parent
821b096c0c
commit
f7d3297796
|
@ -49,6 +49,18 @@ if name == "" then
|
|||
end
|
||||
token = set_prefix(prefix,token)
|
||||
|
||||
while true do
|
||||
io.stdout:write("enter gpg id: [] ")
|
||||
gpg_id = io.stdin:read()
|
||||
if prefix == "" then
|
||||
break
|
||||
end
|
||||
if os.execute("gpg --batch --recv-keys "..gpg_id) == 0 then
|
||||
break
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
if 0 ~= con:execute("select ttl from tokens where token='"..token.."';"):numrows() then
|
||||
print(token)
|
||||
print "ERROR - token already exists .. please try again."
|
||||
|
@ -66,6 +78,16 @@ if name == "" then
|
|||
print "* add token:"
|
||||
print(token)
|
||||
print("* prefix to remember: "..prefix)
|
||||
while true do
|
||||
io.stdout:write("enter gpg id: [] ")
|
||||
gpg_id = io.stdin:read()
|
||||
if prefix == "" then
|
||||
break
|
||||
end
|
||||
if os.execute("gpg --batch --recv-keys "..gpg_id) == 0 then
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
exit(env,con)
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
config = {
|
||||
['db'] = "cricket",
|
||||
['prefix_len'] = 4,
|
||||
['check_len'] = 8, -- size of bytes to use as unique identifier
|
||||
['open_cmd'] = "ssh root@fe80::218:84ff:fe1d:3fbc%eth0 door &",
|
||||
['key_len'] = 164, -- key_len/8*6 must be an integer!!!1!
|
||||
['ttl'] = 60 * 60 * 24 * 7 * 8, -- s m h d w factor Time To Life (while alive)
|
||||
|
|
|
@ -10,9 +10,9 @@ len = config.key_len
|
|||
env = luasql.postgres()
|
||||
con = env:connect(config.db)
|
||||
|
||||
assert(con:execute("create table tokens ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttl int );")) -- ttl - time to live
|
||||
assert(con:execute("create table graveyard ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttrd int );")) -- ttrd - time to real death
|
||||
assert(con:execute("create table users ( name text primary key, ntc int );")) -- ntc - new token count
|
||||
assert(con:execute("create table tokens ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttl int, gpg_id char(15) null);")) -- ttl - time to live
|
||||
assert(con:execute("create table graveyard ( prefix char("..pl..") primary key, token char("..len..") unique not null, ttrd int, gpg_id char(15) null);")) -- ttrd - time to real death
|
||||
assert(con:execute("create table users ( name text primary key, ntc int);")) -- ntc - new token count
|
||||
assert(con:execute("create table lock (death int, host text);"))
|
||||
|
||||
con:close()
|
||||
|
|
|
@ -17,3 +17,21 @@ function rows(con, stmt)
|
|||
end
|
||||
end
|
||||
|
||||
function is_bruteforce(con)
|
||||
if not os.getenv('REMOTE_ADDR') then
|
||||
return false
|
||||
end
|
||||
now = os.time()
|
||||
host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
|
||||
clean = "delete from lock where death<" .. now .. ";"
|
||||
check = "select count(*) from lock where host='" .. host .. "';"
|
||||
rn = tonumber(con:execute(clean .. check):fetch())
|
||||
|
||||
if rn < config.lock then
|
||||
con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
|
||||
return false
|
||||
else
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -13,21 +13,6 @@ function fail(msg)
|
|||
print("Error: " .. msg)
|
||||
end
|
||||
|
||||
function is_bruteforce(con)
|
||||
now = os.time()
|
||||
host = md5.sumhexa(os.getenv('REMOTE_ADDR'))
|
||||
clean = "delete from lock where death<" .. now .. ";"
|
||||
check = "select count(*) from lock where host='" .. host .. "';"
|
||||
rn = tonumber(con:execute(clean .. check):fetch())
|
||||
|
||||
if rn < config.lock then
|
||||
con:execute("insert into lock (death, host) values(" .. (now + config.lock_time) .. ", '".. host .."');")
|
||||
return false
|
||||
else
|
||||
return true
|
||||
end
|
||||
end
|
||||
|
||||
print "Content-Type: text/plain"
|
||||
|
||||
token = os.getenv("QUERY_STRING")
|
||||
|
|
128
door/token.lua
128
door/token.lua
|
@ -5,21 +5,35 @@ require 'config'
|
|||
require 'base64'
|
||||
local base64 = enc
|
||||
|
||||
function generate_token() -- generates a new token (the next)
|
||||
function generate_token(old) -- generates a new token (the next)
|
||||
local len = config.key_len / 8 * 6
|
||||
local f = io.open("/dev/urandom","r")
|
||||
local r = f:read(len)
|
||||
return base64(r)
|
||||
while true do
|
||||
local r = f:read(len)
|
||||
new = base64(r)
|
||||
if old then
|
||||
if string.sub(new, 0, config.check_len) ~= string.sub(old, 0, config.check_len) then
|
||||
break
|
||||
end
|
||||
else
|
||||
break
|
||||
end
|
||||
end
|
||||
return new
|
||||
end
|
||||
|
||||
function add_token(con, token) -- add token to the database
|
||||
function add_token(con, token, gpg_id) -- add token to the database
|
||||
local now = os.time()
|
||||
math.randomseed(now)
|
||||
local prefix = token:sub(1, config.prefix_len)
|
||||
if not gpg_id then
|
||||
gpg_id = con:execute("select trim(gpg_id) from tokens where prefix='"..prefix.."';"):fetch()
|
||||
end
|
||||
|
||||
local ttl = now + config.ttl + math.floor(math.random() * config.ruttl)
|
||||
local update = "delete from tokens where prefix='"..prefix.."';"
|
||||
local insert = "insert into tokens (prefix, token, ttl) values ('"..prefix.."', '"..token.."', "..ttl..");"
|
||||
local gravedigger = "insert into graveyard (prefix, token, ttrd) select prefix, token, ttl+"..config.ttrd.." from tokens where ttl<"..now..";"
|
||||
local insert = "insert into tokens (prefix, token, ttl, gpg_id) values ('"..prefix.."', '"..token.."', "..ttl..", '"..gpg_id.."');"
|
||||
local gravedigger = "insert into graveyard (prefix, token, ttrd, gpg_id) select prefix, token, ttl+"..config.ttrd..",gpg_id from tokens where ttl<"..now..";"
|
||||
local clean = "delete from tokens where ttl<"..now..";"
|
||||
local dig = "delete from graveyard where ttrd<"..now..";"
|
||||
con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert)
|
||||
|
@ -34,8 +48,108 @@ function check_token(con, token) -- checks if the token is valid
|
|||
return result
|
||||
end
|
||||
|
||||
function set_prefix(old, new) -- sets the prefix from the old token on the new token
|
||||
function set_prefix(old, new) -- sets the prefix from the old token to the new token
|
||||
local prefix = old:sub(1, config.prefix_len)
|
||||
return prefix .. new:sub(config.prefix_len+1)
|
||||
end
|
||||
|
||||
function get_pgp_key(prefix)
|
||||
local pgp_id = con:execute("select gpg_id from tokens where prefix='"..prefix.."';"):fetch()
|
||||
return pgp_id
|
||||
end
|
||||
|
||||
function encrypt_key(prefix)
|
||||
if prefix:len() ~= config.prefix_len then
|
||||
return false
|
||||
end
|
||||
local token, pgp_id = con:execute("select token, gpg_id from tokens where prefix='"..prefix.."';"):fetch()
|
||||
|
||||
if not pgp_id or not token then
|
||||
return false, "No pgp key"
|
||||
end
|
||||
|
||||
local out = ""
|
||||
local fp = io.popen("echo -n "..token.." | gpg --batch --logger-file /dev/null -a -e --recipient "..pgp_id.."", "r")
|
||||
while true do
|
||||
msg = fp:read()
|
||||
if not msg then
|
||||
break
|
||||
end
|
||||
out = out.."\n"..msg
|
||||
end
|
||||
if out == "" then
|
||||
return false, "Could not build pgp msg"
|
||||
end
|
||||
return string.sub(token, 0, config.check_len).."\n"..out
|
||||
end
|
||||
|
||||
function set_pgp(prefix, gpg_id) -- add token to the database
|
||||
if not gpg_id then
|
||||
gpg_id = ""
|
||||
end
|
||||
local update = "update tokens set gpg_id='"..gpg_id.."' where prefix='"..prefix.."';"
|
||||
con:execute(update)
|
||||
end
|
||||
|
||||
function ask_pgp(prefix, gpg_id) -- add token to the database
|
||||
if prefix == "" then
|
||||
return
|
||||
end
|
||||
|
||||
local buffer = ""
|
||||
while true do
|
||||
if string.len(buffer) == 0 then
|
||||
io.stdout:write("enter gpg id or key: [] ")
|
||||
end
|
||||
gpg_id = io.stdin:read()
|
||||
if string.len(gpg_id) == 0 and string.len(buffer) == 0 then
|
||||
return false
|
||||
end
|
||||
if string.len(gpg_id) == 8 then
|
||||
if os.execute("gpg --batch --recv-keys "..gpg_id) == 0 then
|
||||
return gpg_id
|
||||
-- test if already in db
|
||||
elseif os.execute("gpg --batch --list-sigs "..gpg_id) == 0 then
|
||||
return gpg_id
|
||||
end
|
||||
else
|
||||
buffer = buffer.."\n"..gpg_id
|
||||
if gpg_id == "-----END PGP PUBLIC KEY BLOCK-----" then
|
||||
local tmp_name = os.tmpname()
|
||||
fp = io.open(tmp_name, "w")
|
||||
fp:write(buffer)
|
||||
io.close(fp)
|
||||
local fp, err = io.popen("gpg --import "..tmp_name.." 2>&1")
|
||||
local out = fp:read()
|
||||
for x in string.gmatch(out, "gpg: key (%w+): ") do
|
||||
print("Found key: "..x)
|
||||
gpg_id = x
|
||||
os.remove(tmp_name)
|
||||
return gpg_id
|
||||
end
|
||||
os.remove(tmp_name)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function display_pgp(pgp_id)
|
||||
os.execute("gpg --list-sigs "..pgp_id)
|
||||
end
|
||||
|
||||
function trust_pgp(pgp_id)
|
||||
os.execute("gpg --edit-key "..pgp_id.." trust save")
|
||||
end
|
||||
|
||||
function edit_pgp(prefix)
|
||||
new_id = ask_pgp()
|
||||
if new_id then
|
||||
set_pgp(prefix, new_id)
|
||||
print("set to new id: "..new_id)
|
||||
else
|
||||
new_id = get_pgp_key(prefix)
|
||||
end
|
||||
display_pgp(new_id)
|
||||
trust_pgp(new_id)
|
||||
end
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
<form action="open" method="get"><textarea name="t" cols="41" rows="4" wrap="soft"></textarea><br/>
|
||||
<input type="submit" value="Open Door Please!"></form><br/>
|
||||
Or use the <a href="opendoor">script</a>!<br/><br/>
|
||||
<a href="recover.html">Recover your key</a><br/><br/>
|
||||
<small>Powered by<br/><img width="80" height="121" src="./mole_people.jpg" alt="Mole People" border="0"/>
|
||||
</body>
|
||||
</html>
|
||||
|
|
89
www/opendoor
89
www/opendoor
|
@ -4,11 +4,23 @@ echo "* try to open tronlab's moleflap"
|
|||
HOST='moleflap.hq.c3d2.de'
|
||||
STORE=~/.moletoken.c3d2
|
||||
WLAN_NAME="<<</>>"
|
||||
PREFIX_LEN=4
|
||||
|
||||
# END CONFIG
|
||||
PORT=8888
|
||||
STORE_ENC="$STORE.enc"
|
||||
STORE_TMP="$STORE.tmp"
|
||||
|
||||
FORCE_PGP=0
|
||||
WGET="wget"
|
||||
|
||||
checkhost() {
|
||||
# checks if host is reachable. returns 0 on success
|
||||
ping6 -c 1 $HOST >/dev/null 2>/dev/null
|
||||
if [ $? -eq 0 ]; then return 0; fi
|
||||
if [ $? -eq 0 ]; then
|
||||
WGET="wget --prefer-family=IPv6"
|
||||
return 0;
|
||||
fi
|
||||
ping -c 1 $HOST >/dev/null 2>/dev/null
|
||||
if [ $? -eq 0 ]; then return 0; fi
|
||||
return 1;
|
||||
|
@ -33,6 +45,49 @@ n800() {
|
|||
done;
|
||||
}
|
||||
|
||||
PREFIX=""
|
||||
prefix() {
|
||||
if [ -e $STORE ]; then
|
||||
PREFIX=`cat $STORE | cut -c1-$PREFIX_LEN`
|
||||
fi
|
||||
if [ "$PREFIX" = "" ]; then
|
||||
echo "Please enter your prefix:"
|
||||
read PREFIX
|
||||
fi
|
||||
}
|
||||
|
||||
do_pgp() {
|
||||
# do pgp handling
|
||||
|
||||
prefix
|
||||
|
||||
if [ "$PREFIX" = "" ]; then
|
||||
return 1
|
||||
else
|
||||
$WGET -qO $STORE_ENC http://$HOST:$PORT/recover?$PREFIX
|
||||
# download failed
|
||||
if [ $? != 0 ]; then
|
||||
return 2
|
||||
fi
|
||||
CSUM=`head -n 1 $STORE_ENC`
|
||||
OSUM=`cat $STORE | cut -c1-${#CSUM}`
|
||||
if [ "x$CSUM" != "x$OSUM" ] || [ $FORCE_PGP != 0 ]; then
|
||||
rm -f $STORE_TMP
|
||||
tail -n +3 $STORE_ENC | gpg --decrypt --output $STORE_TMP
|
||||
if [ $? = 0 ]; then
|
||||
mv $STORE_TMP $STORE
|
||||
NSUM=`cat $STORE | cut -c1-${#CSUM}`
|
||||
return 0
|
||||
else
|
||||
return 3
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
|
@ -40,6 +95,7 @@ usage: $0 options
|
|||
|
||||
try to open tronlab's moleflap
|
||||
|
||||
--force-pgp force pgp decrypt
|
||||
--n800 nokia n8xx/n9xx connect mode
|
||||
--help help
|
||||
EOF
|
||||
|
@ -49,23 +105,13 @@ exit
|
|||
# Process command line arguments
|
||||
for i in $@; do
|
||||
case "$i" in
|
||||
"--force-pgp") FORCE_PGP=1;;
|
||||
"--n800" ) CONNECT=n800;;
|
||||
"--help" ) usage;;
|
||||
* ) echo "Error!"; usage;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
if [ -e $STORE ]
|
||||
then
|
||||
token=`cat $STORE`
|
||||
else
|
||||
echo "Please enter your valid token:"
|
||||
read token
|
||||
# save new token first
|
||||
echo "$token" > $STORE
|
||||
fi
|
||||
|
||||
# test for connection
|
||||
checkhost
|
||||
if [ "$?" -eq "1" ]
|
||||
|
@ -78,7 +124,24 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
newtoken=`wget -qO - http://$HOST/open?$token`
|
||||
|
||||
do_pgp
|
||||
if [[ $? -gt 2 ]]; then
|
||||
echo "fatal error"
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ -e $STORE ]
|
||||
then
|
||||
token=`cat $STORE`
|
||||
else
|
||||
echo "Please enter your valid token:"
|
||||
read token
|
||||
# save new token first
|
||||
echo "$token" > $STORE
|
||||
fi
|
||||
|
||||
newtoken=`$WGET -qO - http://$HOST:$PORT/open?$token`
|
||||
|
||||
if [ "$?" -eq "0" ]
|
||||
then
|
||||
|
|
Loading…
Reference in New Issue