#!/usr/bin/python # Nuke My LUKS - server # A simple network-based panic button designed to overwrite the LUKS header # with random data and reboot the computer in case of an emergency situation. # # IMPORTANT: This will make *impossible* to recover any data stored in the disk # even if the password is known. Use this code with precaution. # # by Julio Cesar Fort - julio@whatever.io import sys import socket import select import os.path import platform import base64 import ConfigParser from subprocess import Popen, PIPE try: from bcrypt import hashpw, gensalt except ImportError as err: print "[!] Error importing 'bcrypt': %s" % err sys.exit() DEFAULT_PORT = 1337 ERROR = -1 NUKEMYLUKS_CMD = './nukemyluks.sh' def main(): # check if we're running this code on Linux or not if 'Linux' not in platform.system(): print "[!] Error: this can only run on Linux." sys.exit(ERROR) # create a broadcast UDP receving socket receiving_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) receiving_socket.bind(('<broadcast>', DEFAULT_PORT)) receiving_socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1) receiving_socket.setblocking(0) while True: result = select.select([receiving_socket], [], []) msg = result[0][0].recv(1024) if msg.startswith("nukemyluks_"): try: configparser = ConfigParser.ConfigParser() configparser.read('config.ini') hashed_secret = configparser.get('config', 'password_hash') except Exception as err: print "[!] Error reading config file: %s" % err # TODO: send error message back containing the server IP sys.exit() secret = base64.b64decode(msg[len("nukemyluks_"):]) if hashed_secret == hashpw(secret, hashed_secret): if not os.path.isfile(NUKEMYLUKS_CMD): print "[!] Cannot execute the %s (No such file)" % NUKEMYLUKS_CMD sys.exit(ERROR) cmd_output = Popen([NUKEMYLUKS_CMD], stdout=PIPE, stdin=PIPE, stderr=PIPE) STDOUT, STDERR = cmd_output.communicate() print STDOUT # TODO: send a success message back containing the server IP if __name__ == '__main__': main()