Take a watermarked capture/recording of the phone screen

PiRogueToolSuite / project-management

Put in one place all the user stories and the tasks associated to them

0 stars 0 forks source link

Take a watermarked capture/recording of the phone screen #21

Open U039b opened 7 months ago

U039b commented 7 months ago

Users can take a watermarked capture or recording of their phone screen.

U039b commented 2 months ago

Proposed implementation: The entry point is a single command to be executed on the PiRogue. This command will:

ask for an arbitrary name corresponding to the victim's name, organization name, etc.
ask for the responder's name, email and organization
save the information into a JSON file
create a directory where the files will be stored
tell the victim to take screenshots and/or record the screen of their phone (Android doc, iOS doc)
start a droopy server accessible from the isolated network
connect the victim's phone to the PiRogue access point
browse Droopy URL (has to be simple)
upload all the screenshots and/or recordings
shutdown the Droopy server
append exif data including responder's name, email and organization
add a watermark on the files
store the checksum of the files

U039b commented 1 month ago

This month

Along with a reorganization of the PiRogue Debian packages, we are introducing a new package pirogue-evidence-collector creating the following entry points:

pirogue-android to interact with an Android device and run commands on it.
pirogue-file-drop to expose a web server allowing the user to upload files from their device to the PiRogue.
pirogue-extract-metadata to extract metadata of a file and save it separately in [original file name].metadata.json.
pirogue-timestamp to time stamp files by requesting a 3rd-party RFC3161 authority.
pirogue-intercept-[gated|single] to instrument an Android application to analyze its network traffic.

Next month

We are planning to release this Debian package next month.

Challenges

The primary challenge was to establish a mechanism for offline timestamp verification exclusively reliant upon OpenSSL.

U039b commented 1 week ago

This month

The two commands responsible for intercepting TLS client randoms now utilize friTap. Given that friTap supports a broader range of TLS implementations compared to our initial implementation, we have decided to integrate friTap directly.

We have added the dynamic generation of hooks to the commands pirogue-intercept-[gated|single]. The different Frida hooks to be generated and injected are defined by the user in JSON format. This feature will be documented when the Debian package will be released.

The release of the Debian package has been postponed, more testing has to be performed before its first release.

Next month

We are planning to document and release this Debian package next month.

Challenges

None.