├── tools ├── opkg-server │ ├── src │ │ ├── packages │ │ │ └── empty │ │ ├── nginx │ │ │ └── opkg.conf │ │ ├── bin │ │ │ ├── entrypoint.sh │ │ │ └── update_package_list.sh │ │ └── Dockerfile │ ├── .env │ └── docker-compose.yaml ├── raging-rachel │ ├── SftpClient.mf │ ├── jsch-0.1.55.jar │ └── SftpClient.java ├── readme.md └── relaxed-rachel │ ├── Makefile │ └── ftp_client.cpp ├── meta-hackypi ├── recipes-vulnerable │ ├── hefty-howard │ │ ├── files │ │ │ ├── robots.txt │ │ │ ├── spacer.png │ │ │ ├── title.png │ │ │ ├── picture.png │ │ │ ├── index.html │ │ │ ├── disconnected.php │ │ │ ├── index.php │ │ │ └── disconnect.php │ │ └── hefty-howard_1.0.bb │ ├── raging-rachel │ │ ├── files │ │ │ └── file.txt │ │ └── raging-rachel_1.0.bb │ ├── deceived-donald │ │ ├── files │ │ │ ├── src │ │ │ │ ├── memfunctions │ │ │ │ │ ├── memfunctions.h │ │ │ │ │ └── memfunctions.cpp │ │ │ │ ├── CMakeLists.txt │ │ │ │ └── main.cpp │ │ │ └── memlog.service │ │ └── deceived-donald_1.0.bb │ ├── hefty-howard-cli │ │ ├── files │ │ │ ├── CMakeLists.txt │ │ │ └── main.cpp │ │ └── hefty-howard-cli_1.0.bb │ ├── tearful-tanja │ │ ├── files │ │ │ ├── rfcomm.service │ │ │ ├── accept_bt_pin_requests.exp │ │ │ ├── accept_bt_service_requests.exp │ │ │ └── bluetooth.service │ │ └── tearful-tanja_1.0.bb │ ├── moody-maggie │ │ ├── files │ │ │ ├── remote-shell.service │ │ │ └── src │ │ │ │ ├── CMakeLists.txt │ │ │ │ └── bind-shell.cpp │ │ └── moody-maggie_1.0.bb │ ├── relaxed-rachel │ │ ├── files │ │ │ └── ftpserver.service │ │ └── relaxed-rachel_1.0.bb │ └── chatty-charly │ │ ├── files │ │ ├── webserver.service │ │ └── webserver.py │ │ └── chatty-charly_1.0.bb ├── recipes-core │ ├── opkg │ │ └── opkg_%.bbappend │ ├── openssh │ │ └── openssh_%.bbappend │ ├── images │ │ └── hackypi-image.bb │ └── rootfs-expansion │ │ └── rootfs-expansion_1.0.bb ├── conf │ └── layer.conf ├── recipes-example │ └── example │ │ └── example_0.1.bb ├── README └── COPYING.MIT ├── res ├── hackypi_logo.png ├── hackypi_deployment.png ├── hackypi_logo_wide.png └── security_challenge_network_setup.png ├── .gitignore ├── conf ├── bblayers.conf └── local.conf ├── manifest.xml ├── setup.sh ├── LICENSE ├── .github ├── CONTRIBUTING.md ├── CODE_OF_CONDUCT.md └── workflows │ └── main.yml └── readme.md /tools/opkg-server/src/packages/empty: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tools/raging-rachel/SftpClient.mf: -------------------------------------------------------------------------------- 1 | Main-Class: SftpClient 2 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/robots.txt: -------------------------------------------------------------------------------- 1 | Disallow: /index.php -------------------------------------------------------------------------------- /res/hackypi_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/res/hackypi_logo.png -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/raging-rachel/files/file.txt: -------------------------------------------------------------------------------- 1 | And you'll see why 1984 won't be like 1984. -------------------------------------------------------------------------------- /res/hackypi_deployment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/res/hackypi_deployment.png -------------------------------------------------------------------------------- /res/hackypi_logo_wide.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/res/hackypi_logo_wide.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | .idea/ 3 | build/ 4 | meta-openembedded/ 5 | meta-raspberrypi/ 6 | poky/ 7 | .repo/ 8 | -------------------------------------------------------------------------------- /tools/raging-rachel/jsch-0.1.55.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/tools/raging-rachel/jsch-0.1.55.jar -------------------------------------------------------------------------------- /res/security_challenge_network_setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/res/security_challenge_network_setup.png -------------------------------------------------------------------------------- /tools/readme.md: -------------------------------------------------------------------------------- 1 | Subprojects for additional tools are placed here. This includes programs required for challenges which do not run directly on Hacky Pi. -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/spacer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/meta-hackypi/recipes-vulnerable/hefty-howard/files/spacer.png -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/meta-hackypi/recipes-vulnerable/hefty-howard/files/title.png -------------------------------------------------------------------------------- /meta-hackypi/recipes-core/opkg/opkg_%.bbappend: -------------------------------------------------------------------------------- 1 | do_install:append(){ 2 | echo 'src/gz hackypackages http://192.168.1.11:8080' >> ${D}${sysconfdir}/opkg/opkg.conf 3 | } 4 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/picture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nimarty/hackypi/HEAD/meta-hackypi/recipes-vulnerable/hefty-howard/files/picture.png -------------------------------------------------------------------------------- /tools/opkg-server/src/nginx/opkg.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | server_name localhost; 4 | root /packages/; 5 | autoindex on; 6 | location / { 7 | autoindex on; 8 | } 9 | } -------------------------------------------------------------------------------- /tools/relaxed-rachel/Makefile: -------------------------------------------------------------------------------- 1 | CXX = g++ 2 | CXXFLAGS = -Wall -Wextra 3 | 4 | all: ftp_client.cpp 5 | mkdir -p build 6 | $(CXX) $(CXXFLAGS) -o build/ftp_client ftp_client.cpp 7 | 8 | clean: 9 | $(RM) build/ftp_client 10 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/files/src/memfunctions/memfunctions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | namespace MemFunctions { 4 | 5 | void process_mem_usage(double& vm_usage, double& resident_set); 6 | 7 | long system_mem_free(); 8 | } -------------------------------------------------------------------------------- /meta-hackypi/recipes-core/openssh/openssh_%.bbappend: -------------------------------------------------------------------------------- 1 | do_install:append(){ 2 | # allow root user login via ssh 3 | echo 'PermitRootLogin yes' >> ${D}${sysconfdir}/ssh/sshd_config 4 | echo 'AllowUsers root' >> ${D}${sysconfdir}/ssh/sshd_config 5 | } 6 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard-cli/files/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 1.9) 2 | project (hems_cli) 3 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-stack-protector -z execstack") 4 | add_executable(hems_cli main.cpp) 5 | install(TARGETS hems_cli RUNTIME DESTINATION bin) 6 | 7 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/tearful-tanja/files/rfcomm.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=RFCOMM service 3 | After=bluetooth.service 4 | Requires=bluetooth.service 5 | 6 | [Service] 7 | ExecStart=/usr/bin/rfcomm watch hci0 1 setsid /sbin/agetty -L rfcomm0 115200 vt100 -a pi 8 | 9 | [Install] 10 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/moody-maggie/files/remote-shell.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Create a bind shell restricted to localhost 3 | After=network.target 4 | 5 | [Service] 6 | ExecStart=/usr/bin/moody-maggie 7 | ExecStop=/usr/bin/killall moody-maggie 8 | Restart=on-failure 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/relaxed-rachel/files/ftpserver.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Simple FTP server 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart=/usr/sbin/pure-ftpd 8 | ExecStop=/usr/bin/killall pure-ftpd 9 | PIDFile=/var/run/pure-ftpd.pid 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /tools/opkg-server/.env: -------------------------------------------------------------------------------- 1 | # docker image version to use 2 | VERSION_TAG=latest 3 | 4 | # Port of the OPKG Web Service 5 | PORT=8080 6 | 7 | # can be either "internal" or "external" 8 | COMPOSE_PROFILES=external 9 | 10 | # Package dir is only relevant if COMPOSE_PROFILES is "external" 11 | PACKAGE_DIR=../../../build/tmp/deploy/ipk/cortexa7t2hf-neon-vfpv4/ 12 | 13 | -------------------------------------------------------------------------------- /tools/opkg-server/src/bin/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ $1 = "develop" ]; then 4 | echo "update package list..." 5 | /usr/bin/update_package_list.sh 6 | echo "start crond..." 7 | /usr/sbin/crond -f -l 8 & 8 | fi 9 | 10 | echo "start nginx..." 11 | # call entrypoint from nginx:alpine 12 | exec /docker-entrypoint.sh "nginx" "-g" "daemon off;" 13 | 14 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/moody-maggie/files/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.12) 2 | 3 | project(moody-maggie VERSION 1.0 LANGUAGES CXX) 4 | 5 | set(CMAKE_CXX_STANDARD 11) 6 | set(CMAKE_CXX_STANDARD_REQUIRED True) 7 | 8 | add_executable(${PROJECT_NAME} bind-shell.cpp) 9 | 10 | target_compile_options(${PROJECT_NAME} PRIVATE -Wall -Wextra) 11 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/chatty-charly/files/webserver.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Webserver 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=webserveruser 8 | ExecStart=/usr/bin/python3 /opt/webserver/webserver.py 9 | PIDFile=/var/run/webserverapp.pid 10 | ExecStop=/bin/kill -9 $MAINPID 11 | Restart=on-failure 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/files/memlog.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Memlog 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | User=root 8 | ExecStart=/usr/bin/memlog c 30000 9 | StandardOutput=file:/var/log/memlog.log 10 | PIDFile=/var/run/memlog.pid 11 | ExecStop=/bin/kill -9 $MAINPID 12 | Restart=on-failure 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/tearful-tanja/files/accept_bt_pin_requests.exp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/expect -f 2 | 3 | set timeout 55 4 | 5 | spawn bluetoothctl 6 | 7 | expect { 8 | "Confirm passkey " { 9 | send "yes\r" 10 | } timeout { 11 | puts "Timeout while waiting for PIN code prompt" 12 | exit 1 13 | } 14 | } 15 | 16 | expect "#" 17 | send "quit\r" 18 | 19 | expect eof 20 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/tearful-tanja/files/accept_bt_service_requests.exp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/expect -f 2 | 3 | set timeout 55 4 | 5 | spawn bluetoothctl 6 | 7 | expect { 8 | -re "Authorize service .*" { 9 | send "yes\r" 10 | } timeout { 11 | puts "Timeout while waiting for service authorization prompt" 12 | exit 1 13 | } 14 | } 15 | 16 | expect "#" 17 | send "quit\r" 18 | 19 | expect eof 20 | -------------------------------------------------------------------------------- /meta-hackypi/conf/layer.conf: -------------------------------------------------------------------------------- 1 | # We have a conf and classes directory, add to BBPATH 2 | BBPATH .= ":${LAYERDIR}" 3 | 4 | # We have recipes-* directories, add to BBFILES 5 | BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ 6 | ${LAYERDIR}/recipes-*/*/*.bbappend" 7 | 8 | BBFILE_COLLECTIONS += "meta-hackypi" 9 | BBFILE_PATTERN_meta-hackypi = "^${LAYERDIR}/" 10 | BBFILE_PRIORITY_meta-hackypi = "11" 11 | 12 | LAYERDEPENDS_meta-hackypi = "core" 13 | LAYERSERIES_COMPAT_meta-hackypi = "kirkstone" 14 | -------------------------------------------------------------------------------- /tools/opkg-server/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.9' 2 | services: 3 | opkg-server-external-packages: 4 | image: ghcr.io/nimarty/hackypackages-server:${VERSION_TAG} 5 | volumes: 6 | - ${PACKAGE_DIR}:/packages 7 | command: 8 | - develop 9 | ports: 10 | - ${PORT}:80 11 | restart: always 12 | profiles: 13 | - external 14 | opkg-server-internal-packages: 15 | image: ghcr.io/nimarty/hackypackages-server:${VERSION_TAG} 16 | ports: 17 | - ${PORT}:80 18 | restart: always 19 | profiles: 20 | - internal 21 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-example/example/example_0.1.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "bitbake-layers recipe" 2 | DESCRIPTION = "Recipe created by bitbake-layers" 3 | LICENSE = "MIT" 4 | 5 | python do_display_banner() { 6 | bb.plain("***********************************************"); 7 | bb.plain("* *"); 8 | bb.plain("* Example recipe created by bitbake-layers *"); 9 | bb.plain("* *"); 10 | bb.plain("***********************************************"); 11 | } 12 | 13 | addtask display_banner before do_build 14 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/files/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | 3 | project(memlog) 4 | 5 | set(CMAKE_CXX_STANDARD 17) 6 | 7 | add_library(memfunctions SHARED 8 | memfunctions/memfunctions.cpp 9 | memfunctions/memfunctions.h 10 | ) 11 | 12 | target_include_directories(memfunctions PUBLIC memfunctions) 13 | 14 | set_target_properties(memfunctions PROPERTIES VERSION 1.0.0 SOVERSION 1) 15 | 16 | add_executable(memlog main.cpp) 17 | 18 | target_link_libraries(memlog PRIVATE memfunctions pthread) 19 | 20 | 21 | install(TARGETS memlog DESTINATION /usr/bin) 22 | install(TARGETS memfunctions DESTINATION /usr/lib) -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/tearful-tanja/files/bluetooth.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Bluetooth service 3 | Documentation=man:bluetoothd(8) 4 | ConditionPathIsDirectory=/sys/class/bluetooth 5 | 6 | [Service] 7 | Type=dbus 8 | BusName=org.bluez 9 | ExecStart=/usr/libexec/bluetooth/bluetoothd -C 10 | ExecStartPost=/usr/bin/sdptool add SP 11 | ExecStartPost=/usr/bin/hciconfig hci0 piscan 12 | NotifyAccess=main 13 | #WatchdogSec=10 14 | #Restart=on-failure 15 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 16 | LimitNPROC=1 17 | ProtectHome=true 18 | ProtectSystem=full 19 | 20 | [Install] 21 | WantedBy=bluetooth.target 22 | Alias=dbus-org.bluez.service 23 | -------------------------------------------------------------------------------- /tools/opkg-server/src/bin/update_package_list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -z "$1" ]; then 4 | PACKAGE_DIR=/packages 5 | else 6 | PACKAGE_DIR=$1 7 | fi 8 | 9 | if [ -d "${PACKAGE_DIR}" ]; then 10 | echo "Cleanup packages dir \"${PACKAGE_DIR}\"" 11 | cd "${PACKAGE_DIR}" 12 | rm -f Packages.new.stamps 13 | rm -f Packages.new.gz 14 | rm -f Packages.new 15 | 16 | echo "Update package list" 17 | /usr/bin/opkg-utils/opkg-make-index -p Packages.new . 18 | mv Packages.new Packages 19 | mv Packages.new.gz Packages.gz 20 | mv Packages.new.stamps Packages.stamps 21 | 22 | echo "Update packages access permissions" 23 | chmod -R 755 "${PACKAGE_DIR}" 24 | else 25 | echo "invalid package dir \"${PACKAGE_DIR}\"" 26 | exit 1 27 | fi 28 | 29 | -------------------------------------------------------------------------------- /conf/bblayers.conf: -------------------------------------------------------------------------------- 1 | # POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf 2 | # changes incompatibly 3 | POKY_BBLAYERS_CONF_VERSION = "2" 4 | 5 | 6 | YOCTOROOT = "${@os.path.abspath(os.path.join("${TOPDIR}", os.pardir))}" 7 | 8 | BBPATH = "${TOPDIR}" 9 | BBFILES ?= "" 10 | 11 | BBLAYERS ?= " \ 12 | ${YOCTOROOT}/poky/meta \ 13 | ${YOCTOROOT}/poky/meta-poky \ 14 | ${YOCTOROOT}/poky/meta-yocto-bsp \ 15 | ${YOCTOROOT}/meta-raspberrypi \ 16 | ${YOCTOROOT}/meta-openembedded/meta-oe \ 17 | ${YOCTOROOT}/meta-openembedded/meta-multimedia \ 18 | ${YOCTOROOT}/meta-openembedded/meta-networking \ 19 | ${YOCTOROOT}/meta-openembedded/meta-webserver \ 20 | ${YOCTOROOT}/meta-openembedded/meta-python \ 21 | ${YOCTOROOT}/meta-hackypi \ 22 | " 23 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-core/images/hackypi-image.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "hackypi image with vulnerabilities to exploit" 2 | IMAGE_LINGUAS = " " 3 | LICENSE = "MIT" 4 | 5 | inherit core-image extrausers 6 | 7 | # enable sd card image build 8 | IMAGE_FSTYPES = "tar.xz ext3 rpi-sdimg" 9 | 10 | # from core-minimal-image 11 | IMAGE_ROOTFS_SIZE ?= "8192" 12 | 13 | # add features, packages and users 14 | EXTRA_IMAGE_FEATURES = " \ 15 | ssh-server-openssh \ 16 | package-management \ 17 | " 18 | 19 | IMAGE_INSTALL = " \ 20 | packagegroup-core-boot \ 21 | dhcpcd \ 22 | opkg \ 23 | rootfs-expansion \ 24 | ${CORE_IMAGE_EXTRA_INSTALL} \ 25 | " 26 | 27 | EXTRA_USERS_PARAMS = " \ 28 | usermod -p '\$5\$qV9csjHmjb74QXWC\$TzaiyMYYAeQqJTd1/kESezOXT.1huQxwtx3DVhbtYJC' root; \ 29 | " 30 | -------------------------------------------------------------------------------- /manifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 7 | 11 | 15 | 16 | 17 | 19 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # general config 4 | PROJECT_PATH="$PWD" 5 | 6 | # install dependencies 7 | sudo apt install -y -qq file zstd lz4 bc build-essential chrpath cpio diffstat gawk git texinfo wget python3-distutils chrpath diffstat repo || exit 1 8 | 9 | # checkout meta-layers 10 | repo init -q --depth 10 -m manifest.xml https://github.com/nimarty/hackypi || exit 1 11 | cp -rf manifest.xml .repo/ || exit 1 # overwrite with local manifest 12 | repo sync || exit 1 13 | 14 | # init build 15 | source poky/oe-init-build-env &> /dev/null || exit 1 16 | 17 | # overwrite auto generated config with own config 18 | pushd $PROJECT_PATH &> /dev/null 19 | cp -rf conf/local.conf build/conf/local.conf || exit 1 20 | cp -rf conf/bblayers.conf build/conf/bblayers.conf || exit 1 21 | popd &> /dev/null 22 | 23 | 24 | # build minimal image 25 | # bitbake core-image-minimal 26 | -------------------------------------------------------------------------------- /tools/opkg-server/src/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:1.23.2-alpine 2 | 3 | LABEL org.opencontainers.image.source=https://github.com/nimarty/hackypi 4 | LABEL org.opencontainers.image.description="OPKG Server" 5 | LABEL org.opencontainers.image.licenses=MIT 6 | 7 | ARG PACKAGE_DIR 8 | ARG OPKG_VERSION=0.5.0 9 | 10 | RUN apk update && \ 11 | apk add git python3 12 | 13 | RUN rm /etc/nginx/conf.d/default.conf 14 | COPY nginx/. /etc/nginx/conf.d/ 15 | 16 | COPY bin/ /usr/bin/. 17 | COPY ${PACKAGE_DIR} /packages/ 18 | 19 | RUN git clone --depth 1 -b ${OPKG_VERSION} --single-branch \ 20 | -c advice.detachedHead=false \ 21 | https://git.yoctoproject.org/git/opkg-utils /usr/bin/opkg-utils && \ 22 | rm -rf /usr/bin/opkg-utils/tests 23 | 24 | RUN /usr/bin/update_package_list.sh 25 | RUN (crontab -l ; echo "* * * * * update_package_list.sh") | sort | uniq | crontab - 26 | 27 | ENTRYPOINT [ "entrypoint.sh" ] 28 | 29 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-core/rootfs-expansion/rootfs-expansion_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "RootFS Expansion" 2 | DESCRIPTION = "Expands root filesystem to available space on SD card" 3 | LICENSE = "CLOSED" 4 | LIC_FILES_CHKSUM = "" 5 | 6 | ALLOW_EMPTY:${PN} = "1" 7 | 8 | RDEPENDS:${PN} = " \ 9 | e2fsprogs-resize2fs \ 10 | parted \ 11 | " 12 | 13 | pkg_postinst_ontarget:${PN}() { 14 | #!/bin/sh 15 | { 16 | # delete 2nd partition 17 | echo "d"; 18 | echo "2"; 19 | 20 | # create 2nd partition with full size 21 | echo "n"; 22 | echo "p"; 23 | echo "2"; 24 | echo "106496"; # start block after boot partition 25 | echo ""; # last available block by default 26 | 27 | echo "w"; # write new table 28 | } | fdisk /dev/mmcblk0 || true # suppress warning that stops script immediately 29 | 30 | partprobe 31 | resize2fs /dev/mmcblk0p2 32 | 33 | exit 0 34 | } 35 | -------------------------------------------------------------------------------- /meta-hackypi/README: -------------------------------------------------------------------------------- 1 | This README file contains information on the contents of the meta-hackypi layer. 2 | 3 | Please see the corresponding sections below for details. 4 | 5 | Dependencies 6 | ============ 7 | 8 | URI: 9 | branch: 10 | 11 | URI: 12 | branch: 13 | 14 | . 15 | . 16 | . 17 | 18 | Patches 19 | ======= 20 | 21 | Please submit any patches against the meta-hackypi layer to the xxxx mailing list (xxxx@zzzz.org) 22 | and cc: the maintainer: 23 | 24 | Maintainer: XXX YYYYYY 25 | 26 | Table of Contents 27 | ================= 28 | 29 | I. Adding the meta-hackypi layer to your build 30 | II. Misc 31 | 32 | 33 | I. Adding the meta-hackypi layer to your build 34 | ================================================= 35 | 36 | Run 'bitbake-layers add-layer meta-hackypi' 37 | 38 | II. Misc 39 | ======== 40 | 41 | --- replace with specific information about the meta-hackypi layer --- 42 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Home energy management system 4.0 6 | 7 | 8 |
9 | 10 | 11 | 12 | 14 | 15 | 16 | 17 | 24 | 25 |
18 |

19 |
20 | Web interface disabled 21 |
22 |

23 |
26 |
27 | 28 | -------------------------------------------------------------------------------- /meta-hackypi/COPYING.MIT: -------------------------------------------------------------------------------- 1 | Permission is hereby granted, free of charge, to any person obtaining a copy 2 | of this software and associated documentation files (the "Software"), to deal 3 | in the Software without restriction, including without limitation the rights 4 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 5 | copies of the Software, and to permit persons to whom the Software is 6 | furnished to do so, subject to the following conditions: 7 | 8 | The above copyright notice and this permission notice shall be included in 9 | all copies or substantial portions of the Software. 10 | 11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 12 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 14 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 15 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 16 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 17 | THE SOFTWARE. 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Zuehlke, Nicolas Marty 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/files/src/main.cpp: -------------------------------------------------------------------------------- 1 | #include "memfunctions.h" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #define MS_MIN 5000 12 | 13 | using namespace std::chrono_literals; 14 | 15 | void logFreeMem(long value) { 16 | std::time_t result = std::time(nullptr); 17 | std::cout << result << " " << value << std::endl; 18 | } 19 | 20 | bool strToInt(char* str, int& result) { 21 | char* p; 22 | errno = 0; // not 'int errno', because the '#include' already defined it 23 | long arg = strtol(str, &p, 10); 24 | if (*p != '\0' || errno != 0) { 25 | return false; 26 | } 27 | if (arg < MS_MIN || arg > INT_MAX) { 28 | return false; 29 | } 30 | result = static_cast(arg); 31 | return true; 32 | } 33 | 34 | int main(int argc, char *argv[]) 35 | { 36 | if(argc == 3 && strcmp(argv[1],"c") == 0) { 37 | int ms = 0; 38 | if(!strToInt(argv[2], ms)) { 39 | return 1; 40 | } 41 | for(;;) { 42 | long value = MemFunctions::system_mem_free(); 43 | logFreeMem(value); 44 | std::this_thread::sleep_for(std::chrono::milliseconds(ms)); 45 | } 46 | } 47 | else if(argc == 2) { 48 | return 1; 49 | } 50 | else { 51 | long value = MemFunctions::system_mem_free(); 52 | logFreeMem(value); 53 | } 54 | return 0; 55 | } 56 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/raging-rachel/raging-rachel_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "Raging Rachel challenge" 2 | DESCRIPTION = "Package installing a simple SFTP server" 3 | LICENSE = "MIT" 4 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" 5 | 6 | inherit pkgconfig systemd 7 | 8 | SRC_URI = " \ 9 | file://file.txt \ 10 | " 11 | 12 | do_install () { 13 | install -d ${D}/home/rachel 14 | install -m 0755 ${WORKDIR}/file.txt ${D}/home/rachel/ 15 | } 16 | 17 | pkg_postinst:${PN}() { 18 | 19 | # add new user and its files 20 | echo "[x] Add user files" 21 | groupadd -f ftp 22 | useradd -p '$6$hackypi123$kQfLoTMoKoxglxUZ.S6HbsmnIj/gb/MGNap/gjiW1d.XlVZOMaKkHH5p1FlMJXgAa2Z/XaRA7R6t9tURSSBBt/' \ 23 | -g ftp rachel 24 | echo "And you'll see why 1984 won't be like 1984." > /home/rachel/file.txt 25 | mkdir -m 500 /home/rachel/treasure 26 | echo "1984 Apple ad" > /home/rachel/treasure/secret 27 | chown -R rachel:ftp /home/rachel/ 28 | chmod 660 /home/rachel/file.txt 29 | chmod 400 /home/rachel/treasure/secret 30 | echo 'AllowUsers rachel' >> /etc/ssh/sshd_config 31 | /etc/init.d/sshd restart 32 | } 33 | 34 | pkg_postrm:${PN}() { 35 | # remove user and its files 36 | echo "[x] Delete user files" 37 | userdel -fr rachel 38 | groupdel -f ftp 39 | sed -i '/AllowUsers rachel/d' /etc/ssh/sshd_config 40 | /etc/init.d/sshd restart 41 | } 42 | 43 | FILES:${PN} += " \ 44 | /home/rachel \ 45 | " 46 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/relaxed-rachel/relaxed-rachel_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "Relaxed Rachel challenge" 2 | DESCRIPTION = "Package installing a simple FTP server" 3 | LICENSE = "CLOSED" 4 | LIC_FILES_CHKSUM = "" 5 | 6 | inherit pkgconfig systemd 7 | 8 | SRC_URI = " \ 9 | file://ftpserver.service \ 10 | " 11 | 12 | RDEPENDS:${PN} = " \ 13 | pure-ftpd \ 14 | " 15 | 16 | do_install() { 17 | # install systemd service 18 | install -d ${D}/${systemd_unitdir}/system 19 | install -m 0755 ${WORKDIR}/ftpserver.service ${D}/${systemd_unitdir}/system 20 | } 21 | 22 | pkg_postinst:${PN}() { 23 | # add new user and its files 24 | groupadd ftp 25 | useradd -p "\$6\$bfnJZ/LB\$6kMYSmH0qtx6ZJ6sR4cRBdjDNEOcf9X1ebF2kL6jM2KQusayRNcCXhNbYrio.LFYGUXIpA4n4TqpZPhc3PyVw1" \ 26 | -g ftp rachel 27 | echo "Hack me if you can!" > /home/rachel/file.txt 28 | mkdir -m 500 /home/rachel/treasure 29 | echo "MY SECRET" > /home/rachel/treasure/secret 30 | chown -R rachel:ftp /home/rachel/ 31 | chmod 660 /home/rachel/file.txt 32 | chmod 400 /home/rachel/treasure/secret 33 | systemctl daemon-reload 34 | systemctl start ftpserver 35 | } 36 | 37 | pkg_postrm:${PN}() { 38 | # remove user and its files 39 | userdel -fr rachel 40 | groupdel -f ftp 41 | systemctl daemon-reload 42 | systemctl stop ftpserver 43 | rm -f /lib/systemd/system/ftpserver.service 44 | systemctl daemon-reload 45 | } 46 | 47 | FILES:${PN} = " \ 48 | ${systemd_unitdir}/system/* \ 49 | " 50 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/moody-maggie/files/src/bind-shell.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | 10 | const uint16_t TCP_PORT = 1818; 11 | 12 | 13 | int main(int argc, char **argv) { 14 | (void)argc; 15 | (void)argv; 16 | 17 | int hostSocket = -1; 18 | int clientSocket = -1; 19 | struct sockaddr_in socketAddress = {}; 20 | 21 | if ((hostSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) { 22 | std::cerr << "Socket creation failed!" << std::endl; 23 | return 1; 24 | } 25 | 26 | socketAddress.sin_family = AF_INET; 27 | socketAddress.sin_port = htons(TCP_PORT); 28 | socketAddress.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 29 | 30 | if (bind(hostSocket, reinterpret_cast(&socketAddress), sizeof(socketAddress)) < 0) { 31 | std::cerr << "Assigning name to socket failed!" << std::endl; 32 | return 1; 33 | } 34 | 35 | listen(hostSocket, 2); 36 | 37 | clientSocket = accept(hostSocket, nullptr, nullptr); 38 | 39 | for (int i = 0; i < 3; i++) { 40 | dup2(clientSocket, i); 41 | } 42 | 43 | char* command = const_cast("/bin/sh"); 44 | char* arguments[] = {command, const_cast("-i"), nullptr}; 45 | 46 | if (execve(command, arguments, nullptr) < 0) { 47 | std::cerr << "Executing shell failed with error code " << errno << std::endl; 48 | } 49 | 50 | close(hostSocket); 51 | 52 | return 0; 53 | } 54 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/chatty-charly/files/webserver.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import time 4 | 5 | from flask import Flask, request, url_for 6 | from flask_restful import Resource, Api, reqparse 7 | from flask import jsonify, make_response, render_template 8 | 9 | from subprocess import PIPE, run 10 | 11 | print("""REST server providing system logs. 12 | 13 | Press Ctrl+C to exit 14 | 15 | """) 16 | 17 | 18 | app = Flask(__name__) 19 | api = Api(app) 20 | 21 | class Logs(Resource): 22 | def get(self): 23 | headers = {'Content-Type': 'text/plain'} 24 | parser = reqparse.RequestParser() 25 | parser.add_argument('filepath', type=str, required=True, location='args', 26 | help="filepath cannot be blank!") 27 | params = parser.parse_args() 28 | command = ['cat', params['filepath']] 29 | result = run(command, stdout=PIPE, stderr=PIPE, universal_newlines=True) 30 | if not result.stderr: 31 | return make_response(result.stdout, 200, headers) 32 | else: 33 | return make_response(result.stderr, 400, headers) 34 | 35 | class Index(Resource): 36 | def get(self): 37 | headers = {'Content-Type': 'text/html'} 38 | # render_template('index.html') 39 | logsurl = url_for('logs', _external=True) 40 | logsurl += '?filepath=/var/log/messages' 41 | html = '

Logserver

Show Logs'.format(logsurl) 42 | return make_response(html, 200, headers) 43 | 44 | api.add_resource(Logs, '/logs') # Route_1 45 | api.add_resource(Index, '/') 46 | 47 | if __name__ == '__main__': 48 | app.run(port='8088', host='0.0.0.0') 49 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/deceived-donald_1.0.bb: -------------------------------------------------------------------------------- 1 | LICENSE = "CLOSED" 2 | LIC_FILES_CHKSUM = "" 3 | 4 | inherit pkgconfig systemd cmake 5 | 6 | SRC_URI = " \ 7 | file://memlog.service \ 8 | file://src/ \ 9 | " 10 | 11 | S = "${WORKDIR}/src" 12 | 13 | do_install () { 14 | # install application 15 | cmake_do_install 16 | 17 | # install systemd service 18 | install -d ${D}/${systemd_unitdir}/system 19 | install -m 0755 ${WORKDIR}/memlog.service ${D}/${systemd_unitdir}/system 20 | 21 | # modify access rights to lib 22 | chmod 777 ${D}${base_prefix}/usr/lib/libmemfunctions.so.1.0.0 23 | } 24 | 25 | pkg_postinst:${PN} () { 26 | #password is "hacky", created with command "openssl passwd" 27 | useradd -p '$1$IebNOasl$pmPilB8C2b3wuax1tkha7/' donald 28 | printf 'It does not matter how slowly you go so long as you do not stop.\n - Confucius\n' > /home/donald/treasure 29 | chown root /home/donald/treasure 30 | chmod 600 /home/donald/treasure 31 | echo 'AllowUsers donald' >> /etc/ssh/sshd_config 32 | /etc/init.d/sshd restart 33 | systemctl daemon-reload 34 | systemctl start memlog 35 | } 36 | 37 | pkg_postrm:${PN} () { 38 | userdel -f donald 39 | rm -rf /home/donald 40 | sed -i '/AllowUsers donald/d' /etc/ssh/sshd_config 41 | /etc/init.d/sshd restart 42 | systemctl daemon-reload 43 | systemctl stop memlog 44 | rm -f /lib/systemd/system/memlog.service 45 | systemctl daemon-reload 46 | } 47 | 48 | RDEPENDS:${PN} = " \ 49 | ldd \ 50 | " 51 | 52 | FILES:${PN} = " \ 53 | ${base_prefix}/usr/bin/* \ 54 | ${base_prefix}/usr/lib/* \ 55 | ${systemd_unitdir}/system/* \ 56 | " 57 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard-cli/hefty-howard-cli_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "Command line tool to manage HEMS from the terminal" 2 | LICENSE = "CLOSED" 3 | LIC_FILE_CHMSUM = "" 4 | 5 | SRC_URI = "\ 6 | file://CMakeLists.txt \ 7 | file://main.cpp \ 8 | " 9 | 10 | S = "${WORKDIR}" 11 | 12 | inherit cmake pkgconfig 13 | 14 | EXTRA_OECMAKE = "" 15 | 16 | pkg_postinst:${PN} () { 17 | # Add new user with name 'service' 18 | useradd -p "\$6\$HUpwgjNWFh9bIDK\$DYpDI7MWK9Rf2fWKzMQzYieqGJWrTDWnOLr.zRpOkhwbpxycIRjy/G5NNnwhZOjxZsw7Wd2KYOj7.hdDKpqPG0" service 19 | 20 | # And allow ssh login for user 'service' 21 | sed -i "s/AllowUsers root/AllowUsers root service/" /etc/ssh/sshd_config 22 | /etc/init.d/sshd restart 23 | 24 | # Set the sticky bit for the HEMS CLI to allow user 'service' to execute 25 | # it as root 26 | chmod u+s /usr/bin/hems_cli 27 | 28 | # Ease the buffer overflow by turning off ASLR 29 | echo "kernel.randomize_va_space = 0" >> /etc/sysctl.conf 30 | sysctl -p /etc/sysctl.conf 31 | 32 | # Set the PIN for the HEMS tools 33 | echo 3455 > /etc/hems 34 | chmod 640 /etc/hems 35 | chown nobody:nogroup /etc/hems 36 | 37 | # Set the flag to be read by the exploit 38 | echo 4711 > /etc/flag 39 | chmod 640 /etc/flag 40 | } 41 | 42 | pkg_postrm:${PN} () { 43 | rm /etc/flag 44 | 45 | rm /etc/hems 46 | 47 | sed -i "/kernel.randomize_va_space = 0/d" /etc/sysctl.conf 48 | sysctl -p /etc/sysctl.conf 49 | 50 | sed -i "s/AllowUsers root service/AllowUsers root/" /etc/ssh/sshd_config 51 | /etc/init.d/sshd restart 52 | 53 | userdel -r service 54 | } 55 | 56 | RDEPENDS:${PN} = " \ 57 | gdb \ 58 | " 59 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/chatty-charly/chatty-charly_1.0.bb: -------------------------------------------------------------------------------- 1 | LICENSE = "CLOSED" 2 | LIC_FILES_CHKSUM = "" 3 | 4 | inherit pkgconfig systemd 5 | 6 | SRC_URI = " \ 7 | file://webserver.py \ 8 | file://webserver.service \ 9 | " 10 | 11 | do_install () { 12 | # install application 13 | install -d ${D}${base_prefix}/opt/webserver/ 14 | install -m 0755 ${WORKDIR}/webserver.py ${D}${base_prefix}/opt/webserver/ 15 | 16 | # install systemd service 17 | install -d ${D}/${systemd_unitdir}/system 18 | install -m 0644 ${WORKDIR}/webserver.service ${D}/${systemd_unitdir}/system 19 | } 20 | 21 | pkg_postinst:${PN} () { 22 | useradd webserveruser 23 | chmod a+r /etc/shadow 24 | useradd -p \$1\$5sGNjVOx\$uUu/JAD6cZx/gcMoHt5bb. hacky 25 | echo 'the_secret' > /home/hacky/treasure 26 | chown hacky /home/hacky/treasure 27 | chmod 600 /home/hacky/treasure 28 | echo 'AllowUsers hacky' >> /etc/ssh/sshd_config 29 | /etc/init.d/sshd restart 30 | systemctl daemon-reload 31 | systemctl start webserver 32 | } 33 | 34 | pkg_postrm:${PN} () { 35 | chmod 400 /etc/shadow 36 | userdel -f webserveruser 37 | rm -rf /home/webserveruser 38 | userdel -f hacky 39 | rm -rf /home/hacky 40 | sed -i '/AllowUsers hacky/d' /etc/ssh/sshd_config 41 | /etc/init.d/sshd restart 42 | systemctl daemon-reload 43 | systemctl stop webserver 44 | rm -f /lib/systemd/system/webserver.service 45 | systemctl daemon-reload 46 | } 47 | 48 | RDEPENDS:${PN} = " \ 49 | python3-flask \ 50 | python3-flask-restful \ 51 | python3-six \ 52 | " 53 | 54 | FILES:${PN} = " \ 55 | ${base_prefix}/opt/webserver/* \ 56 | ${systemd_unitdir}/system/* \ 57 | " 58 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/moody-maggie/moody-maggie_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "Moody Maggie challenge" 2 | DESCRIPTION = "Easy to crack SSH user with mysterious access to root shell" 3 | LICENSE = "CLOSED" 4 | LIC_FILES_CHKSUM = "" 5 | 6 | RDEPENDS:${PN} = "netcat" 7 | 8 | inherit cmake systemd 9 | 10 | SRC_URI = " \ 11 | file://src/ \ 12 | file://remote-shell.service \ 13 | file://linpeas.sh \ 14 | " 15 | 16 | S = "${WORKDIR}/src" 17 | 18 | FILES:${PN} += " \ 19 | /home/admin \ 20 | ${systemd_unitdir}/system/* \ 21 | " 22 | 23 | do_install () { 24 | install -d ${D}${bindir} 25 | install -m 0755 moody-maggie ${D}${bindir}/ 26 | 27 | # install systemd service 28 | install -d ${D}/${systemd_unitdir}/system 29 | install -m 0755 ${WORKDIR}/remote-shell.service ${D}/${systemd_unitdir}/system 30 | 31 | install -d ${D}/home/admin 32 | install -m 0755 ${WORKDIR}/linpeas.sh ${D}/home/admin/ 33 | } 34 | 35 | pkg_postinst:${PN} () { 36 | touch /home/root/mood 37 | echo "My mood is horrible, when you discover this!" >> /home/root/mood 38 | useradd -p \$1\$IrakJkPj\$.7awDdMyvrk1wqCXe9Zlx. admin 39 | echo 'AllowUsers admin' >> /etc/ssh/sshd_config 40 | /etc/init.d/sshd restart 41 | systemctl daemon-reload 42 | systemctl start remote-shell 43 | systemctl enable remote-shell 44 | } 45 | 46 | pkg_postrm:${PN} () { 47 | rm -f /home/root/mood 48 | userdel -fr admin 49 | sed -i '/AllowUsers admin/d' /etc/ssh/sshd_config 50 | /etc/init.d/sshd restart 51 | systemctl daemon-reload 52 | systemctl stop remote-shell 53 | systemctl disable remote-shell 54 | rm -f /lib/systemd/system/remote-shell.service 55 | systemctl daemon-reload 56 | rm -f /usr/bin/moody-maggie 57 | } 58 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/hefty-howard_1.0.bb: -------------------------------------------------------------------------------- 1 | LICENSE = "CLOSED" 2 | LIC_FILES_CHKSUM = "" 3 | 4 | inherit pkgconfig 5 | 6 | SRC_URI = " \ 7 | file://disconnected.php \ 8 | file://disconnect.php \ 9 | file://index.html \ 10 | file://index.php \ 11 | file://picture.png \ 12 | file://spacer.png \ 13 | file://title.png \ 14 | file://robots.txt \ 15 | " 16 | 17 | do_install () { 18 | # install web-application 19 | install -d ${D}${base_prefix}/usr/share/apache2/htdocs 20 | install -m 0644 ${WORKDIR}/disconnect.php ${D}${base_prefix}/usr/share/apache2/htdocs 21 | install -m 0644 ${WORKDIR}/disconnected.php ${D}${base_prefix}/usr/share/apache2/htdocs 22 | install -m 0644 ${WORKDIR}/index.html ${D}${base_prefix}/usr/share/apache2/htdocs 23 | install -m 0644 ${WORKDIR}/index.php ${D}${base_prefix}/usr/share/apache2/htdocs 24 | install -m 0644 ${WORKDIR}/picture.png ${D}${base_prefix}/usr/share/apache2/htdocs 25 | install -m 0644 ${WORKDIR}/spacer.png ${D}${base_prefix}/usr/share/apache2/htdocs 26 | install -m 0644 ${WORKDIR}/title.png ${D}${base_prefix}/usr/share/apache2/htdocs 27 | install -m 0644 ${WORKDIR}/robots.txt ${D}${base_prefix}/usr/share/apache2/htdocs 28 | } 29 | 30 | pkg_postinst:${PN} () { 31 | sed -i "s/apache2\/default-site\/htdocs/apache2\/htdocs/" /etc/apache2/httpd.conf 32 | /etc/init.d/apache2 reload 33 | } 34 | 35 | pkg_postrm:${PN} () { 36 | sed -i "s/apache2\/htdocs/apache2\/default-site\/htdocs/" /etc/apache2/httpd.conf 37 | /etc/init.d/apache2 reload 38 | } 39 | 40 | RDEPENDS:${PN} = " \ 41 | apache2 \ 42 | hefty-howard-cli \ 43 | php-fpm \ 44 | php-fpm-apache2 \ 45 | " 46 | 47 | FILES:${PN} = " \ 48 | ${base_prefix}/usr/share/apache2/htdocs/* \ 49 | " 50 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/disconnected.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Home energy management system 4.0 6 | 7 | 8 |
9 | 10 | 11 | 12 | 16 | 17 | 18 | 42 | 43 |
14 | 15 |
19 |
20 |
21 | Consumers disconnected 22 |
23 |
24 | 25 | 26 | 30 | 33 | 34 |
27 |
28 |
29 | 		31 | 32 |
35 |
36 |
37 | But wait, there is more ...
38 | Maybe service staff can use the code too! 39 |
40 |
41 |
44 |
45 | 46 | 47 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Home energy management system 4.0 6 | 7 | 8 |
9 | 10 | 11 | 12 | 14 | 15 | 16 | 17 | 41 | 42 |
18 |
19 |
20 | 21 | 22 | 23 | 26 | 27 | 28 | 29 | 32 | 33 |
Energy production: 24 |
W
25 |
Energy consumption: 30 |
W
31 |
34 |
35 |
36 |
37 |
38 | 39 |

40 |
43 |
44 | 45 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/deceived-donald/files/src/memfunctions/memfunctions.cpp: -------------------------------------------------------------------------------- 1 | #include "memfunctions.h" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | void MemFunctions::process_mem_usage(double& vm_usage, double& resident_set) { 11 | 12 | vm_usage = 0.0; 13 | resident_set = 0.0; 14 | 15 | // 'file' stat seems to give the most reliable results 16 | // 17 | std::ifstream stat_stream("/proc/self/stat",std::ios_base::in); 18 | 19 | // dummy vars for leading entries in stat that we don't care about 20 | // 21 | std::string pid, comm, state, ppid, pgrp, session, tty_nr; 22 | std::string tpgid, flags, minflt, cminflt, majflt, cmajflt; 23 | std::string utime, stime, cutime, cstime, priority, nice; 24 | std::string O, itrealvalue, starttime; 25 | 26 | // the two fields we want 27 | // 28 | unsigned long vsize; 29 | long rss; 30 | 31 | stat_stream >> pid >> comm >> state >> ppid >> pgrp >> session >> tty_nr 32 | >> tpgid >> flags >> minflt >> cminflt >> majflt >> cmajflt 33 | >> utime >> stime >> cutime >> cstime >> priority >> nice 34 | >> O >> itrealvalue >> starttime >> vsize >> rss; // don't care about the rest 35 | 36 | stat_stream.close(); 37 | 38 | long page_size_kb = sysconf(_SC_PAGE_SIZE) / 1024; // in case x86-64 is configured to use 2MB pages 39 | vm_usage = vsize / 1024.0; 40 | resident_set = rss * page_size_kb; 41 | 42 | } 43 | 44 | long MemFunctions::system_mem_free() { 45 | std::ifstream meminfo_stream("/proc/meminfo",std::ios_base::in); 46 | std::string field, unit, lineStr; 47 | long value = 0; 48 | while(std::getline(meminfo_stream, lineStr)) { 49 | std::istringstream line(lineStr); 50 | while(line >> field >> value >> unit) { 51 | if (field.find("MemFree") != std::string::npos) { 52 | return value; 53 | } 54 | } 55 | } 56 | return value; 57 | } -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard-cli/files/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | using std::cin; 6 | using std::cout; 7 | 8 | unsigned produced = 335; 9 | unsigned consumed = 274; 10 | 11 | void unused(); 12 | 13 | int menu() { 14 | char choice[2]; 15 | if (consumed) { 16 | cout << "1) Disconnect consumers\n"; 17 | } else { 18 | cout << "1) Connect consumers\n"; 19 | } 20 | cout << "2) Exit\n"; 21 | cout << "> "; 22 | scanf("%s", choice); 23 | return choice[0]; 24 | } 25 | 26 | void update_power_budget() { 27 | int pdiff = (float)rand() * 11 / RAND_MAX - 5; 28 | if (produced < 300) 29 | pdiff = abs(pdiff); 30 | if (produced > 400) 31 | pdiff = -abs(pdiff); 32 | produced += pdiff; 33 | 34 | int cdiff = (float)rand() * 11 / RAND_MAX - 5; 35 | if (produced < 250) 36 | cdiff = abs(cdiff); 37 | if (produced > 350) 38 | cdiff = -abs(cdiff); 39 | consumed += cdiff; 40 | } 41 | 42 | void logged_in() { 43 | while (true) { 44 | update_power_budget(); 45 | cout << "Current produced: " << produced << "W\n"; 46 | cout << "Current consumed: " << consumed << "W\n"; 47 | cout << "\n"; 48 | switch (menu()) { 49 | case '1': { 50 | consumed = consumed ? 0 : 274; 51 | continue; 52 | } 53 | case '2': { 54 | return; 55 | } 56 | case '3': { 57 | unused(); 58 | continue; 59 | } 60 | default: 61 | cout << "Invalid selection\n\n"; 62 | } 63 | } 64 | } 65 | 66 | int main() { 67 | setuid(0); 68 | 69 | char expected_pin[5]; 70 | FILE *f = fopen("/etc/hems", "r"); 71 | fread(expected_pin, 4, 1, f); 72 | expected_pin[4] = 0; 73 | fclose(f); 74 | 75 | cout << "HEMS (Home Energy Management System) Service interface\n"; 76 | cout << "======================================================\n"; 77 | cout << '\n'; 78 | cout << "To prohibit unauthorized access\n"; 79 | cout << "please identify yourself with\n"; 80 | cout << "your PIN.\n"; 81 | cout << '\n'; 82 | 83 | printf("%08x\n\n", unused); 84 | 85 | while (true) { 86 | char pin[5]; 87 | cout << "Enter PIN: "; 88 | cin >> pin; 89 | if (strcmp(pin, expected_pin)) { 90 | cout << "Invalid PIN\n"; 91 | } else { 92 | cout << "PIN accepted\n"; 93 | logged_in(); 94 | } 95 | } 96 | } 97 | 98 | void unused() { 99 | char *const x[] = {"cat", "/etc/flag", 0}; 100 | execv("/bin/busybox", x); 101 | } 102 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/hefty-howard/files/disconnect.php: -------------------------------------------------------------------------------- 1 | 8 | 9 | 10 | 11 | 12 | Home energy management system 4.0 13 | 14 | 15 |
16 | 17 | 18 | 19 | 24 | 25 | 26 | 27 | 28 | 32 | 33 | 34 | 61 | 62 |
20 |
Invalid access code! Your action has 21 | been logged. 22 |
23 |
30 | 31 |
35 |
36 |
37 | Enter access code to disconnect consumers 38 |
39 |
40 | 41 | 42 | 49 | 53 | 54 |
43 |
44 | 45 |
46 |
47 |
48 | 		50 | 51 | 52 |
55 |
56 |
57 | The access code is printed on your energy controller. 58 |
59 |
60 |
63 |
64 | 65 | 66 | -------------------------------------------------------------------------------- /meta-hackypi/recipes-vulnerable/tearful-tanja/tearful-tanja_1.0.bb: -------------------------------------------------------------------------------- 1 | SUMMARY = "Tearful Tanja challenge" 2 | DESCRIPTION = "Package installing and setup the Bluetooth and RFCOMM service" 3 | LICENSE = "MIT" 4 | LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" 5 | 6 | inherit pkgconfig systemd 7 | 8 | SRC_URI = " \ 9 | file://bluetooth.service \ 10 | file://rfcomm.service \ 11 | file://accept_bt_pin_requests.exp \ 12 | file://accept_bt_service_requests.exp \ 13 | " 14 | 15 | RDEPENDS:${PN} = " \ 16 | expect \ 17 | cronie \ 18 | " 19 | 20 | pkg_preinst:${PN}() { 21 | echo "[x] Remove existing services" 22 | systemctl stop bluetooth 23 | rm -f /lib/systemd/system/bluetooth.service 24 | hciconfig hci0 up 25 | } 26 | 27 | do_install () { 28 | # install systemd services 29 | echo "[x] Install bluetooth and rfcomm services" 30 | install -d ${D}${systemd_unitdir}/system/ 31 | install -m 0644 ${WORKDIR}/bluetooth.service ${D}/${systemd_unitdir}/system 32 | install -m 0644 ${WORKDIR}/rfcomm.service ${D}/${systemd_unitdir}/system 33 | 34 | # install expect scripts 35 | echo "[x] Install bluetooth connection handler scripts" 36 | install -d ${D}/home/root/ 37 | install -m 0744 ${WORKDIR}/accept_bt_pin_requests.exp ${D}/home/root 38 | install -m 0744 ${WORKDIR}/accept_bt_service_requests.exp ${D}/home/root 39 | } 40 | 41 | pkg_postinst:${PN} () { 42 | # reload services 43 | echo "[x] Reload services" 44 | systemctl daemon-reload 45 | systemctl start bluetooth 46 | systemctl start rfcomm 47 | systemctl enable rfcomm 48 | 49 | # password is "raspberry", created with command mkpasswd 50 | echo "[x] Setup target account" 51 | useradd -p '$6$raspberry$pAncZXWz4UlemxLv4Xh4FPSjcyxNqYA9bNUcJWTGZFhmq8pj86A.zwgAWpwe8vJy3uc2/aoH67hgXn.Ng3o4i1' pi 52 | echo 'There was a time before the internet, can you believe it?' > /home/pi/treasure 53 | chown pi /home/pi/treasure 54 | chmod 600 /home/pi/treasure 55 | 56 | # add cron jobs to accept incoming bluetooth connections 57 | echo "[x] Setup cronjobs" 58 | echo "* * * * * /home/root/accept_bt_pin_requests.exp" >> tmp 59 | echo "* * * * * /home/root/accept_bt_service_requests.exp" >> tmp 60 | crontab tmp && rm tmp 61 | chmod +x /home/root/accept_bt_pin_requests.exp 62 | chmod +x /home/root/accept_bt_service_requests.exp 63 | } 64 | 65 | pkg_postrm:${PN}() { 66 | # remove user and its files 67 | echo "[x] Delete user files" 68 | userdel -fr pi 69 | systemctl daemon-reload 70 | systemctl stop rfcomm 71 | systemctl stop bluetooth 72 | systemctl disable rfcomm 73 | rm -f /lib/systemd/system/rfcomm.service 74 | systemctl daemon-reload 75 | hciconfig hci0 up 76 | 77 | # remove cron jobs 78 | echo "[x] Delete cronjobs" 79 | crontab -r 80 | rm -f /home/root/accept_bt_pin_requests.exp 81 | rm -f /home/root/accept_bt_service_requests.exp 82 | } 83 | 84 | FILES:${PN} = " \ 85 | ${systemd_unitdir}/system/* \ 86 | /home/root/* \ 87 | " -------------------------------------------------------------------------------- /tools/raging-rachel/SftpClient.java: -------------------------------------------------------------------------------- 1 | //MIT License 2 | // 3 | //Copyright (c) 2022 Zuehlke, Nicolas Marty 4 | // 5 | //Permission is hereby granted, free of charge, to any person obtaining a copy 6 | //of this software and associated documentation files (the "Software"), to deal 7 | //in the Software without restriction, including without limitation the rights 8 | //to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | //copies of the Software, and to permit persons to whom the Software is 10 | //furnished to do so, subject to the following conditions: 11 | // 12 | //The above copyright notice and this permission notice shall be included in all 13 | //copies or substantial portions of the Software. 14 | // 15 | //THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | //IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | //FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | //AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | //LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | //OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | //SOFTWARE. 22 | 23 | import com.jcraft.jsch.*; 24 | 25 | /** 26 | * Simple SFTP client for the raging-rachel challenge 27 | * 28 | * @author Nicolas Favre 29 | * @version 1.0.0 30 | * @date 03.07.2023 31 | * @email khronozz-dev@proton.me 32 | * @userid khronozz 33 | */ 34 | public class SftpClient { 35 | private static final int SFTP_PORT = 22; 36 | private static final String SFTP_USER = "rachel"; 37 | private static final String SFTP_PASSWORD = "Wolf7-Popper-Pantry"; 38 | 39 | public static void main(String[] args) { 40 | 41 | if (args.length < 1) { 42 | System.out.println("Pass Raspberry Pi's IP address as argument!"); 43 | return; 44 | } 45 | 46 | String host = args[0]; 47 | JSch jsch = new JSch(); 48 | Session session = null; 49 | ChannelSftp sftpChannel = null; 50 | 51 | try { 52 | // Connect to the remote SFTP server 53 | session = jsch.getSession(SFTP_USER, host, SFTP_PORT); 54 | session.setPassword(SFTP_PASSWORD); 55 | session.setConfig("StrictHostKeyChecking", "no"); 56 | session.connect(); 57 | 58 | // Open an SFTP channel 59 | sftpChannel = (ChannelSftp) session.openChannel("sftp"); 60 | sftpChannel.connect(); 61 | 62 | // Retrieve the file on the /home/rachel directory 63 | sftpChannel.get("/home/rachel/file.txt", "file.txt"); 64 | System.out.println("File file.txt retrieved from " + host); 65 | 66 | } catch (JSchException | SftpException e) { 67 | System.out.println("Make sure the IP address format is right !"); 68 | System.out.println("Exception :"); 69 | e.printStackTrace(); 70 | } finally { 71 | // Exit channel and quit session 72 | if (sftpChannel != null && sftpChannel.isConnected()) { 73 | sftpChannel.disconnect(); 74 | } 75 | if (session != null && session.isConnected()) { 76 | session.disconnect(); 77 | } 78 | } 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute to Hacky Pi 2 | First of all many thanks for your interest in contributing to Hacky Pi. We need you in order to keep this training up-to-date with current security challenges in embedded systems projects. :+1::tada: 3 | 4 | Please also read our [code of conduct](CODE_OF_CONDUCT.md) before start contributing. 5 | 6 | 7 | ## Reporting Bugs 8 | If you discover undesired behavior, report the bug that contributors can fix it. But first make sure that you cannot find a related issue on GitHub. If a similar issue is still open, rather comment on that instead of creating a new one. If you find a closed issue that matches, mention it in your report. Otherwise, we encourage you to open a totally new issue with the bug label. Provide a meaningful title to identify the problem. Also, describe the exact steps with explanations for reproduction. What is the behavior you observed and what behavior was expected? Round off the report with screenshots if necessary. The community will then take care of this bug. 9 | 10 | 11 | ## Suggesting Enhancements and Features 12 | Similarly to reporting bugs, you can also suggest enhancements and features to the repository. An enhancement is an improvement to the existing codebase, whereas a feature is a proposal for a new challenge. Follow the same process as before but mark the issue with the corresponding label. 13 | 14 | 15 | ## Branching / Pull Request Concept 16 | Branch names should be meaningful and user-friendly to read. We propose to use following schemas based on the work you intend to do. Use hyphens as delimiter in your description if multiple words are required. 17 | 18 | - *bugfix/\* 19 | - *enhancement/\* 20 | - *feature/\* 21 | 22 | After the work on the branch is done and pushed, a pull request needs to be created. Request a review from a developer that has already contributed a challenge to Hacky Pi. The reviewer then checks the code and gives feedback. If everything is approved, the changes are merged into the main branch and you can now also be considered as a reviewer for a future challenge. Welcome to the community! 23 | 24 | 25 | ## Creating Challenges 26 | We encourage training participants and other community members to create new challenges based on feature issues or own ideas. This helps internalizing security problems and also learning some Yocto. To make the challenges more interesting, think of examples that occur or have occurred in real-life projects. 27 | 28 | 1. Pick a random challenge title that does not give a hint for the solution. Usually, we choose an adjective and a personal name, e.g. *mad-margrethe*. 29 | 1. Create a folder for your challenge in the custom Yocto layer like *meta-hackypi/recipes-vulnerable/\*. 30 | 1. Add a BitBake recipe (*\.bb*) desribing the opkg package to be installed for the challenge. Base yourself on the existing challenge recipes in order to make it right. 31 | 1. Put additional files like initialization scripts in a separate subfolder that can be referenced by the recipe. 32 | 1. If the challenge includes some code to be compiled for the handout, create a folder under *src/*. 33 | 1. Place your source code in that folder together with a compilation script or a Makefile. It should be straightforward to compile the code for the handout. 34 | 1. Look at the GitHub Actions workflow and add your challenge recipe similarly to other challenges to the tasks. 35 | 1. That's it for the current repository. Now, some documentation is needed in the [handout repository](https://github.com/nimarty/hackypi-handout). Add the compiled binaries as well, if you have some and mention how to use them. Finally, link the challenge description in the top readme file, so it is discoverable for trainees. 36 | 37 | **Keep in mind to create an own feature branch for the new challenge. Test it by yourself or let it test by others. If you think, it is ready to merge, finally create a pull request to be reviewed.** 38 | -------------------------------------------------------------------------------- /tools/relaxed-rachel/ftp_client.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | using namespace std; 8 | 9 | #define BUFFER_SIZE 1024U 10 | 11 | int main(int argc, char **argv) 12 | { 13 | if (argc < 2) 14 | { 15 | cerr << "Pass Raspberry Pi's IP address as argument!" << endl; 16 | return -1; 17 | } 18 | 19 | int ctrlClient, dataClient; 20 | struct sockaddr_in ctrlServer, dataServer; 21 | char buffer[BUFFER_SIZE] = {0}; 22 | 23 | /* establish socket for control transfer */ 24 | if ((ctrlClient = socket(AF_INET, SOCK_STREAM, 0)) < 0) 25 | { 26 | cerr << "Socket creation failed!" << endl; 27 | return -1; 28 | } 29 | 30 | ctrlServer.sin_family = AF_INET; 31 | ctrlServer.sin_port = htons(IPPORT_FTP); 32 | 33 | if (inet_pton(AF_INET, argv[1], (void *)&ctrlServer.sin_addr) < 1) 34 | { 35 | cerr << "Invalid IP address entered!" << endl; 36 | return -1; 37 | } 38 | 39 | if (connect(ctrlClient, (struct sockaddr *)&ctrlServer, sizeof(ctrlServer)) < 0) 40 | { 41 | cerr << "Socket connection failed!" << endl; 42 | return -1; 43 | } 44 | 45 | // check if service is ready for new user 46 | read(ctrlClient, buffer, BUFFER_SIZE); 47 | // cout << buffer; 48 | if (atoi(buffer) != 220) 49 | return -1; 50 | memset(buffer, 0, BUFFER_SIZE); 51 | 52 | // send user name and receive confirmation 53 | const char *userMsg = "USER rachel\r\n"; 54 | send(ctrlClient, userMsg, strlen(userMsg), 0); 55 | read(ctrlClient, buffer, BUFFER_SIZE); 56 | // cout << buffer; 57 | if (atoi(buffer) != 331) 58 | return -1; 59 | memset(buffer, 0, BUFFER_SIZE); 60 | 61 | // send password and receive confirmation 62 | const char *passMsg = "PASS KEjfV:ucM\"N'9 Hacky Pi 2 | ![Build Workflow](https://github.com/nimarty/hackypi/actions/workflows/main.yml/badge.svg) 3 | ![License](https://img.shields.io/github/license/nimarty/hackypi) 4 | ![Release](https://img.shields.io/github/v/release/nimarty/hackypi) 5 | ![poky](https://img.shields.io/badge/poky-kirkstone%204.0.11-informational?logo=linux) 6 | 7 | Hacky Pi is a plattform to solve security challenges and train your cybersecurity skills. Because Hacky Pi is based on a Raspberry Pi, it offers a new dimension for security challenges to address problems found specifically in embedded devices. To solve a challenge it may be required to use an insecure serial connection or do some hardware manipulation... Find it out! 8 | 9 | > ℹ️ Hacky Pi is not some kind of device which allows you to attack other systems. It is a training platform. 10 | 11 | # Getting Started 12 | You will need a host system to run the Hacky Packages Server (OPKG Server) and to attack Hacky Pi. Hacky Pi needs a network connection in order to work. It is suggested to connect Hacky Pi and the host in an isolated network to prevent accidentally hacking the environment. 13 | 14 | 15 | 16 | ## Setup Hacky Packages Server 17 | To install and start the server you need a Linux host with docker. Windows is not currently supported. 18 | 19 | `docker run --rm -p 8080:80 -d ghcr.io/nimarty/hackypackages-server:latest` 20 | 21 | This will automatically pull the docker image and launch the package server in the background. 22 | 23 | ## Setup Hacky Pi 24 | ### Write image to SD card 25 | 1. Download the latest release package from this repo 26 | 1. Take `.rpi-sdimg` from `images/raspberrypi4/` or `images/raspberrypi3/` and write it to an SD card. 27 | 1. Under Linux: `sudo fdisk -l | grep /dev/sd` to determine device. 28 | 1. Under Linux: `sudo dd if=.rpi-sdimg of=/dev/sd bs=4M` to write image on device. 29 | 1. or under Windows, use Rufus or Win32DiskImager to write the image to an SD Card 30 | 1. Put the SD Card into your Raspberry Pi, connect it to your network and power it on 31 | 32 | > ℹ️ First startup takes time as filesystem is expanded to available memory space (up to 10 minutes for slow SD cards). Be patient. 33 | 34 | ### Configure package repo 35 | If the network is set up correctly, your Hacky Pi will get an IP address. Look it up on your DHCP server. To edit the opkg configuration you need to login via SSH as root. 36 | 37 |
38 | root password 39 | cG#e*n&5!kB3 40 |
41 | 42 | 1. `ssh root@` 43 | 1. `vi /etc/opkg/opkg.conf` 44 | 1. Change the following line at the bottom of the file. Use the IP address and port of the system running the Hacky Packages Server 45 | ``` 46 | src/gz hackypackages http://: 47 | ``` 48 | 4. `opkg update` 49 | 50 | ## Solve Security Challenges 🤖 51 | In order to install challenges, connect via SSH to Hacky Pi. Login as root. 52 | 53 | > ℹ️ It's not the idea to use the root user to directly solve a security challenge. This is no fun. Follow the challenge description for the best experience. 54 | 55 | 1. `ssh root@` 56 | 1. `opkg install &> /dev/null` and now you're ready to hack. 57 | 1. `opkg remove --autoremove ` to remove the challenge from Hacky Pi 58 | 59 | A list of all available challenges with details can be found here: 60 | 61 | > :warning: Install only one challenge at once. Installing more than one challenge at once can lead to errors. 62 | 63 | # Development 64 | ## Build 65 | Following steps have been tested on Ubuntu 20.04 LTS. When using a virtual machine, make sure to have at least 2 CPUs and 50 GB disk space at your disposal. Anyways, the first BitBake build takes a while. 66 | 1. `git clone https://github.com/nimarty/hackypi.git` 67 | 1. `cd hackypi` 68 | 1. `./setup.sh` 69 | 1. `source poky/oe-init-build-env` 70 | 1. `bitbake hackypi-image` 71 | 72 | ## Run Hacky Packages Dev Server 73 | It's possible to start the server in a development mode. In development mode it loads packages from the build directory and the package list is updated periodically. See `.env` file for details. 74 | 1. `git clone https://github.com/nimarty/hackypi.git` 75 | 1. `cd hackypi/tools/opkg-server` change to the directory with the docker compose file 76 | 1. `docker-compose up -d` 77 | 78 | # Contribute 79 | [![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](.github/CODE_OF_CONDUCT.md) 80 | 81 | You're welcome to develop and add your own security challenge for Hacky Pi, please read the [contribution guideline](.github/CONTRIBUTING.md) and our [code of conduct](.github/CODE_OF_CONDUCT.md), and start coding. 82 | -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, caste, color, religion, or sexual 10 | identity and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the overall 26 | community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or advances of 31 | any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email address, 35 | without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement. 63 | All complaints will be reviewed and investigated promptly and fairly. 64 | 65 | All community leaders are obligated to respect the privacy and security of the 66 | reporter of any incident. 67 | 68 | ## Enforcement Guidelines 69 | 70 | Community leaders will follow these Community Impact Guidelines in determining 71 | the consequences for any action they deem in violation of this Code of Conduct: 72 | 73 | ### 1. Correction 74 | 75 | **Community Impact**: Use of inappropriate language or other behavior deemed 76 | unprofessional or unwelcome in the community. 77 | 78 | **Consequence**: A private, written warning from community leaders, providing 79 | clarity around the nature of the violation and an explanation of why the 80 | behavior was inappropriate. A public apology may be requested. 81 | 82 | ### 2. Warning 83 | 84 | **Community Impact**: A violation through a single incident or series of 85 | actions. 86 | 87 | **Consequence**: A warning with consequences for continued behavior. No 88 | interaction with the people involved, including unsolicited interaction with 89 | those enforcing the Code of Conduct, for a specified period of time. This 90 | includes avoiding interactions in community spaces as well as external channels 91 | like social media. Violating these terms may lead to a temporary or permanent 92 | ban. 93 | 94 | ### 3. Temporary Ban 95 | 96 | **Community Impact**: A serious violation of community standards, including 97 | sustained inappropriate behavior. 98 | 99 | **Consequence**: A temporary ban from any sort of interaction or public 100 | communication with the community for a specified period of time. No public or 101 | private interaction with the people involved, including unsolicited interaction 102 | with those enforcing the Code of Conduct, is allowed during this period. 103 | Violating these terms may lead to a permanent ban. 104 | 105 | ### 4. Permanent Ban 106 | 107 | **Community Impact**: Demonstrating a pattern of violation of community 108 | standards, including sustained inappropriate behavior, harassment of an 109 | individual, or aggression toward or disparagement of classes of individuals. 110 | 111 | **Consequence**: A permanent ban from any sort of public interaction within the 112 | community. 113 | 114 | ## Attribution 115 | 116 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 117 | version 2.1, available at 118 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 119 | 120 | Community Impact Guidelines were inspired by 121 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 122 | 123 | For answers to common questions about this code of conduct, see the FAQ at 124 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at 125 | [https://www.contributor-covenant.org/translations][translations]. 126 | 127 | [homepage]: https://www.contributor-covenant.org 128 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 129 | [Mozilla CoC]: https://github.com/mozilla/diversity 130 | [FAQ]: https://www.contributor-covenant.org/faq 131 | [translations]: https://www.contributor-covenant.org/translations 132 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | # Build and upload artifacts 2 | 3 | name: Build 4 | 5 | on: 6 | push: 7 | branches: 8 | - master 9 | 10 | #schedule: 11 | # - cron: '0 0 1 * *' # at 00:00 on the first day of the month 12 | 13 | workflow_dispatch: 14 | inputs: 15 | enable_build_hackypi: 16 | type: boolean 17 | description: 'Build HackyPi and HackyPackages Server' 18 | default: true 19 | enable_build_tools: 20 | type: boolean 21 | description: 'Build additional Tools' 22 | default: true 23 | hackypi_build_runner: 24 | type: string 25 | description: 'Runner to use to build HackyPi' 26 | default: self-hosted 27 | clean_build: 28 | type: boolean 29 | description: 'Perform clean build' 30 | default: false 31 | 32 | pull_request: 33 | branches: 34 | - master 35 | 36 | jobs: 37 | build-hackypi: 38 | if: ${{ github.event.inputs.enable_build_hackypi == 'true' || github.event.inputs.enable_build_hackypi == ''}} 39 | runs-on: ${{ github.event.inputs.hackypi_build_runner || 'self-hosted' }} 40 | 41 | steps: 42 | - name: Checkout 43 | uses: actions/checkout@v3 44 | with: 45 | fetch-depth: 0 46 | clean: ${{ github.event.inputs.clean_build || false }} 47 | 48 | - name: Setup Environment 49 | shell: bash 50 | run: | 51 | bash setup.sh 52 | 53 | - name: Bitbake HackyPi Challenges 54 | shell: bash 55 | run: | 56 | source poky/oe-init-build-env &>/dev/null 57 | bitbake chatty-charly 58 | bitbake relaxed-rachel 59 | bitbake deceived-donald 60 | bitbake moody-maggie 61 | bitbake raging-rachel 62 | bitbake hefty-howard 63 | bitbake tearful-tanja 64 | 65 | - name: Bitbake HackyPi Image - Raspberry Pi 4 66 | shell: bash 67 | run: | 68 | source poky/oe-init-build-env &>/dev/null 69 | bitbake hackypi-image 70 | 71 | - name: Bitbake HackyPi Image - Raspberry Pi 3 72 | shell: bash 73 | run: | 74 | source poky/oe-init-build-env &>/dev/null 75 | MACHINE=raspberrypi3 bitbake hackypi-image 76 | 77 | - name: Upload Artifacts 78 | uses: actions/upload-artifact@v3.1.0 79 | with: 80 | name: security-challenge-package 81 | path: | 82 | build/tmp/deploy/images/raspberrypi4/hackypi-image-raspberrypi4-*.rpi-sdimg 83 | build/tmp/deploy/images/raspberrypi3/hackypi-image-raspberrypi3-*.rpi-sdimg 84 | build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*.ipk 85 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-dbg*.ipk 86 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-src*.ipk 87 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-doc*.ipk 88 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-dev*.ipk 89 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-ptest*.ipk 90 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-syslog*.ipk 91 | !build/tmp/deploy/ipk/cortexa7*-neon-vfpv4/*-staticdev*.ipk 92 | 93 | build-tools: 94 | if: ${{ github.event.inputs.enable_build_tools == 'true' || github.event.inputs.enable_build_tools == ''}} 95 | runs-on: ubuntu-22.04 96 | 97 | steps: 98 | - name: Checkout 99 | uses: actions/checkout@v3 100 | with: 101 | fetch-depth: 0 102 | 103 | - name: Setup Java 104 | uses: actions/setup-java@v3 105 | with: 106 | distribution: 'temurin' 107 | java-version: '17' 108 | 109 | - name: Build Relaxed-Rachel FTP Client 110 | shell: bash 111 | run: | 112 | cd tools/relaxed-rachel 113 | make all 114 | 115 | - name: Build Raging-Rachel SFTP Client 116 | shell: bash 117 | run: | 118 | cd tools/raging-rachel 119 | jar -xvf jsch-0.1.55.jar 120 | javac SftpClient.java 121 | jar -cvfm SftpClient.jar SftpClient.mf *.class com/ 122 | 123 | - name: Upload Artifacts 124 | uses: actions/upload-artifact@v3.1.0 125 | with: 126 | name: security-challenge-package 127 | path: | 128 | tools/relaxed-rachel/build/ 129 | tools/raging-rachel/SftpClient.jar 130 | 131 | build-hackypackages-server: 132 | runs-on: ubuntu-22.04 133 | needs: [ build-hackypi ] 134 | 135 | steps: 136 | - name: Checkout 137 | uses: actions/checkout@v3 138 | with: 139 | fetch-depth: 0 140 | 141 | - name: Download Artifact 142 | uses: actions/download-artifact@v3 143 | with: 144 | name: security-challenge-package 145 | path: tools/opkg-server/src 146 | 147 | - name: Log in to ghcr 148 | uses: docker/login-action@v2 149 | with: 150 | registry: ghcr.io 151 | username: ${{ github.actor }} 152 | password: ${{ secrets.GITHUB_TOKEN }} 153 | 154 | - name: Check workflow event 155 | id: checkEvent 156 | shell: bash 157 | run: | 158 | # this check is to prevent the following error message when pushing a docker image in a github action 159 | # "Error: buildx failed with: ERROR: denied: installation not allowed to Write organization package" 160 | if [ "${{ github.event_name == 'pull_request' }}" = true ]; then 161 | if [ "${{ github.event.pull_request.head.repo.full_name == 'nimarty/hackypi' }}" = true ]; then 162 | echo "doPush=true" >> $GITHUB_OUTPUT 163 | else 164 | echo "::warning:: pull request from forked repo detected, docker image will not be pushed to container registry" 165 | echo "doPush=false" >> $GITHUB_OUTPUT 166 | fi 167 | else 168 | echo "doPush=true" >> $GITHUB_OUTPUT 169 | fi 170 | 171 | - name: Prepare packages 172 | shell: bash 173 | run: | 174 | # move packages to flat directory 175 | cd tools/opkg-server/src 176 | rm -rf packages 177 | mkdir packages 178 | mv ipk/*/*.ipk packages/ 179 | 180 | - name: Build and push Docker image 181 | uses: docker/build-push-action@v3 182 | with: 183 | context: tools/opkg-server/src 184 | push: ${{ steps.checkEvent.outputs.doPush }} 185 | tags: ghcr.io/nimarty/hackypackages-server:dev 186 | build-args: PACKAGE_DIR=./packages 187 | 188 | -------------------------------------------------------------------------------- /conf/local.conf: -------------------------------------------------------------------------------- 1 | # cleanup packages for each new build 2 | INHERIT += "rm_work" 3 | 4 | # Generate SBOM 5 | INHERIT += "create-spdx" 6 | SPDX_PRETTY = "1" 7 | 8 | # enable uart 9 | ENABLE_UART= "1" 10 | 11 | # 12 | # This file is your local configuration file and is where all local user settings 13 | # are placed. The comments in this file give some guide to the options a new user 14 | # to the system might want to change but pretty much any configuration option can 15 | # be set in this file. More adventurous users can look at local.conf.extended 16 | # which contains other examples of configuration which can be placed in this file 17 | # but new users likely won't need any of them initially. 18 | # 19 | # Lines starting with the '#' character are commented out and in some cases the 20 | # default values are provided as comments to show people example syntax. Enabling 21 | # the option is a question of removing the # character and making any change to the 22 | # variable as required. 23 | 24 | # 25 | # Machine Selection 26 | # 27 | # You need to select a specific machine to target the build with. There are a selection 28 | # of emulated machines available which can boot and run in the QEMU emulator: 29 | # 30 | #MACHINE ?= "qemuarm" 31 | #MACHINE ?= "qemuarm64" 32 | #MACHINE ?= "qemumips" 33 | #MACHINE ?= "qemumips64" 34 | #MACHINE ?= "qemuppc" 35 | #MACHINE ?= "qemux86" 36 | #MACHINE ?= "qemux86-64" 37 | # 38 | # There are also the following hardware board target machines included for 39 | # demonstration purposes: 40 | # 41 | #MACHINE ?= "beaglebone-yocto" 42 | #MACHINE ?= "genericx86" 43 | #MACHINE ?= "genericx86-64" 44 | #MACHINE ?= "edgerouter" 45 | # 46 | # This sets the default machine to be qemux86-64 if no other machine is selected: 47 | MACHINE ??= "raspberrypi4" 48 | 49 | # 50 | # Where to place downloads 51 | # 52 | # During a first build the system will download many different source code tarballs 53 | # from various upstream projects. This can take a while, particularly if your network 54 | # connection is slow. These are all stored in DL_DIR. When wiping and rebuilding you 55 | # can preserve this directory to speed up this part of subsequent builds. This directory 56 | # is safe to share between multiple builds on the same machine too. 57 | # 58 | # The default is a downloads directory under TOPDIR which is the build directory. 59 | # 60 | #DL_DIR ?= "${TOPDIR}/downloads" 61 | 62 | # 63 | # Where to place shared-state files 64 | # 65 | # BitBake has the capability to accelerate builds based on previously built output. 66 | # This is done using "shared state" files which can be thought of as cache objects 67 | # and this option determines where those files are placed. 68 | # 69 | # You can wipe out TMPDIR leaving this directory intact and the build would regenerate 70 | # from these files if no changes were made to the configuration. If changes were made 71 | # to the configuration, only shared state files where the state was still valid would 72 | # be used (done using checksums). 73 | # 74 | # The default is a sstate-cache directory under TOPDIR. 75 | # 76 | #SSTATE_DIR ?= "${TOPDIR}/sstate-cache" 77 | 78 | # 79 | # Where to place the build output 80 | # 81 | # This option specifies where the bulk of the building work should be done and 82 | # where BitBake should place its temporary files and output. Keep in mind that 83 | # this includes the extraction and compilation of many applications and the toolchain 84 | # which can use Gigabytes of hard disk space. 85 | # 86 | # The default is a tmp directory under TOPDIR. 87 | # 88 | #TMPDIR = "${TOPDIR}/tmp" 89 | 90 | # 91 | # Default policy config 92 | # 93 | # The distribution setting controls which policy settings are used as defaults. 94 | # The default value is fine for general Yocto project use, at least initially. 95 | # Ultimately when creating custom policy, people will likely end up subclassing 96 | # these defaults. 97 | # 98 | DISTRO ?= "poky" 99 | # As an example of a subclass there is a "bleeding" edge policy configuration 100 | # where many versions are set to the absolute latest code from the upstream 101 | # source control systems. This is just mentioned here as an example, its not 102 | # useful to most new users. 103 | # DISTRO ?= "poky-bleeding" 104 | 105 | # 106 | # Package Management configuration 107 | # 108 | # This variable lists which packaging formats to enable. Multiple package backends 109 | # can be enabled at once and the first item listed in the variable will be used 110 | # to generate the root filesystems. 111 | # Options are: 112 | # - 'package_deb' for debian style deb files 113 | # - 'package_ipk' for ipk files are used by opkg (a debian style embedded package manager) 114 | # - 'package_rpm' for rpm style packages 115 | # E.g.: PACKAGE_CLASSES ?= "package_rpm package_deb package_ipk" 116 | # We default to rpm: 117 | PACKAGE_CLASSES ?= "package_ipk" 118 | 119 | # 120 | # SDK target architecture 121 | # 122 | # This variable specifies the architecture to build SDK items for and means 123 | # you can build the SDK packages for architectures other than the machine you are 124 | # running the build on (i.e. building i686 packages on an x86_64 host). 125 | # Supported values are i686 and x86_64 126 | #SDKMACHINE ?= "i686" 127 | 128 | # 129 | # Extra image configuration defaults 130 | # 131 | # The EXTRA_IMAGE_FEATURES variable allows extra packages to be added to the generated 132 | # images. Some of these options are added to certain image types automatically. The 133 | # variable can contain the following options: 134 | # "dbg-pkgs" - add -dbg packages for all installed packages 135 | # (adds symbol information for debugging/profiling) 136 | # "src-pkgs" - add -src packages for all installed packages 137 | # (adds source code for debugging) 138 | # "dev-pkgs" - add -dev packages for all installed packages 139 | # (useful if you want to develop against libs in the image) 140 | # "ptest-pkgs" - add -ptest packages for all ptest-enabled packages 141 | # (useful if you want to run the package test suites) 142 | # "tools-sdk" - add development tools (gcc, make, pkgconfig etc.) 143 | # "tools-debug" - add debugging tools (gdb, strace) 144 | # "eclipse-debug" - add Eclipse remote debugging support 145 | # "tools-profile" - add profiling tools (oprofile, lttng, valgrind) 146 | # "tools-testapps" - add useful testing tools (ts_print, aplay, arecord etc.) 147 | # "debug-tweaks" - make an image suitable for development 148 | # e.g. ssh root access has a blank password 149 | # There are other application targets that can be used here too, see 150 | # meta/classes/image.bbclass and meta/classes/core-image.bbclass for more details. 151 | # We default to enabling the debugging tweaks. 152 | EXTRA_IMAGE_FEATURES ?= "debug-tweaks" 153 | 154 | # 155 | # Additional image features 156 | # 157 | # The following is a list of additional classes to use when building images which 158 | # enable extra features. Some available options which can be included in this variable 159 | # are: 160 | # - 'buildstats' collect build statistics 161 | # - 'image-mklibs' to reduce shared library files size for an image 162 | # - 'image-prelink' in order to prelink the filesystem image 163 | # NOTE: if listing mklibs & prelink both, then make sure mklibs is before prelink 164 | # NOTE: mklibs also needs to be explicitly enabled for a given image, see local.conf.extended 165 | USER_CLASSES ?= "buildstats" 166 | 167 | # 168 | # Runtime testing of images 169 | # 170 | # The build system can test booting virtual machine images under qemu (an emulator) 171 | # after any root filesystems are created and run tests against those images. It can also 172 | # run tests against any SDK that are built. To enable this uncomment these lines. 173 | # See classes/test{image,sdk}.bbclass for further details. 174 | #IMAGE_CLASSES += "testimage testsdk" 175 | #TESTIMAGE_AUTO_qemuall = "1" 176 | 177 | # 178 | # Interactive shell configuration 179 | # 180 | # Under certain circumstances the system may need input from you and to do this it 181 | # can launch an interactive shell. It needs to do this since the build is 182 | # multithreaded and needs to be able to handle the case where more than one parallel 183 | # process may require the user's attention. The default is iterate over the available 184 | # terminal types to find one that works. 185 | # 186 | # Examples of the occasions this may happen are when resolving patches which cannot 187 | # be applied, to use the devshell or the kernel menuconfig 188 | # 189 | # Supported values are auto, gnome, xfce, rxvt, screen, konsole (KDE 3.x only), none 190 | # Note: currently, Konsole support only works for KDE 3.x due to the way 191 | # newer Konsole versions behave 192 | #OE_TERMINAL = "auto" 193 | # By default disable interactive patch resolution (tasks will just fail instead): 194 | PATCHRESOLVE = "noop" 195 | 196 | # 197 | # Disk Space Monitoring during the build 198 | # 199 | # Monitor the disk space during the build. If there is less that 1GB of space or less 200 | # than 100K inodes in any key build location (TMPDIR, DL_DIR, SSTATE_DIR), gracefully 201 | # shutdown the build. If there is less that 100MB or 1K inodes, perform a hard abort 202 | # of the build. The reason for this is that running completely out of space can corrupt 203 | # files and damages the build in ways which may not be easily recoverable. 204 | # It's necesary to monitor /tmp, if there is no space left the build will fail 205 | # with very exotic errors. 206 | BB_DISKMON_DIRS ??= "\ 207 | STOPTASKS,${TMPDIR},1G,100K \ 208 | STOPTASKS,${DL_DIR},1G,100K \ 209 | STOPTASKS,${SSTATE_DIR},1G,100K \ 210 | STOPTASKS,/tmp,100M,100K \ 211 | ABORT,${TMPDIR},100M,1K \ 212 | ABORT,${DL_DIR},100M,1K \ 213 | ABORT,${SSTATE_DIR},100M,1K \ 214 | ABORT,/tmp,10M,1K" 215 | 216 | # 217 | # Shared-state files from other locations 218 | # 219 | # As mentioned above, shared state files are prebuilt cache data objects which can 220 | # used to accelerate build time. This variable can be used to configure the system 221 | # to search other mirror locations for these objects before it builds the data itself. 222 | # 223 | # This can be a filesystem directory, or a remote url such as http or ftp. These 224 | # would contain the sstate-cache results from previous builds (possibly from other 225 | # machines). This variable works like fetcher MIRRORS/PREMIRRORS and points to the 226 | # cache locations to check for the shared objects. 227 | # NOTE: if the mirror uses the same structure as SSTATE_DIR, you need to add PATH 228 | # at the end as shown in the examples below. This will be substituted with the 229 | # correct path within the directory structure. 230 | #SSTATE_MIRRORS ?= "\ 231 | #file://.* http://someserver.tld/share/sstate/PATH;downloadfilename=PATH \n \ 232 | #file://.* file:///some/local/dir/sstate/PATH" 233 | 234 | # 235 | # Yocto Project SState Mirror 236 | # 237 | # The Yocto Project has prebuilt artefacts available for its releases, you can enable 238 | # use of these by uncommenting the following line. This will mean the build uses 239 | # the network to check for artefacts at the start of builds, which does slow it down 240 | # equally, it will also speed up the builds by not having to build things if they are 241 | # present in the cache. It assumes you can download something faster than you can build it 242 | # which will depend on your network. 243 | # 244 | #SSTATE_MIRRORS ?= "file://.* http://sstate.yoctoproject.org/2.5/PATH;downloadfilename=PATH" 245 | 246 | # 247 | # Qemu configuration 248 | # 249 | # By default native qemu will build with a builtin VNC server where graphical output can be 250 | # seen. The line below enables the SDL UI frontend too. 251 | PACKAGECONFIG:append:pn-qemu-system-native = " sdl" 252 | # By default libsdl2-native will be built, if you want to use your host's libSDL instead of 253 | # the minimal libsdl built by libsdl2-native then uncomment the ASSUME_PROVIDED line below. 254 | #ASSUME_PROVIDED += "libsdl2-native" 255 | 256 | # You can also enable the Gtk UI frontend, which takes somewhat longer to build, but adds 257 | # a handy set of menus for controlling the emulator. 258 | #PACKAGECONFIG_append_pn-qemu-system-native = " gtk+" 259 | 260 | # 261 | # Hash Equivalence 262 | # 263 | # Enable support for automatically running a local hash equivalence server and 264 | # instruct bitbake to use a hash equivalence aware signature generator. Hash 265 | # equivalence improves reuse of sstate by detecting when a given sstate 266 | # artifact can be reused as equivalent, even if the current task hash doesn't 267 | # match the one that generated the artifact. 268 | # 269 | # A shared hash equivalent server can be set with ":" format 270 | # 271 | #BB_HASHSERVE = "auto" 272 | #BB_SIGNATURE_HANDLER = "OEEquivHash" 273 | 274 | # CONF_VERSION is increased each time build/conf/ changes incompatibly and is used to 275 | # track the version of this file when it was generated. This can safely be ignored if 276 | # this doesn't mean anything to you. 277 | CONF_VERSION = "2" 278 | 279 | ############### Yocto Shared State Cache for GitLab CI/CD build ############### 280 | 281 | SSTATE_DIR ?= "${TOPDIR}/sstate-cache" 282 | 283 | 284 | ################ Additional bluetooth configurations ################ 285 | 286 | DISTRO_FEATURES:append = " bluez5 bluetooth wifi systemd" 287 | IMAGE_INSTALL:append = " packagegroup-base-bluetooth expect cronie openssl-bin" 288 | VIRTUAL-RUNTIME_init_manager = "systemd" 289 | 290 | --------------------------------------------------------------------------------