Software to prevent unauthorized physical access to your machine.
It listens for udev events and could take 3 different actions when certain storage devices are detected:
- Defense (Reboot PC)
- Freeze PC (Launch a fork bomb to freeze PC and fill all RAM in short time)
- Offense (If it's a USB drive, it'll be overwritten, if it's a CD/DVD ROM it'll be eject)
- Offense + Defense (The previus modes, combined)
- Learning (Learning mode to populate trusted devices list)
The software is composed also by a "Emergency Wipe List": when an action like defense or offense is erased,
porcupine will also wipe the file in this list through secure-delete software by THC
I suggest you (it's quite a must...) to use Full Disk Encryption in order to obtain the best results
(e.g. What happens if someone try to stick his USB pendrive in your PC? In defensive mode, the PC will reboot and
the intruder will be redirected to FDE password prompt)
This program is created with int0x80 talk "Anti-Forensic for the Louise" from Derbycon 2012 in mind.
For every reference about the original concept by int0x80 please look at:
- GitHub - https://github.com/int0x80/anti-forensics
- Youtube - "Anti-Forensic for the Louise" http://www.youtube.com/watch?v=-HK1JHR7LIM
- Youtube - "Moar Anti-Forensic for the Louise" http://www.youtube.com/watch?v=i3nLrJrkYOc
Must:
- A PC with a Linux distribution installed (preferred: Ubuntu, Mint)
- Python interpreter, pyudev library and wxwidget bindings for python.
- python >= 2.7
- python-wxgtk2.8 >= 2.8.12.1
- pyudev >= 0.16.1
- secure-delete (this is the name on ubuntu repos, check for your own distribution)
e.g. On Ubuntu 11.04: sudo apt-get install python-wxgtk2.8 python
About pyudev >= 0.16.1 on ubuntu systems look at:
https://launchpad.net/ubuntu/raring/i386/python-pyudev/0.16.1-1
- python >= 2.7
Should:
- HD with Full Disk Encryption enabled e with a sifficient strong password. This permits to maximize the effets
- In main folder add an ampty folder called configs
- Simply run it with superadmin privileges.
e.g. To run and detach from console: sudo nohup ./porcupine.py &
- Add MMC/SD/others controls
- Add a checksum system for personal pendrives
- Add the options to run custom actions when device is detected
- Add Shortcut and menu option to hide the trayicon (partially implemented. At the moment
only hide is possible, no resume from hide) - Password protect Quit action (maybe)
- Password protect Settings menu (maybe)
- Password protect Stop action (maybe)
- Password protect Show trayicon action (maybe)
- More Tests
- None from the last tests, but please help me to improve the software. More testers are better than me alone!