The fabulous Aurelia Moser and I are going to be giving a talk at Hope X next month on the topic of dead drops. Dead drops are rad, and anyone who knows me just a little bit, knows that I have a thing for tradecraft. I’ve been putting it off and putting it off, but I finally used this beautiful late-spring day to slap together a digital dead drop.
###Imagine, if you will…###
You’re mad as hell, and you’re not going to take it anymore! Your boss has dicked you over for the last time, and you’re about to dump the biggest leak in history. You reach out to your reporter friend and invite her for coffee.
Sitting across from one another, after you’ve exchanged PGP keys, she says: “I’ll follow up with an email.” She downs her Jameson (who am I kidding, she’s not drinking coffee) and leaves. The next day, an encrypted email shows up in your inbox; it reads:
Get on the Manhattan-bound L train at Bedford Avenue at 3:27 pm. Sit in the second car.
Pull out your phone and join a network called "OMG SECRET SHIT" with the password doopie_d00pie_d00.
Then watch this You Tube Video: http://www.youtube.com/watch?v=qMPaTRYaaR8
“Well, ok,” you think. “That’s kind of cryptic, but whatever.” You follow the instructions, and on the train, when you click that link, you’re facing a dinkly little page that simply contains an file uploader. “Shiiiiiiiit!” you think, as you select your document from your phone’s file system, and upload to some invisible little internet thingie somewhere on the train with you. By the time you emerge at 1st Avenue, you’ve taken that dump, if you know what I mean.
###OK, cool. Let’s make that.###
- TP-Link TL-MR3040 Wireless Router ($35)
- USB stick or nubbin (at least 4GB, but we live in the turn-of-the-century so get a bigger one!)
####Step 1: Hello OpenWRT!####
Install the OpenWRT firmware and PirateBox software on your router according to these instructions. It’s ok if you brick yours. It’s recoverable. Once you’ve verified that PirateBox is working (meaning you can find the access point, join the network, and even send a chat message) you’ll be super impressed with what you’ve got so far. However, we want to make some l33t cloak-n-dagger crap, so let’s rip out their interface and make out own!
####Step 2: Let’s add PHP####
What I want to do is, be able to authenticate certain people to upload files onto my router– each person identifiable by a simple, one-time-use token. Also, I want to be able to so some server-side authentication to prevent things like XSRF. So, I’m going to want to add some server stuff for HTTP requests. I want PHP. But before I start adding packages, I need to reconnect the router back to the internet.
To do that, you have to plug the router back into your internet-serving router, and (temporarily) change some of the configurations to get to the net. SSH into the router and open
/etc/config/network. Modify it like so:
Then reboot your router. Once it’s back on, you should be able to have it use the internet to download new software. Let’s:
The php modules will be installed in a different place than where php thinks by default, so do a search-n-replace for the default path with our extension path with
Finally, let’s change the doc_root in php.ini to point to the PirateBox www folder. Open up
/etc/php.ini and replace
Cool, so we have PHP now, and it’ll totally work once we re-init PirateBox.
####Step 3: Ditch the old default www####
We want to make our own file uploader thingie, so let’s create our own web root for our own app. To do this, we must create a folder called
www_alt in the PirateBox directory (
/mnt/usb/Piratebox usually.) Go ahead, do it:
And fill it up with your app files. Perhaps, you place a stub phpinfo file as your
index.php, just to test it out?
Once that’s done with, we have to reload and restart the PirateBox engine. In order for PB to pull in our changes so far, we have to do the following (NB: make sure you’re not in either the
/opt/piratebox directories; do
cd / first!):
####Step 4: Fix your webserver config####
Now, piratebox is stopped. That’s ok– we have to fix some things in our web server’s configurations for PHP to be totally functional. Open
/opt/piratebox/conf/lighttpd/lightpd.conf and make the following edits:
(Get it? You just removed “.php” from the directive…)
And scroll down to
In my build, I also found the directives that allow users to see the directory tree and commented them out– bad for security.
You should also have a look at the line
Might want to 1) make sure
/redirect.html exists (and if not, make it or change the directive), and is appropriate for what you want, and 2) add the following
…so you have error pages, instead of generic, auto-generated pages that leak information about your server set-up. A note: you can use PHP (for error logging, ensnaring, doxxing, etc.) in the page that handles the
server.error-handler-404 directive. The others, however, must be static HTML.
Now, start up PirateBox with
and you’re done! Since the box is on your home network, try accessing it by its IP– you should see your index.
####Step 5: Configure your network and wireless settings####
You no longer need the box to be on the internet. At this point, you should reconfigure the router to function as an access point, and put encryption on it. First, edit
/etc/config/network and restore its gateway, DNS, and IP address:
/etc/config/wireless to set your access point ssid and encryption:
Reboot your router. Like a boss.