Skip to content

Latest commit

 

History

History
237 lines (197 loc) · 12.7 KB

README.md

File metadata and controls

237 lines (197 loc) · 12.7 KB

T-Pot Mobile

The idea for T-Pot Mobile started a couple of years back when T-Pot started to support the ARM64 architecture. Raspberry Pi hardware was hard to come by at reasonable prices so the journey took a little longer than anticipated. Started as a one-day-a-month project at work, it fastly turned into a weekend / evening project (winter was coming) and the first version was done in December.

While already being an eye catcher the display was not bright enough, the resistive touchpanel and the resolution really did limit the possibilities. In consequence a new display had to be found that helped overcome the drawbacks. The Waveshare 4.3" capacitive display was great choice with a higher resolution.

The case had to redesigned and the code had to be adjusted to work with a capacitive display. Quickly it was decided to make this available for everyone (once T-Pot 24.04 was released).

I am very happy to share this project as Open Source, with a huge thanks to Telekom Security to make this possible. Cannot wait to see your prints, spins and forks!

T-Pot 1

Table of Contents

Hardware requirements

T-Pot Mobile is developed specifically to make T-Pot a tangible, fully wireless honeypot supporting the following hardware components:

The GUI has been developed using Pygame (Raspbian / Debian Bookworm is fully supported and required).

T-Pot 1

T-Pot 2

Requirements

  • Raspbian Lite, 64bit based on Raspbian / Debian Bookworm
  • At least T-Pot 24.04.0 which will be installed by the T-Pot Mobile installer
  • Prepare the microSD Card with a user i.e. tsec and the WiFi settings for your local network (adjustments of the Wifi settings are described here)

Installation

One liner installation

env bash -c "$(curl -sL https://github.com/telekom-security/tpotmobile/raw/main/install.sh)"

Manual installation

Boot the machine, SSH into Raspbian on tcp/22, run the following commands and follow the installer:

sudo apt install git
git clone https://github.com/telekom-security/tpotmobile
cd tpotmobile
bash install.sh

The install.sh script will also install T-Pot. When the installer asks for a T-Pot type, please choose (M)obile in order to download the correct docker images.

Then sudo reboot the machine, please notice after the reboot SSH will only be available via tcp/64295.

It takes about 8 minutes until all services are started successfully after installation.

LTE Stick settings

  • Login: Factory default, adjust after setup
  • SSID: Factory default, adjust after setup
  • PSK: Factory default, adjust after setup
  • For Telekom in Germany: Setup the LTE stick to use APN with NAT Type 2: internet.t-d1.de.
  • Use NAT forwarding only for ports 1-64000 to avoid exposing T-Pot management ports, such as SSH.
  • For DHCP / MAC settings ensure that the same IP will always be assigned to the T-Pot Wifi Adapter or NAT will break once a new IP lease starts.

Usage

Turn on

  • After turning the device on (UPS HAT power switch in on-position) the device will automatically boot and wait for the mobile network / WiFi to be fully enabled.
  • It takes roughly 8-10 minutes until all services have been started, then the first events should trickle in.

Turn off

  • After Shutting Down the device can be turned off (UPS HAT power switch in off-position). Always shutdown the device first to avoid damaging the elasticsearch index and / or filesystem.

T-Pot Mobile GUI

Waiting for Elasticsearch

  • Once the device has started the GUI will wait for Elasticsearch to be available, afterwards the GUI will switch into event mode (default: Last 1h). The GUI can be fully utilized once events have been written to the Elasticsearch index.

Event Mode

  • A single touch will switch between the event modes (Last 1m, 15m, 1h, 24h).

Open Dialog Box

  • Swiping up from the bottom of the screen towards the top of the screen (at least half the height of the screen) will open the dialog box.

Cancel

  • Will exit the dialog box.

Map / Stats

  • While in Stats mode the button will be called "Map" and when pressed will open the Map mode.
  • While in Map mode the button will be called "Stats" and when pressed will open the Stats mode.

Reboot

  • The Reboot button will reboot the system.

Power Off

  • The Power Off button will shut down the system. The system is designed for 24/7 operation, however it needs to be turned off using the Power Off function to avoid damaging the file system or elastic search indices.

Maintenance and Troubleshooting

Connect a keyboard

  • For troubleshooting you can connect a keyboard.

Exit the GUI

  • Press q to exit the GUI.
  • Login to the system with your username, i.e. tsec and the password you chose.
  • You now have access to the console as with any other Raspbian / Debian installation.

Starting / Stopping T-Pot services

  • In /etc/systemd/system are the T-Pot systemd service files tpot.service and tpotdisplay.service located. While tpot.service does control the T-Pot services tpotdisplay.service controls the T-Pot Mobile GUI.
  • Start T-Pot: sudo systemctl start tpot.service
  • Start T-Pot Mobile GUI: sudo systemctl start tpotdisplay.service
  • Stop T-Pot: sudo systemctl stop tpot.service
  • Stop T-Pot Mobile GUI: sudo systemctl stop tpotdisplay.service

Cronjob

  • T-Pot Mobile will restart the device by default every day. You can change the cronjob settings with sudo crontab -e.

Updates

  • While OS updates will be installed automatically the docker image pull policy is set to missing. This means even if newer image versions are available docker compose will not pull them. If your mobile connection is perfectly fine with downloading large docker image files then you can adjust TPOT_PULL_POLICY in tpotce/.env to always. Otherwise install updates using a different network connection i.e. LAN / WiFi.
  • Update tpotce: cd tpotce && sudo systemctl stop tpot && git pull
  • Update tpotmobile: cd tpotmobile && sudo systemctl stop tpotdisplay && git pull
  • Update docker images: cd tpotce && docker compose -f docker-compose.yml pull

Network Settings

  • Raspbian uses Network Manager by default.
  • You can find and adjust network connections in /etc/NetworkManager/system-connections.
  • By default you will find preconfigured.nmconnection which contains the settings provided by Raspberry Pi Imager.

3d Print Settings

For 3d printing we were using PLA+ filament with the following settings, depending on your usage other filament types need to be considered i.e. PETG, ABS or ASA (those remain untested regarding the case). While the support settings will complicate the removal of the supports it improves not only the print quality but also in better layer adhesion for the supports.

  • Layers and perimeters

    • Layer height 0,2mm
    • 8 solid base layers
    • 8 solid top layers
    • 6 perimeters for vertical shells
  • Infill

    • 100%
    • Ironing enabled on the topmost surface only (you can leave this out, looks better enabled though)
  • Supports enabled

    • Style: Snug
    • Top / bottom contact Z distance: 0.1
    • Sheath around the support enabled
    • Pattern: Rectilinear
    • Pattern angle: 45°
    • Top / bottom interface layers: 2
    • Interface Pattern: Rectilinear

Assembling the parts

Make sure you ordered the display including the case, this will provide you with most of the required assembly parts, otherwise the case will not fit.

Place the display face down Build 1

Insert the microSD card into the Pi4, after installing Raspbian. It will be harder to reach the microSD card later in the process. Build 2

Screw the smallest standoffs in (included in the display / case package). Build 3

Align the Raspberry Pi on the standoffs and use the nuts (4 x M2.5) and standoffs (4 x M2.5 + 6) from the assortment to secure it. Build 4 Build 5

Insert the flex DSI cable and ensure the cable and socket connectors align and the pins face each other. Build 6

Now screw the standoffs with the short end into the remaining four threads of the display backplate. Build 7 Build 8

Install the UPS HAT on top of the Pi4 and secure it with the four phillips-head screws. Build 9 Build 10

Add the remaining standoffs. Build 11

Insert the batteries and be careful about polarity. Build 12 Build 13 Build 14

If you are using the LTE stick you have probably soldered the power connectors to a stacking HAT. You can now place it on top of the UPS HAT. Build 15

Now is a good time to test everything before putting it into the case. Connect the power supply to the UPS HAT and switch the UPS HAT on. Build 16

Now put the LTE stick back into its case, insert the SIM card (which at this point should be setup not to require a PIN) and slide the LTE stick into its casket of the 3d printed case.

Slide the components carefully into the case and make sure not to damage the ribbon cable of the display. Build 17 Build 18

Hold the display in place and turn the case upside down to secure the standoffs in the case using the Phillips-head screws. Build 19

Done. Now connect the power supply (barrel connector) and turn the UPS HAT on. Depending on your usage the UPS HAT will only fully charge the batteries if the USB-C power supply for the Pi4 is connected as well. Build 20

Credits

Licenses

  • Flags are provided by Flagpedia.
  • Display dtbo and ina219 module are provided by Waveshare, all copyrights apply.
  • DTS overlays are provided by RaspberryPi.