Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #524297
Pterodactyl
Feature Progress Matrix
Feature | GUMSTIX | RASPBERRY PI | COTTON CANDY |
---|---|---|---|
Operating System | Linux (Yocto) |
Linux (Android) Linux (Ubuntu) |
|
Cross-compiler Suite |
included in Ubuntu (gnueabi) |
included in Ubuntu (gnueabi-hf) |
included in Ubuntu (gnueabi) |
USB support for external floppy | VERIFIED |
verified |
verified |
Copy script runs successfully | verified |
verified |
verified |
Systemd Service script | verified |
verified |
verified |
External hardware support | GPIO | GPIO | |
Visual Indicator (LEDLight Emitting Diode) | verified |
verified |
verified |
Haptic Indicator (PWM Thumper) | UNverified |
verified |
UNverified |
On-SD card Storage | verified |
Tentative EDBEmbedded Devices Branch Development Schedule
-
1 Jul 2013- Internal demonstration of 3 devices with pros/cons/observations
-
Candidates
-
Gumstix
-
Pros
-
Form Factor very good for concealment.
-
Form Factor very good for concealment.
-
Cons
- Difficult learning curve associated with initial exposure for developers.
-
Pros
-
- Raspberry Pi
-
Pros
- Allowed quick prototyping of scripts with demonstration to customer.
- Easy to cross compile code via Ubuntu.
- Several GPIO ports permit use of thumper.
- LED control is not difficult.
-
Cons
- Size and form factor not good for concealment.
- Customized udev rules for hub device are not well understood.
-
Pros
-
- Cotton Candy
-
Pros
-
Internal Operating System Choices
- Android
- Ubuntu
-
Internal Operating System Choices
-
Observations
-
External host Operating Systems (SC2 connection for uploads and updates needs to be worked/resolved to ensure no security violations occur).
- Mac (Works as advertised for both Android and Ubuntu Cotton Candy Operating Systems)
- Linux (Has not worked using Ubuntu 10, 11, or 12 CDCompact Disk Installs).
-
Windows (Has not worked using internal Development Install Disk).
- Device sometimes quits unexpectedly. 1 Cotton Candy's micro USBUniversal Serial Bus connection was broken during development.
- Item when in use becomes fairly hot relative to human touch.
-
Compilation
- Internal compiler with vi and make files creates and builds a executable "Hello World" C program.
- Cross Compilers (Not tested yet)
-
External host Operating Systems (SC2 connection for uploads and updates needs to be worked/resolved to ensure no security violations occur).
-
Pros
-
Gumstix
-
USB Drives
- TODO: Consider how to build our own drivers for new devices (cameras, external LEDs, ...) since most if not all embedded computers have these interfaces.
- Consider using IPADs. IPhones, and Androids as usb devices.
- User #77500 required Face Dancer Cards for IOSApple operating system for small devices exploitation (15 Face Dancer cards ordered via EIB(Branch) on 8 Jul 2013).
- Need to measure power consumption.
-
Consider supply chain approach where the minicomputer is installed within the floppy drive.
-
Candidates
-
8 Jul 2013- Requirements List used for evaluation
-
Requirements:
-
Copy Floppy Disks to SD card on small miniature computer's SD card
-
dd
- Raspberry Pi (Verified)
- Cotton Candy (Verified)
-
dd
-
Operator Feedback mechanisms
-
Visual Indicators
-
LEDs
- Raspberry Pi (Verified)
-
Cotton Candy (Verified)
-
Within the sys/class/leds directory are the following directories:
- fxi-ccandy:blue:
- fxi-ccandy:green:net
- fxi-ccandy:green:power
- fxi-ccandy:orange:net
-
fxi-ccandy:red:
- And within each of these directories is a brightness file. Set it to 0 to shut off the led. Set it to nonzero to turn on the led.
-
Examples:
- To shut off all LEDs use the following file- turnAllLedsOff.bsh
- To turn off all LEDS and then cycle through each one and turn them on for 2 seconds each, use the following file- flashLeds.bsh
-
Within the sys/class/leds directory are the following directories:
-
LEDs
-
Touch/Feel Indicators
-
Thumper (Pulse width modulation)
- Raspberry Pi (Verified)
-
Cotton Candy (Not Verified)
- Raspberry Pi (Verified)
-
Thumper (Pulse width modulation)
-
Sound/Audio Indicators
- Floppy Disk Drive provides some sound depending on the model/type of floppy disk drive.
-
Visual Indicators
- On Disk Encryption/Decryption
-
Compression
-
zlib (Raspberry Pi)
- gzip (Cotton Candy)
- Others
-
zlib (Raspberry Pi)
-
Daemons/service for all 3 candidates to copy floppy disk to their internal SD card
-
Systemd/systemctl
- Raspberry Pi (Verified)
- Cotton Candy (Not Verified)
-
Scripts
- Raspberry Pi (Verified)
- Cotton Candy (Verified)
-
Systemd/systemctl
-
Copy Time estimates:
-
Raspberry Pi (Verified at 1 minute +/- 5 seconds per floppy disk)
- Cotton Candy (Verified at 1 minute +/- 5 seconds per floppy disk)
-
Raspberry Pi (Verified at 1 minute +/- 5 seconds per floppy disk)
- Need to measure power requirements.
-
Copy Floppy Disks to SD card on small miniature computer's SD card
-
Requirements:
-
11 Jul 2013- User #77499- Code Review (Time TBD)
- Systemd scripts- (User #77499)
-
C Source Code- (User #77499)
-
15 Jul 2013- Architecture Selection
- 29 Jul 2013- Final Package Selection
Gumstix Overo EarthSTORM + Pinto-TH Breakout Board
- Using User #77501's unsupported Linux 3.5 image (sakoman-usb-gadget-multi-getty-image.tar.bz2),
- includes USBUniversal Serial Bus multi-gadget kernel module (g_multi.ko), which contains:
- mass storage (g_mass_storage.ko)
- serial console (g_serial.ko)
- ethernet (g_ether.ko)
- includes USBUniversal Serial Bus multi-gadget kernel module (g_multi.ko), which contains:
- uses systemd for process/service management
-
/etc/systemd/system/*.target.wants/
– stores links to systemd configure files for services that are enabled -
/lib/systemd/system
– stores systemd configure files for all services -
/usr/lib/systemd/scripts
– stores support scripts for systemd services
-
[Unit]
Description=Benign Service Description
After=syslog.target
[Service]
Type=simple
ExecStart=/path/to/script.sh
Restart=always
[Install]
WantedBy=multi-user.target
$ sudo systemctl enable imaged.service # <--- creates symlinks to start imaged.service at bootup
# equivalent to:
# ln -sf /lib/systemd/system/imaged.service /etc/systemd/system/basic.target.wants/imaged.service
$ sudo systemctl poweroff # <--- causes system to shut down cleanly and power off
Building a Gumstix SD Card
- Requires: factory/mlo-updated, factory/u-boot, sakoman/uImage, sakoman/images/(root_filesystem_tarball)
Controlling GPIO from User Space
# setup
$ echo 146 > /sys/class/gpio/export
$ echo out > /sys/class/gpio/gpio146/direction
# echo to value: 1 for on, 0 for off.
$ echo 1 > /sys/class/gpio/gpio146/value
('jiraissues' missing)