If you’re the paranoid type, you don’t deny people are watching – you know they are. You encrypt your drives, use SSL-VPN, tor, proxies, and run tails. If not, then you at least care about privacy or have something to hide. This post is for you people.
In the following example, it’s a bit extreme, but it works well.
What I want to go over is how you can wipe the drive at a login screen. At first I thought I could do this best via modifying the desktop manager’s login screen. Problem of course is I would have to do it for every Window manager – KDE, Gnome, Flux, etc. Not only that, Gnome is such a god damn mess of code and headaches that I decided my problem lies not in messing with Stallman’s mess, but to instead go deeper.
How deep? Well Linux authentication is handled by PAM, and has been using PAM for years. Modifying PAM seems like the road to go, so I modified a PAM module ‘pam_nologin’ (/Linux-PAM-1.3.0/modules/pam_nologin/pam_nologin.c) to do my bidding.
In particular, I modified the function ‘perform_check’ and added my own username check:
We’re checking for a particular username within authentication – this means our code will be run no matter what the auth – be it ssh, the login, screen, whatever.
Some of you bored types may notice the Samson Option in there – inside joke. You’ll also see a reference to a function named ‘let_it_burn’. This is the code:
I guess there’s no need to encode the command, but I do this to make it covert-ish. The decoded base64 is
To use this, you will need the source, compile it like normal, and add the following line to /etc/pam.d/login:
What about Phones? What about Android? Everyone has a phone.
As for android, I think the best method of tackling this issue would be to go after either the keyguard, or the fingerprint system. It seems newer phones do the fingerprint system, while older ones are stuck with the keyguard.
After lots of digging, I found the code responsible for fingerprint authentication: FingerprintUnlockController.java.
How about this; Wipe on fingerprint, don’t do shit if done via keyguard?
That could work. On line 143 of this source file, there’s an event we can monitor “public void onFingerprintAcquired()”. From here we could call a method for wiping.
How the hell do you programmatically wipe your android? Thank god for github as some other schmuck has figured it out already.
Small as this code is, we can make it even smaller as these 3 lines will do what we need:
What about Windows? What about Mac and Iphone? What about them? They aint open source so modifying them is more difficult – not impossible though.
I know this blog post was a little different than my usual rigamarole, but I feel like to need to post more often.