-
Notifications
You must be signed in to change notification settings - Fork 50
/
derpherp
executable file
·101 lines (85 loc) · 3.39 KB
/
derpherp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/bin/bash
# -----------------------------------------------------------
# script to checksum certain bytes on a device
# and verify checksum against a flat file from future checks
# *note*: be sure to update $devicelist to your flat file
#
# usage: derpherp /dev/sdb
# -----------------------------------------------------------
devicelist="/root/anti/forensics/devices.txt"
# -----------------------------------------------------------
# iterative fibonacci that starts at third number in sequence
# not recursive b/c it's incredibly slow (lol bash)
# -----------------------------------------------------------
fibbernacci () {
a=0
b=1
sum=0
while read j; do
sum=$((a+b))
a=$b
b=$sum
done < <(seq 0 "${1}")
echo $b
}
# -----------------------------------------------------------
# get serial number of device
# -----------------------------------------------------------
dat_serial () {
serial=$(udevadm info --attribute-walk --name="${1}" | grep -m 1 "ATTRS{serial}" | cut -d '=' -f 3 | sed 's/"//g')
echo $serial
}
# -----------------------------------------------------------
# calculate checksum of specific bytes on device
# update entry in device list flat file
# -----------------------------------------------------------
derpherp () {
# -----------------------------------------------------------
# get number of 512-byte-sized blocks
# create a temporary file to hold the bytes read in
# get serial number of device
# -----------------------------------------------------------
blocksize=$(blockdev --getsz "${1}")
tmpfile="/tmp/"$(dd if=/dev/urandom bs=128 status=noxfer count=1 2> /dev/null | md5sum - | cut -d ' ' -f 1)
serial=$(dat_serial "${1}")
# -----------------------------------------------------------
# define device list file
# and create if it doesn't exist
# -----------------------------------------------------------
devicelist="${2}"
touch "${devicelist}"
# -----------------------------------------------------------
# calculate the 0th through 90th numbers in fibonacci
# the 90th number is the highest before integer overflow
# grab the first two bytes from the corresponding block
# calculate sha512 of the collected bytes and store
# -----------------------------------------------------------
while read j; do
block=$(fibbernacci $j)
if [[ $block -gt $blocksize ]]; then
checksum=$(sha512sum -b "${tmpfile}" | cut -d ' ' -f 1)
listed=$(grep -P "${checksum}\t${serial}" "${devicelist}")
# -----------------------------------------------------------
# the checksum was not found in the flat file
# treat as hostile and fire the lazer
# -----------------------------------------------------------
if [[ -z "${listed}" ]]; then
shoopwhoop "${1}"
fi
break
else
dd if="${1}" bs=1 count=2 skip=$((512*$block)) status=noxfer >> "${tmpfile}" 2> /dev/null
fi
done < <(seq 0 90)
shred -zu "${tmpfile}"
}
# -----------------------------------------------------------
# check for command-line argument
# -----------------------------------------------------------
if [ -z "${1}" ]; then
echo "Usage: $0 <device>"
exit 9001
fi
device=$(echo "${1}" | tr -d "[:digit:]")
derpherp $device $devicelist
exit 0