

Show HN: I made my Raspberry Pi a secret phone homing server - xs
http://www.tunnelsup.com/tup/2013/05/08/raspberry-pi-phoning-home-using-a-reverse-remote-ssh-tunnel

======
mrmekon
These things are fun, and certainly not new. You can buy devkits that already
look quite unobtrusive:
[http://en.wikipedia.org/wiki/SheevaPlug](http://en.wikipedia.org/wiki/SheevaPlug)

The one in this article looks like a fire hazard. I guess that's one way to
cover your tracks :P

~~~
skeletonjelly
Get discovered? Fire off a forkbomb!

------
aseidl
A few suggestions:

SCP'ing the public key directly to ~/.ssh/authorized_keys could overwrite the
file if it already exists. It's better to use 'ssh-copy-id', which takes care
of everything for you. Most distros should have it already.

Autossh can take care of setting up, monitoring, and restarting the tunnels
for you. Arguments are almost exactly the same as ssh, just toss it into your
crontab and have it run @reboot.

~~~
Fuxy
Actually you can write a nice little script that treats autossh like a daemon
and restarts it if it crashes.

I did something like that on Arch linux.

Also it's probably a good idea to give it a user with limited permissions on
the server it's connecting back to so if somebody finds it the can't just use
it to hack your box.

------
benkillin
Setting I2P up on the RPi then setting ssh up to listen on a I2P hidden
service on the RPi would be better than the method shown. That way if the
device is discovered it would be impossible to trace back the actual IP
address of the person connecting to it and an adversary obtaining your ssh key
wont be able to log into any of your servers.

Check out this presentation from DerbyCon about using a cheap NAS to do
something similar:
[http://www.youtube.com/watch?v=dxdm86r26Co](http://www.youtube.com/watch?v=dxdm86r26Co)
Irongeek has a writeup about the same thing here:
[http://www.irongeek.com/i.php?page=security/svartkast-
pogopl...](http://www.irongeek.com/i.php?page=security/svartkast-pogoplug-
dropbox) and some instructions to do it specifically on an RPi:
[http://www.irongeek.com/i.php?page=security/raspberry-
pi-i2p...](http://www.irongeek.com/i.php?page=security/raspberry-
pi-i2p-svartkast)

------
dfc
A tor hidden service with ssh is a great way to set up a reverse tunnel:

[https://www.torproject.org/docs/hidden-
services.html.en](https://www.torproject.org/docs/hidden-services.html.en)

------
riobard
For the purpose of physical drop boxes, there are much better tools than a Pi.
For example this one [http://wiki.openwrt.org/toh/tp-link/tl-
wr703n](http://wiki.openwrt.org/toh/tp-link/tl-wr703n) is cheaper (< $20),
smaller, much more power efficient, and comes with WiFi! Strip the wrapping
plastic box and you can hide it practically anywhere with batteries powering
it for days.

------
jawns
"Now I am on a computer in someone elses network. Woohoo! Now I can do remote
tech support more effectively."

Great line. Now, if only the NSA were as helpful with its remote tech support.

------
lgeek
Is the power adapter board sitting on top of the Pi? They should be separated
by some panel to avoid shortcircuits and/or feeding mains power into it. It
looks like there's enough space too.

~~~
wwwhizz
Some tape would suffice too.

~~~
lgeek
I disagree, tape isn't that reliable for covering larger areas with sharp and
uneven surfaces. Plus, it tends to peel off by itself when heated. Should be
better to just secure the two boards apart from each other at opposite ends of
the case.

~~~
xs
Thanks for the tip! I guess covering my tracks with a fire isn't a good
option.

------
bluetooth
Here's a similar project based on another similar project that's been around
for quite some time: [http://penturalabs.wordpress.com/2013/04/25/blue-for-
the-pin...](http://penturalabs.wordpress.com/2013/04/25/blue-for-the-
pineapple/)

Original project: [http://hakshop.myshopify.com/products/wifi-
pineapple](http://hakshop.myshopify.com/products/wifi-pineapple)

------
brokentone
Cool project, I've thought about doing something similar and bought a gumstix
for roughly this reason before the Pis were out (although power is harder to
figure out on Gumstix).

Slightly ominous line: "I have this plugged into an office somewhere."

------
Morphling
This "attack vector" is relying on the fact that you get physical access to
the targets router/switch, so you can connect to the network and I think
network admins would stop extra PSU in their networking closet pretty fast.

Which started me thinking... What if you would build RPi or similar small
device into a router's casing and made it act like a router on the same time.
Obviously you'd have to have some way of copying configs over from the old box
to the impostor box, but it could be harder to spot since there wouldn't be
any extra hardware.

~~~
DanBC
eh, when you have people sleeping in cupboards and other people hiding laptops
in cupboards I'd say it depends on the network.

([http://www.economist.com/news/obituary/21569674-aaron-
swartz...](http://www.economist.com/news/obituary/21569674-aaron-swartz-
computer-programmer-and-activist-committed-suicide-january-11th-
aged-26-aaron))

------
mey
[http://pwnieexpress.com/products/power-
pwn](http://pwnieexpress.com/products/power-pwn)

------
curiousAl
Nice, now I can read all those memos/meeting reminders from th e comfort of
home.

------
thu
Someone who finds the brick can ssh into his server... that seems weird.

~~~
omh
You should be able to limit the account that it's ssh-ing into so that it's
just used for the tunnel. Or if you're really paranoid, limit the entire thing
to a dedicated virtual machine.

------
fduran
443 is a better outgoing port since https is rarely going to be blocked

------
urza
[https://pagekite.net/](https://pagekite.net/)

------
decauth
The use of physical drop boxes placed behind a firewall is nothing new. There
is in fact a specific Linux distro for the Rasberry Pi targeted at this use
case (see pwnpi.sourceforge.net). It comes packaged with a large suite of
penetration testing tools. While building from scratch is a useful exercise
for engineers, reinventing the wheel does not merit much attention.

~~~
xs
While I use backtrack frequently I found the pwnipi distribution to be lacking
in many things and actually ditched it to complete this project. Perhaps I'll
revisit that distro again when it becomes better.

~~~
voltagex_
What was it missing?

~~~
xs
Some of the programs that it said that were supposed to be installed were not.
Very little documentation exists to get familiar with that distribution.

