -xf angstrom-<ver>-armv7a-linux-gnueabi- toolchain.tar.bz2 -C” ● Setup build environment “. /usr/local/angstrom/arm/environment- setup” ● Download source ● Configure with “./configure --host=arm-angstrom-linux-gnueabi – prefix=/home/...” ● Build with “make && sudo make install” ● Copy binaries to BB-xM ● Could have problems if there is a kernel mismatch between setup and what is installed to BB-xM
Cross-Compile Method 2 ● Install a toolchain as in Method 1 ● Install Eclipse ● Install C/C++ Development Tools in Eclipse ● Download software ● Use makefile to create Eclipse project ● Create a Build Configuration in Eclipse ● Compile ● Move binaries to BB-xM
Create a Project from the Makefile ● Can have a makefile based project – Simple – Requires slight modification of makefile ● Can use makefile to create Eclipse project – Slightly more involved – Dependencies and special compile flags can be divined from makefile – More flexible if you want to make modifications
Create a Build Configuration ● Right-click project in Project Explorer select Build Configurations-Manage ● Click New to create new configuration ● Set the paths to point to cross-compilation tools for installed toolchain – Set compiler, linker, and assembler commands – Set include and library paths – Good tutorial on http://lvr.com
Cross-Compile Method 3 ● Same as Method 2, but with the addition of remote debugging ● Has advantage of easy transfer of binaries ● In Eclipse under Mobile Development add – C/C++ DSF GDB Debugger Integration – C/C++ Remote Launch – Remote System Explorer End-User Runtime – Remote System Explorer User Actions
Cross-Compile Method 3 (contd.) ● Create /etc/hosts entry for BB-xM IP ● On BB-xM install SSH & GDBServer – “sudo apt-get install ssh” – “sudo apt-get install gdbserver” ● Manually SSH to BB-xM to make sure it works and to set up key cache ● In Eclipse create a connection ● Create .gdbinit file ● Create debug configuration
Create a Connection ● Open Remote System Explorer view ● Select Connection->New->Linux ● Use BB-xM IP with options ssh.files, processes.shell.Linux, ssh.shells, and ssh.terminals ● After creating connection enter IP, user, and password under properties
Create .gdbinit ● Change to the directory with your source code ● “touch .gdbinit” ● Go forth and have fun
Create Debug Configuration ● Run->Debug Configurations->C/C++ Remote Configurations ● Main tab – set configuration ● Set remove absolute path ● Commands to execute before “chmod 777” ● Set path to GDB debugger ● Set the GDB port to an appropriate value
Building Your Own Hardware Accessories
Demo 1 - Hardware
Demo 1 - Hardware
Demo 1 – Chris John Riley
Demo 1 (contd.)
Demo 1 (contd.)
Demo 2 – Wifi Cracking
Demo 2 (contd.)
Demo 2 (contd.)
Demo 3 – Password Cracking
Demo 4 – WPS Cracking
Demo 4 (contd.)
Demo 5 – Pwn Win7 Like Its a Mac
Demo 5 (contd.)
tm Demo 6 – Clickiddies
WTF – I thought you said there would be forensics in this talk!
USB Forensics – Now at High Speed!! ● Use a magical USB hub – Everything connected to magic hub automatically mounted read only – Everything not connected to the magic hub is mounted normally (probably with a prompt, etc.) ● Initially wanted to dive in and hack USB drivers – But there is a better way! ...
Enter Udev Rules ● Udev rules allow you to handle what happens when devices are connected, disconnected, etc. ● Every block device connected downstream of magic hub (parent with appropriate VID/PID) is automatically mounted read only ● Suitable for hard disks and ANYTHING that can be mounted via USB
Udev Rules Reali(z|s)ed ● In /etc/udev/rules.d/10-protectedmt.rules ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd?[1-9]", ATTRS{idVendor}=="1a40", ATTRS{idProduct}=="0101", ENV{PHIL_MOUNT}="1", ENV{PHIL_DEV}="%k", RUN+="/etc/udev/scripts/test.sh %k" ACTION=="remove", SUBSYSTEM=="block", KERNEL=="sd?[1-9]", ATTRS{idVendor}=="1a40", ATTRS{idProduct}=="0101", ENV{PHIL_UNMOUNT}="1", RUN+="/etc/udev/scripts/test3.sh %k" ENV{PHIL_MOUNT}=="1", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_AUTOMOUNT_HINT}="never", RUN+="/etc/udev/scripts/test2.sh" ENV{PHIL_MOUNT}!="1", ENV{UDISKS_PRESENTATION_HIDE}="0", ENV{UDISKS_AUTOMOUNT_HINT}="always" ENV{PHIL_UNMOUNT}=="1", RUN+="/etc/udev/scripts/test4.sh"
Udev Rules Scripts ● /etc/udev/scripts/test.sh #!/bin/bash echo "#!/bin/bash" > /etc/udev/scripts/test2.sh echo "mkdir /media/$1" >> /etc/udev/scripts/test2.sh echo "chmod 777 /media/$1" >> /etc/udev/scripts/test2.sh echo "/bin/mount /dev/$1 -o ro,noatime /media/$1" >> /etc/udev/scripts/test2.sh chmod +x /etc/udev/scripts/test2.sh
Udev Rules Scripts (contd.) ● /etc/udev/scripts/test3.sh #!/bin/bash echo "#!/bin/bash" > /etc/udev/scripts/test4.sh echo "/bin/umount /dev/$1" >> /etc/udev/scripts/test4.sh echo "rmdir /media/$1" >> /etc/udev/scripts/test4.sh chmod +x /etc/udev/scripts/test4.sh
Future Directions ● Continue to add useful packages as need arises ● Optimize some packages for BB-xM ● Other output devices ● Port to BeagleBone ● Custom printed case ● Associate with a standard pentest distro ● Port to another platform
Questions?

Recomendados

Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012Philip Polstra
 
The Deck by Phil Polstra GrrCON2012
The Deck by Phil Polstra GrrCON2012The Deck by Phil Polstra GrrCON2012
The Deck by Phil Polstra GrrCON2012Philip Polstra
 
Cyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionCyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionPhilip Polstra
 
Introduction To The Beagleboard
Introduction To The BeagleboardIntroduction To The Beagleboard
Introduction To The BeagleboardNeHal VeRma
 
Intro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugIntro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugSteve Arnold
 
Beagle board101 esc-boston-2009b
Beagle board101 esc-boston-2009bBeagle board101 esc-boston-2009b
Beagle board101 esc-boston-2009bMichael Hallak-Stamler
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensionsZoltan Balazs
 
Taking the BeagleBone Cookbook recipes beyond BeagleBone Black
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackTaking the BeagleBone Cookbook recipes beyond BeagleBone Black
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackDrew Fustini
 

Recomendados

Polstra 44con2012
Polstra 44con2012Polstra 44con2012
Polstra 44con2012Philip Polstra
 
The Deck by Phil Polstra GrrCON2012
The Deck by Phil Polstra GrrCON2012The Deck by Phil Polstra GrrCON2012
The Deck by Phil Polstra GrrCON2012Philip Polstra
 
Cyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionCyberhijacking Airplanes Truth or Fiction
Cyberhijacking Airplanes Truth or FictionPhilip Polstra
 
Introduction To The Beagleboard
Introduction To The BeagleboardIntroduction To The Beagleboard
Introduction To The BeagleboardNeHal VeRma
 
Intro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugIntro To Gentoo Embedded Cclug
Intro To Gentoo Embedded CclugSteve Arnold
 
Beagle board101 esc-boston-2009b
Beagle board101 esc-boston-2009bBeagle board101 esc-boston-2009b
Beagle board101 esc-boston-2009bMichael Hallak-Stamler
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensionsZoltan Balazs
 
Taking the BeagleBone Cookbook recipes beyond BeagleBone Black
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackTaking the BeagleBone Cookbook recipes beyond BeagleBone Black
Taking the BeagleBone Cookbook recipes beyond BeagleBone BlackDrew Fustini
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Introduction to beagle board
Introduction to beagle boardIntroduction to beagle board
Introduction to beagle boardAmit Karpe
 
How to be a distribution-friendly project
How to be a distribution-friendly projectHow to be a distribution-friendly project
How to be a distribution-friendly projectDonnie Berkholz
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingDonnie Berkholz
 
The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsThe Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsBill Malchisky Jr.
 
Making Gentoo Tick
Making Gentoo TickMaking Gentoo Tick
Making Gentoo TickAnant Narayanan
 
Linux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM SoftwareLinux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM SoftwareBill Malchisky Jr.
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Beagle board
Beagle boardBeagle board
Beagle boardKondaveeti Arun Gopal
 
Embedded Linux Systems Basics
Embedded Linux Systems BasicsEmbedded Linux Systems Basics
Embedded Linux Systems BasicsMax Henery
 
Redteaming HID attacks
Redteaming HID attacksRedteaming HID attacks
Redteaming HID attacksJuan Espin
 
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily JobLuca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Joblinuxlab_conf
 
Hands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone BlackHands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone BlackDaniele Costarella
 
BSDCan2013
BSDCan2013BSDCan2013
BSDCan2013krispcbsd
 
Central Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows ManagersCentral Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows ManagersAndrew Denner
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
Angelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdateAngelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdatelinuxlab_conf
 
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)iXsystems
 
Exploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with PythonExploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with PythonShahed Mehbub
 
Thotcon2013
Thotcon2013Thotcon2013
Thotcon2013Philip Polstra
 
MIPS-X
MIPS-XMIPS-X
MIPS-XZoltan Balazs
 

Mais conteúdo relacionado

Mais procurados

Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
Introduction to beagle board
Introduction to beagle boardIntroduction to beagle board
Introduction to beagle boardAmit Karpe
 
How to be a distribution-friendly project
How to be a distribution-friendly projectHow to be a distribution-friendly project
How to be a distribution-friendly projectDonnie Berkholz
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingDonnie Berkholz
 
The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsThe Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsBill Malchisky Jr.
 
Linux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM SoftwareLinux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM SoftwareBill Malchisky Jr.
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchlinuxlab_conf
 
Embedded Linux Systems Basics
Embedded Linux Systems BasicsEmbedded Linux Systems Basics
Embedded Linux Systems BasicsMax Henery
 
Redteaming HID attacks
Redteaming HID attacksRedteaming HID attacks
Redteaming HID attacksJuan Espin
 
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily JobLuca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Joblinuxlab_conf
 
Hands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone BlackHands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone BlackDaniele Costarella
 
Central Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows ManagersCentral Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows ManagersAndrew Denner
 
Angelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdateAngelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdatelinuxlab_conf
 
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)iXsystems
 
Exploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with PythonExploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with PythonShahed Mehbub
 

Mais procurados (20)

U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
Introduction to beagle board
Introduction to beagle boardIntroduction to beagle board
Introduction to beagle board
 
How to be a distribution-friendly project
How to be a distribution-friendly projectHow to be a distribution-friendly project
How to be a distribution-friendly project
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
 
The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows AdminsThe Ultimate IBM and Lotus on Linux Workshop for Windows Admins
The Ultimate IBM and Lotus on Linux Workshop for Windows Admins
 
Making Gentoo Tick
Making Gentoo TickMaking Gentoo Tick
Making Gentoo Tick
 
Linux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM SoftwareLinux School: Advanced Administration for IBM Software
Linux School: Advanced Administration for IBM Software
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
Beagle board
Beagle boardBeagle board
Beagle board
 
Embedded Linux Systems Basics
Embedded Linux Systems BasicsEmbedded Linux Systems Basics
Embedded Linux Systems Basics
 
Redteaming HID attacks
Redteaming HID attacksRedteaming HID attacks
Redteaming HID attacks
 
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily JobLuca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
Luca Ceresoli - Buildroot vs Yocto: Differences for Your Daily Job
 
Hands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone BlackHands On Embedded Linux with BeagleBone Black
Hands On Embedded Linux with BeagleBone Black
 
BSDCan2013
BSDCan2013BSDCan2013
BSDCan2013
 
Central Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows ManagersCentral Iowa Linux Users Group-December 2019: Windows Managers
Central Iowa Linux Users Group-December 2019: Windows Managers
 
BusyBox for Embedded Linux
BusyBox for Embedded LinuxBusyBox for Embedded Linux
BusyBox for Embedded Linux
 
Angelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdateAngelo Compagnucci - Upgrading buildroot based devices with swupdate
Angelo Compagnucci - Upgrading buildroot based devices with swupdate
 
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
 
Exploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with PythonExploring the ABC's of Raspberry Pi with Python
Exploring the ABC's of Raspberry Pi with Python
 

Semelhante a Hacking and Forensics on the Go with Low-Power Devices

Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesMender.io
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linuxplarsen67
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux DevelopersOpersys inc.
 
Asiabsdcon2013
Asiabsdcon2013Asiabsdcon2013
Asiabsdcon2013krispcbsd
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsMichael Zhang
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMSherif Mousa
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primerDrew Fustini
 
Perfect Linux Desktop - OpenSuSE 12.2
Perfect Linux Desktop - OpenSuSE 12.2Perfect Linux Desktop - OpenSuSE 12.2
Perfect Linux Desktop - OpenSuSE 12.2Davor Guttierrez
 
Headless Android (Wearable DevCon 2014)
Headless Android (Wearable DevCon 2014)Headless Android (Wearable DevCon 2014)
Headless Android (Wearable DevCon 2014)Ron Munitz
 

Semelhante a Hacking and Forensics on the Go with Low-Power Devices (20)

Thotcon2013
Thotcon2013Thotcon2013
Thotcon2013
 
MIPS-X
MIPS-XMIPS-X
MIPS-X
 
Strategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and imagesStrategies for developing and deploying your embedded applications and images
Strategies for developing and deploying your embedded applications and images
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
 
Texas 2013
Texas 2013Texas 2013
Texas 2013
 
Self 2013
Self 2013Self 2013
Self 2013
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux Developers
 
Asiabsdcon2013
Asiabsdcon2013Asiabsdcon2013
Asiabsdcon2013
 
Ilf2013
Ilf2013Ilf2013
Ilf2013
 
Scale2013
Scale2013Scale2013
Scale2013
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARM
 
Embedded Linux primer
Embedded Linux primerEmbedded Linux primer
Embedded Linux primer
 
Perfect Linux Desktop - OpenSuSE 12.2
Perfect Linux Desktop - OpenSuSE 12.2Perfect Linux Desktop - OpenSuSE 12.2
Perfect Linux Desktop - OpenSuSE 12.2
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
eurobsd2013
eurobsd2013eurobsd2013
eurobsd2013
 
Headless Android (Wearable DevCon 2014)
Headless Android (Wearable DevCon 2014)Headless Android (Wearable DevCon 2014)
Headless Android (Wearable DevCon 2014)
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
 

Mais de 44CON

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
 
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...44CON
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank44CON
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...44CON
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON
 

Mais de 44CON (20)

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
 
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
 

Hacking and Forensics on the Go with Low-Power Devices

  • 1. Hacking and Forensics on the Go Philip A. Polstra, Sr. @ppolstra DrPhil@polstra.org http://ppolstra.blogspot.com
  • 2. What is this talk about? ● Hacking and/or forensics with small, low- power devices ● ARM-based Beagleboard & Beaglebone running full suite of security/forensics tools ● Porting tools to a new platform ● USB forensics (now at high speed!!)
  • 3. Why You Should Care ● A full set of tools that can fit in a child's lunch box ● A full-featured Linux install for flexibility ● Low-power devices can run for days or weeks on battery power ● Small devices can be planted for later retrieval ● Did I mention high-speed USB?
  • 4. Who is this handsome man with the sexy accent anyway? ● If you were at last year's 44Con & you don't know, you partied much too hard Thursday night ● For the rest of you: – Professor at a medium size (1800 student) private university in Dubuque, Iowa – Programming from age 8 – Hacking hardware from age 12 – Also known to fly and build airplanes
  • 5. Roadmap ● Choosing a platform ● Selecting a base OS ● Building a base system ● The easy part – leveraging repositories ● The slightly harder part – building tools ● Building your own accessories ● Demonstrations ● Future directions
  • 6. Choosing a Platform ● Small ● Low-power ● Affordable ● Mature ● Networking built in ● Good USB support ● Convenient input and output
  • 7. And the Winning Platform is... ● Beagleboard – 3.25” square – <10 Watts – £125 (or buy in USA for only $149) – Based on Cortex A8 – 100 Mbs Ethernet built in – 4 high-speed USB plus USB-on-the-go – DVI-D, S-video, and LCD output – RS-232, webcam, audio, and microSD
  • 9. Selecting a Base OS ● Angstrom comes in the box – Optimized for hardware – Nice package management – Poor repository support for our purposes ● Ubuntu is available – Backtrack is based on Ubuntu – Ubuntu is very popular – Good repository and community support
  • 10. Building a Base Device ● Upgrade to 16GB microSD (8GB would work, but go big) ● Download an image for microSD card – Canonical image or – Robert C. Nelson demo images – I used Nelson's because they are tweaked for Beagleboard and updated frequently ● Good instructions available at http://elinux.org/BeagleBoardUbuntu
  • 11. The Easy Part – Using Repositories ● Many of the tools we want are available in the standard Ubuntu repositories ● Some are also available as .deb files – Packages written in interpreted languages (Java, Python, PERL, Ruby) usually work out of the box – C-based packages depend on libraries that may or may not be available/installed
  • 12. The Harder Part – Building Your Own Tools ● Native or cross-compile? ● Native – Straightforward – Can be slow on 1GHz ARM with 512 MB RAM ● Cross-compile – A bit more complicated – Take advantage of multi-core desktop with plenty of RAM
  • 13. Native Compilation ● “Sudo apt-get install build-essential” is about all you need to be on your way ● Something to keep in mind if you SSH in and use DHCP: Ethernet is via USB chipset and MAC address varies from one boot to next which leads to different address being assigned
  • 14. Cross-Compile Method 1 ● Download a toolchain “wget http://angstrom- distribution.org/toolchains/angstrom-<ver>-armv7a...” ● Untar toolchain “tar -xf angstrom-<ver>-armv7a-linux-gnueabi- toolchain.tar.bz2 -C” ● Setup build environment “. /usr/local/angstrom/arm/environment- setup” ● Download source ● Configure with “./configure --host=arm-angstrom-linux-gnueabi – prefix=/home/...” ● Build with “make && sudo make install” ● Copy binaries to BB-xM ● Could have problems if there is a kernel mismatch between setup and what is installed to BB-xM
  • 15. Cross-Compile Method 2 ● Install a toolchain as in Method 1 ● Install Eclipse ● Install C/C++ Development Tools in Eclipse ● Download software ● Use makefile to create Eclipse project ● Create a Build Configuration in Eclipse ● Compile ● Move binaries to BB-xM
  • 16. Create a Project from the Makefile ● Can have a makefile based project – Simple – Requires slight modification of makefile ● Can use makefile to create Eclipse project – Slightly more involved – Dependencies and special compile flags can be divined from makefile – More flexible if you want to make modifications
  • 17. Create a Build Configuration ● Right-click project in Project Explorer select Build Configurations-Manage ● Click New to create new configuration ● Set the paths to point to cross-compilation tools for installed toolchain – Set compiler, linker, and assembler commands – Set include and library paths – Good tutorial on http://lvr.com
  • 18. Cross-Compile Method 3 ● Same as Method 2, but with the addition of remote debugging ● Has advantage of easy transfer of binaries ● In Eclipse under Mobile Development add – C/C++ DSF GDB Debugger Integration – C/C++ Remote Launch – Remote System Explorer End-User Runtime – Remote System Explorer User Actions
  • 19. Cross-Compile Method 3 (contd.) ● Create /etc/hosts entry for BB-xM IP ● On BB-xM install SSH & GDBServer – “sudo apt-get install ssh” – “sudo apt-get install gdbserver” ● Manually SSH to BB-xM to make sure it works and to set up key cache ● In Eclipse create a connection ● Create .gdbinit file ● Create debug configuration
  • 20. Create a Connection ● Open Remote System Explorer view ● Select Connection->New->Linux ● Use BB-xM IP with options ssh.files, processes.shell.Linux, ssh.shells, and ssh.terminals ● After creating connection enter IP, user, and password under properties
  • 21. Create .gdbinit ● Change to the directory with your source code ● “touch .gdbinit” ● Go forth and have fun
  • 22. Create Debug Configuration ● Run->Debug Configurations->C/C++ Remote Configurations ● Main tab – set configuration ● Set remove absolute path ● Commands to execute before “chmod 777” ● Set path to GDB debugger ● Set the GDB port to an appropriate value
  • 23. Building Your Own Hardware Accessories
  • 24. Demo 1 - Hardware
  • 25. Demo 1 - Hardware
  • 26. Demo 1 – Chris John Riley
  • 29. Demo 2 – Wifi Cracking
  • 32. Demo 3 – Password Cracking
  • 33. Demo 4 – WPS Cracking
  • 35. Demo 5 – Pwn Win7 Like Its a Mac
  • 37. tm Demo 6 – Clickiddies
  • 38. WTF – I thought you said there would be forensics in this talk!
  • 39. USB Forensics – Now at High Speed!! ● Use a magical USB hub – Everything connected to magic hub automatically mounted read only – Everything not connected to the magic hub is mounted normally (probably with a prompt, etc.) ● Initially wanted to dive in and hack USB drivers – But there is a better way! ...
  • 40. Enter Udev Rules ● Udev rules allow you to handle what happens when devices are connected, disconnected, etc. ● Every block device connected downstream of magic hub (parent with appropriate VID/PID) is automatically mounted read only ● Suitable for hard disks and ANYTHING that can be mounted via USB
  • 41. Udev Rules Reali(z|s)ed ● In /etc/udev/rules.d/10-protectedmt.rules ACTION=="add", SUBSYSTEM=="block", KERNEL=="sd?[1-9]", ATTRS{idVendor}=="1a40", ATTRS{idProduct}=="0101", ENV{PHIL_MOUNT}="1", ENV{PHIL_DEV}="%k", RUN+="/etc/udev/scripts/test.sh %k" ACTION=="remove", SUBSYSTEM=="block", KERNEL=="sd?[1-9]", ATTRS{idVendor}=="1a40", ATTRS{idProduct}=="0101", ENV{PHIL_UNMOUNT}="1", RUN+="/etc/udev/scripts/test3.sh %k" ENV{PHIL_MOUNT}=="1", ENV{UDISKS_PRESENTATION_HIDE}="1", ENV{UDISKS_AUTOMOUNT_HINT}="never", RUN+="/etc/udev/scripts/test2.sh" ENV{PHIL_MOUNT}!="1", ENV{UDISKS_PRESENTATION_HIDE}="0", ENV{UDISKS_AUTOMOUNT_HINT}="always" ENV{PHIL_UNMOUNT}=="1", RUN+="/etc/udev/scripts/test4.sh"
  • 42. Udev Rules Scripts ● /etc/udev/scripts/test.sh #!/bin/bash echo "#!/bin/bash" > /etc/udev/scripts/test2.sh echo "mkdir /media/$1" >> /etc/udev/scripts/test2.sh echo "chmod 777 /media/$1" >> /etc/udev/scripts/test2.sh echo "/bin/mount /dev/$1 -o ro,noatime /media/$1" >> /etc/udev/scripts/test2.sh chmod +x /etc/udev/scripts/test2.sh
  • 43. Udev Rules Scripts (contd.) ● /etc/udev/scripts/test3.sh #!/bin/bash echo "#!/bin/bash" > /etc/udev/scripts/test4.sh echo "/bin/umount /dev/$1" >> /etc/udev/scripts/test4.sh echo "rmdir /media/$1" >> /etc/udev/scripts/test4.sh chmod +x /etc/udev/scripts/test4.sh
  • 44. Future Directions ● Continue to add useful packages as need arises ● Optimize some packages for BB-xM ● Other output devices ● Port to BeagleBone ● Custom printed case ● Associate with a standard pentest distro ● Port to another platform