From 537dec7423af4635f3fa15a730844a57538a8947 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 16 Aug 2023 06:51:59 -0400 Subject: [PATCH 01/44] bumped changelog version --- changelog.upstream | 31 +++++++++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 37 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index a637278..3db0f4d 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,34 @@ +commit cc2e0c39482eafe88c9607c609c790a0266b1837 +Merge: 0a1abe0 d343f5e +Author: Patrick Schleizer +Date: Wed Aug 16 06:32:04 2023 -0400 + + Merge remote-tracking branch 'vmonaco/master' + +commit d343f5e41124ff32ee78badeee540dfdea59b8ac +Merge: 2a3a45b f171889 +Author: Vinnie Monaco +Date: Tue Aug 15 21:57:43 2023 -0700 + + Merge pull request #38 from vmonaco/dev + + Multi-device support and multiple bug fixes + +commit f1718890b1620ac6ba42f2e2d1a1c2c84730c8d4 +Merge: cda8d74 0a1abe0 +Author: Vinnie Monaco +Date: Tue Aug 15 21:57:15 2023 -0700 + + Merge pull request #49 from adrelanos/chatgpt + + chatgpt + +commit 0a1abe03dd873058cb3f2e83ce97a4ba1ad89ea1 +Author: Patrick Schleizer +Date: Tue Aug 15 09:21:16 2023 -0400 + + bumped changelog version + commit 59056a25d1e14d6d81ee8a9666eda0bc62fe342a Author: Patrick Schleizer Date: Tue Aug 15 09:19:43 2023 -0400 diff --git a/debian/changelog b/debian/changelog index 6543ad7..8d20723 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.45-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Wed, 16 Aug 2023 10:51:58 +0000 + kloak (0:0.2.44-1) unstable; urgency=medium * New upstream version (local package). From ca5cf502265f24bfd871547739d8b86449d00bc1 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 18 Sep 2023 07:23:20 -0400 Subject: [PATCH 02/44] bumped changelog version --- changelog.upstream | 28 ++++++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 34 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 3db0f4d..89bdaae 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,31 @@ +commit f49d6b8d4575f1694fe5038a6639e04dca9d4bfb +Merge: 537dec7 8fb85a0 +Author: Patrick Schleizer +Date: Mon Sep 18 07:22:36 2023 -0400 + + Merge remote-tracking branch 'vmonaco/master' + +commit 8fb85a065a809be2b504075c500cbd1d12c4ecd9 +Merge: d343f5e f55cecc +Author: Vinnie Monaco +Date: Sun Sep 17 21:16:31 2023 -0700 + + Merge pull request #57 from skyzzuu/avoid_mem_leak_after_exit + + free pfds after exit to avoid memory leak + +commit f55ceccf164a7a2705fd6151bad77e6c421cf9e0 +Author: Everett Gally +Date: Sun Sep 17 19:42:08 2023 -0400 + + free pfds after while loop in main_loop exits to avoid memory leak after kloak ends + +commit 537dec7423af4635f3fa15a730844a57538a8947 +Author: Patrick Schleizer +Date: Wed Aug 16 06:51:59 2023 -0400 + + bumped changelog version + commit cc2e0c39482eafe88c9607c609c790a0266b1837 Merge: 0a1abe0 d343f5e Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index 8d20723..2c66281 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.46-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Mon, 18 Sep 2023 11:23:20 +0000 + kloak (0:0.2.45-1) unstable; urgency=medium * New upstream version (local package). From 61c0b09452ded9bcbd8476ee3aa103f116bc5330 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sun, 24 Sep 2023 11:22:09 -0400 Subject: [PATCH 03/44] bumped changelog version --- changelog.upstream | 30 ++++++++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 36 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 89bdaae..065822b 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,33 @@ +commit c107815a062251cef694a84cf0710a73168e2bcf +Merge: ca5cf50 af79b08 +Author: Patrick Schleizer +Date: Tue Sep 19 08:23:59 2023 -0400 + + Merge remote-tracking branch 'vmonaco/master' + +commit af79b08ea3dd83b70c5099391ef3e1233b102511 +Merge: 8fb85a0 68c3c70 +Author: Vinnie Monaco +Date: Mon Sep 18 08:43:25 2023 -0700 + + Merge pull request #53 from adrelanos/indentation-style + + improve indentation style + +commit 68c3c7063d51afee6bee63c15ab2465d83591442 +Author: Patrick Schleizer +Date: Mon Sep 18 08:04:34 2023 -0400 + + improve indentation style + + fixes https://github.com/vmonaco/kloak/issues/52 + +commit ca5cf502265f24bfd871547739d8b86449d00bc1 +Author: Patrick Schleizer +Date: Mon Sep 18 07:23:20 2023 -0400 + + bumped changelog version + commit f49d6b8d4575f1694fe5038a6639e04dca9d4bfb Merge: 537dec7 8fb85a0 Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index 2c66281..432a63c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.47-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Sun, 24 Sep 2023 15:22:09 +0000 + kloak (0:0.2.46-1) unstable; urgency=medium * New upstream version (local package). From f10707f108872ba37673aec8303917d71deec8cd Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 25 Sep 2023 11:58:40 -0400 Subject: [PATCH 04/44] bumped changelog version --- changelog.upstream | 58 ++++++++++++++++++++++++++++++++++++++++++++++ debian/changelog | 6 +++++ 2 files changed, 64 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 065822b..cbf733a 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,40 @@ +commit 196343c1c614c9d35264c43e502c83477d7107e0 +Merge: 61c0b09 9cbdf44 +Author: Patrick Schleizer +Date: Mon Sep 25 11:56:55 2023 -0400 + + Merge remote-tracking branch 'vmonaco/master' + +commit 9cbdf4484da19eb09653356e59ce42c37cecb523 +Merge: 130d81b 2ed1b1f +Author: Vinnie Monaco +Date: Sun Sep 24 21:49:52 2023 -0700 + + Merge pull request #62 from skyzzuu/check_rescue_key_str_not_null + + ensure _rescue_keys_str is not null before passing to strncpy to avoid potential null pointer dereference + +commit 130d81b6e5f2c892fbd7596eaf1ad1f10911426e +Merge: af79b08 efa47d1 +Author: Vinnie Monaco +Date: Sun Sep 24 21:47:27 2023 -0700 + + Merge pull request #63 from vmonaco/dev + + update readme + +commit 61c0b09452ded9bcbd8476ee3aa103f116bc5330 +Author: Patrick Schleizer +Date: Sun Sep 24 11:22:09 2023 -0400 + + bumped changelog version + +commit 2ed1b1f4e1613d5add68e051fcd1d58fd1ef97e4 +Author: Everett Gally +Date: Sat Sep 23 11:25:33 2023 -0400 + + ensure _rescue_keys_str is not null before passing to strncpy to avoid potential null pointer dereference + commit c107815a062251cef694a84cf0710a73168e2bcf Merge: ca5cf50 af79b08 Author: Patrick Schleizer @@ -5,6 +42,15 @@ Date: Tue Sep 19 08:23:59 2023 -0400 Merge remote-tracking branch 'vmonaco/master' +commit efa47d1e0fa7b3cea17491a9520276e408d07569 +Merge: f171889 c928a7c +Author: Vinnie Monaco +Date: Mon Sep 18 08:43:59 2023 -0700 + + Merge pull request #55 from skyzzuu/readme_changes + + add dependency installation information into readme + commit af79b08ea3dd83b70c5099391ef3e1233b102511 Merge: 8fb85a0 68c3c70 Author: Vinnie Monaco @@ -35,6 +81,12 @@ Date: Mon Sep 18 07:22:36 2023 -0400 Merge remote-tracking branch 'vmonaco/master' +commit c928a7c52e2fa0b4f2b7e7cf49c94197555fb288 +Author: Everett Gally +Date: Mon Sep 18 07:16:55 2023 -0400 + + update debian dependency installation information to install devscripts and then use sudo mk-build-deps --remove --install instead of hardcoding dependencies + commit 8fb85a065a809be2b504075c500cbd1d12c4ecd9 Merge: d343f5e f55cecc Author: Vinnie Monaco @@ -50,6 +102,12 @@ Date: Sun Sep 17 19:42:08 2023 -0400 free pfds after while loop in main_loop exits to avoid memory leak after kloak ends +commit b2f3a2aae1b85e22f40868266927773307131d0d +Author: Everett Gally +Date: Sun Sep 10 17:13:52 2023 -0400 + + add dependency installation information into readme + commit 537dec7423af4635f3fa15a730844a57538a8947 Author: Patrick Schleizer Date: Wed Aug 16 06:51:59 2023 -0400 diff --git a/debian/changelog b/debian/changelog index 432a63c..f99206e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.48-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Mon, 25 Sep 2023 15:58:40 +0000 + kloak (0:0.2.47-1) unstable; urgency=medium * New upstream version (local package). From daafc674bb10a03b7adcbae35015e9297cce6dd5 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 10 Nov 2023 12:31:00 -0500 Subject: [PATCH 05/44] CodeQL --- build.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100755 build.sh diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..047b1fb --- /dev/null +++ b/build.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +## For CodeQL autobuild + +set -x +set -e + +apt update --error-on=any +apt install --yes libevdev2 libevdev-dev libsodium23 libsodium-dev pkg-config + +make From cfd170899bea518f044359f01c4ce9d7f85ca11a Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 10 Nov 2023 12:35:12 -0500 Subject: [PATCH 06/44] CodeQL --- build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 047b1fb..3ca421b 100755 --- a/build.sh +++ b/build.sh @@ -5,7 +5,7 @@ set -x set -e -apt update --error-on=any -apt install --yes libevdev2 libevdev-dev libsodium23 libsodium-dev pkg-config +sudo --non-interactive apt-get update --error-on=any +sudo --non-interactive apt-get install --yes libevdev2 libevdev-dev libsodium23 libsodium-dev pkg-config make From 1526784d9fdc79f7df0802c7519ce4f29fd0b37c Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sat, 11 Nov 2023 14:43:10 -0500 Subject: [PATCH 07/44] copyright --- COPYING | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 COPYING diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..8ce1b9e --- /dev/null +++ b/COPYING @@ -0,0 +1,32 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: Copyright (c) 2016, Vinnie Monaco +License: BSD-3-clause + Copyright (c) 2016, Vinnie Monaco + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + * Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. From 49bb0ac90677a35c2abdc1096369bf24b9a1ba45 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sat, 11 Nov 2023 20:30:12 +0000 Subject: [PATCH 08/44] bumped changelog version --- changelog.upstream | 24 ++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 30 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index cbf733a..a5b62ff 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,27 @@ +commit 1526784d9fdc79f7df0802c7519ce4f29fd0b37c +Author: Patrick Schleizer +Date: Sat Nov 11 14:43:10 2023 -0500 + + copyright + +commit cfd170899bea518f044359f01c4ce9d7f85ca11a +Author: Patrick Schleizer +Date: Fri Nov 10 12:35:12 2023 -0500 + + CodeQL + +commit daafc674bb10a03b7adcbae35015e9297cce6dd5 +Author: Patrick Schleizer +Date: Fri Nov 10 12:31:00 2023 -0500 + + CodeQL + +commit f10707f108872ba37673aec8303917d71deec8cd +Author: Patrick Schleizer +Date: Mon Sep 25 11:58:40 2023 -0400 + + bumped changelog version + commit 196343c1c614c9d35264c43e502c83477d7107e0 Merge: 61c0b09 9cbdf44 Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index f99206e..6b46ba8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.49-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Sat, 11 Nov 2023 20:30:12 +0000 + kloak (0:0.2.48-1) unstable; urgency=medium * New upstream version (local package). From d48c864ace7ff9e4c98f04dea8cec4d4b0061a63 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Thu, 11 Jan 2024 06:42:24 -0500 Subject: [PATCH 09/44] update readme --- README.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 4c7a48a..63da14a 100644 --- a/README.md +++ b/README.md @@ -60,24 +60,24 @@ Notice that the lower bound on the random delay has to be raised when keys are p How to install `kloak` using apt-get -1\. Download [Whonix's Signing Key](). +1\. Download the APT Signing Key. ``` -wget https://www.whonix.org/patrick.asc +wget https://www.whonix.org/keys/derivative.asc ``` -Users can [check Whonix Signing Key](https://www.whonix.org/wiki/Whonix_Signing_Key) for better security. +Users can [check the Signing Key](https://www.whonix.org/wiki/Signing_Key) for better security. -2\. Add Whonix's signing key. +2\. Add the APT Signing Key. ``` -sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg add ~/patrick.asc +sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc ``` -3\. Add Whonix's APT repository. +3\. Add the derivative repository. ``` -echo "deb https://deb.whonix.org bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list +echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list ``` 4\. Update your package lists. @@ -105,7 +105,6 @@ Replace `apparmor-profile-torbrowser` with the actual name of this package with `kloak` requires [donations](https://www.whonix.org/wiki/Donate) to stay alive! - ### Troubleshooting #### Can't open input/output device From a8f0e5f8ef21befa74d00a6199ed7f30807e4f8e Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Thu, 11 Jan 2024 13:05:14 +0000 Subject: [PATCH 10/44] bumped changelog version --- changelog.upstream | 12 ++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index a5b62ff..bca16c3 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,15 @@ +commit d48c864ace7ff9e4c98f04dea8cec4d4b0061a63 +Author: Patrick Schleizer +Date: Thu Jan 11 06:42:24 2024 -0500 + + update readme + +commit 49bb0ac90677a35c2abdc1096369bf24b9a1ba45 +Author: Patrick Schleizer +Date: Sat Nov 11 20:30:12 2023 +0000 + + bumped changelog version + commit 1526784d9fdc79f7df0802c7519ce4f29fd0b37c Author: Patrick Schleizer Date: Sat Nov 11 14:43:10 2023 -0500 diff --git a/debian/changelog b/debian/changelog index 6b46ba8..dd0c729 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.50-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Thu, 11 Jan 2024 13:05:14 +0000 + kloak (0:0.2.49-1) unstable; urgency=medium * New upstream version (local package). From 9b19632b302e534274b43c57c87cf8ead07f8b40 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 22 Jan 2024 07:06:02 -0500 Subject: [PATCH 11/44] usrmerge --- debian/kloak.install | 5 +++-- {lib => usr/lib}/systemd/system/kloak.service | 0 2 files changed, 3 insertions(+), 2 deletions(-) rename {lib => usr/lib}/systemd/system/kloak.service (100%) diff --git a/debian/kloak.install b/debian/kloak.install index b008116..62dba20 100644 --- a/debian/kloak.install +++ b/debian/kloak.install @@ -3,7 +3,8 @@ ## Manually maintained file. nogenmkfile -etc/* -lib/* eventcap usr/sbin/ kloak usr/sbin/ + +etc/* +usr/* diff --git a/lib/systemd/system/kloak.service b/usr/lib/systemd/system/kloak.service similarity index 100% rename from lib/systemd/system/kloak.service rename to usr/lib/systemd/system/kloak.service From ade162aab807499dbf383afcb15effd1dbdb13bd Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 22 Jan 2024 13:25:12 +0000 Subject: [PATCH 12/44] bumped changelog version --- changelog.upstream | 12 ++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index bca16c3..d58ccb3 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,15 @@ +commit 9b19632b302e534274b43c57c87cf8ead07f8b40 +Author: Patrick Schleizer +Date: Mon Jan 22 07:06:02 2024 -0500 + + usrmerge + +commit a8f0e5f8ef21befa74d00a6199ed7f30807e4f8e +Author: Patrick Schleizer +Date: Thu Jan 11 13:05:14 2024 +0000 + + bumped changelog version + commit d48c864ace7ff9e4c98f04dea8cec4d4b0061a63 Author: Patrick Schleizer Date: Thu Jan 11 06:42:24 2024 -0500 diff --git a/debian/changelog b/debian/changelog index dd0c729..d9beada 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.51-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Mon, 22 Jan 2024 13:25:12 +0000 + kloak (0:0.2.50-1) unstable; urgency=medium * New upstream version (local package). From de06819bf221b994e00a0e8ccd93c64f66b20dec Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 2 Feb 2024 07:33:00 -0500 Subject: [PATCH 13/44] usrmerge debhelper systemd Debian package maintainer scripts fix --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 9e28eed..bd303e7 100644 --- a/debian/control +++ b/debian/control @@ -5,7 +5,7 @@ Source: kloak Section: misc Priority: optional Maintainer: Patrick Schleizer -Build-Depends: debhelper (>= 13), debhelper-compat (= 13), dh-apparmor, libevdev2, libevdev-dev, libsodium23, libsodium-dev, pkg-config +Build-Depends: debhelper (>= 13.11.6), debhelper-compat (= 13), dh-apparmor, libevdev2, libevdev-dev, libsodium23, libsodium-dev, pkg-config Homepage: https://github.com/vmonaco/kloak Vcs-Browser: https://github.com/vmonaco/kloak Vcs-Git: https://github.com/vmonaco/kloak.git From e937174bb71313d943d8fb8965ae339343d0337f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 2 Feb 2024 12:46:17 +0000 Subject: [PATCH 14/44] bumped changelog version --- changelog.upstream | 12 ++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index d58ccb3..5624446 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,15 @@ +commit de06819bf221b994e00a0e8ccd93c64f66b20dec +Author: Patrick Schleizer +Date: Fri Feb 2 07:33:00 2024 -0500 + + usrmerge debhelper systemd Debian package maintainer scripts fix + +commit ade162aab807499dbf383afcb15effd1dbdb13bd +Author: Patrick Schleizer +Date: Mon Jan 22 13:25:12 2024 +0000 + + bumped changelog version + commit 9b19632b302e534274b43c57c87cf8ead07f8b40 Author: Patrick Schleizer Date: Mon Jan 22 07:06:02 2024 -0500 diff --git a/debian/changelog b/debian/changelog index d9beada..32fda52 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.52-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Fri, 02 Feb 2024 12:46:16 +0000 + kloak (0:0.2.51-1) unstable; urgency=medium * New upstream version (local package). From 36385d7b0050601e6f255b168c297dab8d8fb027 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 11:16:50 -0500 Subject: [PATCH 15/44] Use monotonic time for delay tracking --- src/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index c8a9615..d77c97e 100644 --- a/src/main.c +++ b/src/main.c @@ -77,7 +77,7 @@ void sleep_ms(long milliseconds) { long current_time_ms(void) { struct timespec spec; - clock_gettime(CLOCK_REALTIME, &spec); + clock_gettime(CLOCK_MONOTONIC, &spec); return (spec.tv_sec) * 1000 + (spec.tv_nsec) / 1000000; } From c9c5a9876bd7fba17ec638efd065cc0836329766 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 12:36:13 -0500 Subject: [PATCH 16/44] Add compiler hardening flags, fix all GCC warnings --- Makefile | 25 +++++++++++++++++++++++++ src/main.c | 30 ++++++++++++++++++++++-------- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index b95b43b..1c92e87 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,30 @@ #!/usr/bin/make -f +TARGETARCH=$(shell gcc -dumpmachine) + +# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html +# Omitted the following flags: +# -D_GLIBCXX_ASSERTIONS # application is not written in C++ +# -fstrict-flex-arrays=3 # not supported in Debian Bookworm's GCC version (12) +# -fPIC -shared # not a shared library +# -fexceptions # not multithreaded +# -fhardened # not supported in Debian Bookworm's GCC version (12) +CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ + -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ + -fstack-clash-protection \ + -fstack-protector-strong -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro \ + -Wl,-z,now -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -Wtrampolines \ + -Wbidi-chars=any -fPIE -pie -Werror=implicit \ + -Werror=incompatible-pointer-types -Werror=int-conversion \ + -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing + +ifeq ($(TARGETARCH), x86_64-linux-gnu) + CFLAGS += -fcf-protection=full # only supported on x86_64 +endif +ifeq ($(TARGETARCH), aarch64-linux-gnu) + CFLAGS += -mbranch-protection=standard # only supported on aarch64 +endif + all : kloak eventcap kloak : src/main.c src/keycodes.c src/keycodes.h diff --git a/src/main.c b/src/main.c index d77c97e..0a785d0 100644 --- a/src/main.c +++ b/src/main.c @@ -42,7 +42,7 @@ static int rescue_len = 0; // Number of rescue keys, set during initializat static int max_delay = DEFAULT_MAX_DELAY_MS; // lag will never exceed this upper bound static int startup_timeout = DEFAULT_STARTUP_DELAY_MS; -static int device_count = 0; +static unsigned int device_count = 0; static char named_inputs[MAX_INPUTS][BUFSIZE]; static int input_fds[MAX_INPUTS]; @@ -82,11 +82,18 @@ long current_time_ms(void) { } long random_between(long lower, long upper) { + long maxval; + long randval; // default to max if the interval is not valid if (lower >= upper) return upper; - return lower + randombytes_uniform(upper - lower + 1); + maxval = upper - lower + 1; + if (maxval > UINT32_MAX) + return UINT32_MAX; + + randval = randombytes_uniform((uint32_t)maxval); + return lower + randval; } void set_rescue_keys(const char* rescue_keys_str) { @@ -118,7 +125,9 @@ int supports_event_type(int device_fd, int event_type) { unsigned long evbit = 0; // Get the bit field of available event types. ioctl(device_fd, EVIOCGBIT(0, sizeof(evbit)), &evbit); - return evbit & (1 << event_type); + // NOTE: EVIOCGBIT ioctl returns an int, see handle_eviocgbit function in + // linux/drivers/input/evdev.c, thus this cast is safe + return (int)evbit & (1 << event_type); } int supports_specific_key(int device_fd, unsigned int key) { @@ -130,7 +139,7 @@ int supports_specific_key(int device_fd, unsigned int key) { } int is_keyboard(int fd) { - int key; + unsigned int key; int num_supported_keys = 0; // Only check devices that support EV_KEY events @@ -152,7 +161,8 @@ int is_mouse(int fd) { void detect_devices() { int fd; - char device[256]; + unsigned int device_idx; + char device[BUFSIZE]; for (int i = 0; i < MAX_DEVICES; i++) { sprintf(device, "/dev/input/event%d", i); @@ -162,11 +172,15 @@ void detect_devices() { } if (is_keyboard(fd)) { - strncpy(named_inputs[device_count++], device, BUFSIZE-1); + device_idx = device_count++; + strncpy(named_inputs[device_idx], device, BUFSIZE); + named_inputs[device_idx][BUFSIZE-1] = 0; if (verbose) printf("Found keyboard at: %s\n", device); } else if (is_mouse(fd)) { - strncpy(named_inputs[device_count++], device, BUFSIZE-1); + device_idx = device_count++; + strncpy(named_inputs[device_idx], device, BUFSIZE); + named_inputs[device_idx][BUFSIZE-1] = 0; if (verbose) printf("Found mouse at: %s\n", device); } @@ -233,7 +247,7 @@ void emit_event(struct entry *e) { } void main_loop() { - int err; + long int err; long prev_release_time = 0; long current_time = 0; long lower_bound = 0; From dd255ad28bd404f3aad6012949d4fb4e04330db9 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 13:08:09 -0500 Subject: [PATCH 17/44] Use strtcpy rather than strncpy --- src/main.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/main.c b/src/main.c index 0a785d0..6dc332c 100644 --- a/src/main.c +++ b/src/main.c @@ -1,3 +1,4 @@ +#define _GNU_SOURCE #include #include #include @@ -5,6 +6,7 @@ #include #include #include +#include #include #include #include @@ -68,6 +70,27 @@ struct entry { int device_index; }; +// From string_copying manpage +ssize_t strtcpy(char *restrict dst, const char *restrict src, size_t dsize) +{ + bool trunc; + size_t dlen, slen; + + if (dsize == 0) { + errno = ENOBUFS; + return -1; + } + + slen = strnlen(src, dsize); + trunc = (slen == dsize); + dlen = slen - trunc; + + stpcpy(mempcpy(dst, src, dlen), ""); + if (trunc) + errno = E2BIG; + return trunc ? -1 : (ssize_t)slen; +} + void sleep_ms(long milliseconds) { struct timespec ts; ts.tv_sec = milliseconds / 1000; @@ -161,7 +184,6 @@ int is_mouse(int fd) { void detect_devices() { int fd; - unsigned int device_idx; char device[BUFSIZE]; for (int i = 0; i < MAX_DEVICES; i++) { @@ -172,15 +194,11 @@ void detect_devices() { } if (is_keyboard(fd)) { - device_idx = device_count++; - strncpy(named_inputs[device_idx], device, BUFSIZE); - named_inputs[device_idx][BUFSIZE-1] = 0; + strtcpy(named_inputs[device_count++], device, BUFSIZE); if (verbose) printf("Found keyboard at: %s\n", device); } else if (is_mouse(fd)) { - device_idx = device_count++; - strncpy(named_inputs[device_idx], device, BUFSIZE); - named_inputs[device_idx][BUFSIZE-1] = 0; + strtcpy(named_inputs[device_count++], device, BUFSIZE); if (verbose) printf("Found mouse at: %s\n", device); } From b0f0c926d84a6d60363c89c11b8f36cc55b57459 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 13:24:20 -0500 Subject: [PATCH 18/44] Add a header file to make future development easier (adapted from https://github.com/vmonaco/kloak/pull/61) --- src/kloak.h | 28 ++++++++++++++++++++++++++++ src/main.c | 8 +------- 2 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 src/kloak.h diff --git a/src/kloak.h b/src/kloak.h new file mode 100644 index 0000000..60d716b --- /dev/null +++ b/src/kloak.h @@ -0,0 +1,28 @@ +#ifndef KLOAK_H +#define KLOAK_H + +struct entry { + struct input_event iev; + long time; + TAILQ_ENTRY(entry) entries; + int device_index; +}; + +ssize_t strtcpy(char *, const char *, size_t); +void sleep_ms(long int); +long current_time_ms(void); +long int random_between(long int, long int); +void set_rescue_keys(const char*); +int supports_event_type(int, int); +int supports_specific_key(int, unsigned int); +int is_keyboard(int); +int is_mouse(int); +void detect_devices(); +void init_inputs(); +void init_outputs(); +void emit_event(struct entry *); +void main_loop(); +void usage(); +void banner(); + +#endif diff --git a/src/main.c b/src/main.c index 6dc332c..09cd171 100644 --- a/src/main.c +++ b/src/main.c @@ -12,6 +12,7 @@ #include #include +#include "kloak.h" #include "keycodes.h" #define BUFSIZE 256 // for device names and rescue key sequence @@ -63,13 +64,6 @@ static struct option long_options[] = { TAILQ_HEAD(tailhead, entry) head; -struct entry { - struct input_event iev; - long time; - TAILQ_ENTRY(entry) entries; - int device_index; -}; - // From string_copying manpage ssize_t strtcpy(char *restrict dst, const char *restrict src, size_t dsize) { From 7f9bc1bcfd08e8b3554e135a4c4d59a0a09b26d8 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 13:39:55 -0500 Subject: [PATCH 19/44] Harden code based on advice from ChatGPT3 (adapted from https://github.com/vmonaco/kloak/pull/65) --- src/main.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/main.c b/src/main.c index 09cd171..eae5fe8 100644 --- a/src/main.c +++ b/src/main.c @@ -89,7 +89,8 @@ void sleep_ms(long milliseconds) { struct timespec ts; ts.tv_sec = milliseconds / 1000; ts.tv_nsec = (milliseconds % 1000) * 1000000; - nanosleep(&ts, NULL); + if (nanosleep(&ts, NULL) == -1) + panic("nanosleep failed: %s", strerror(errno)); } long current_time_ms(void) { @@ -141,7 +142,8 @@ void set_rescue_keys(const char* rescue_keys_str) { int supports_event_type(int device_fd, int event_type) { unsigned long evbit = 0; // Get the bit field of available event types. - ioctl(device_fd, EVIOCGBIT(0, sizeof(evbit)), &evbit); + if (ioctl(device_fd, EVIOCGBIT(0, sizeof(evbit)), &evbit) == -1) + panic("ioctl EVIOCGBIT failed: %s", strerror(errno)); // NOTE: EVIOCGBIT ioctl returns an int, see handle_eviocgbit function in // linux/drivers/input/evdev.c, thus this cast is safe return (int)evbit & (1 << event_type); @@ -151,7 +153,8 @@ int supports_specific_key(int device_fd, unsigned int key) { size_t nchar = KEY_MAX/8 + 1; unsigned char bits[nchar]; // Get the bit fields of available keys. - ioctl(device_fd, EVIOCGBIT(EV_KEY, sizeof(bits)), &bits); + if (ioctl(device_fd, EVIOCGBIT(EV_KEY, sizeof(bits)), &bits) == -1) + panic("ioctl EVIOCGBIT for EV_KEY failed: %s", strerror(errno)); return bits[key/8] & (1 << (key % 8)); } @@ -197,7 +200,8 @@ void detect_devices() { printf("Found mouse at: %s\n", device); } - close(fd); + if (close(fd) == -1) + panic("close failed on device: %s, error: %s", device, strerror(errno)); if (device_count >= MAX_INPUTS) { if (verbose) @@ -418,7 +422,7 @@ int main(int argc, char **argv) { case 'r': if (device_count >= MAX_INPUTS) panic("Too many -r options: can read from at most %d devices\n", MAX_INPUTS); - strncpy(named_inputs[device_count++], optarg, BUFSIZE-1); + strtcpy(named_inputs[device_count++], optarg, BUFSIZE); break; case 'd': @@ -432,7 +436,7 @@ int main(int argc, char **argv) { break; case 'k': - strncpy(rescue_keys_str, optarg, BUFSIZE-1); + strtcpy(rescue_keys_str, optarg, BUFSIZE); break; case 'v': From 0d91a09a76ffa21b2782d673fcb91b16574b58d6 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 14:27:59 -0500 Subject: [PATCH 20/44] Add support for new devices attached after kloak starts (adapted from https://github.com/vmonaco/kloak/pull/67) --- debian/kloak.install | 1 + lib/udev/rules.d/95-kloak.rules | 23 +++++++++++++++++++++++ src/main.c | 3 +++ 3 files changed, 27 insertions(+) create mode 100644 lib/udev/rules.d/95-kloak.rules diff --git a/debian/kloak.install b/debian/kloak.install index 62dba20..f557fc0 100644 --- a/debian/kloak.install +++ b/debian/kloak.install @@ -8,3 +8,4 @@ kloak usr/sbin/ etc/* usr/* +lib/* diff --git a/lib/udev/rules.d/95-kloak.rules b/lib/udev/rules.d/95-kloak.rules new file mode 100644 index 0000000..9c5e02b --- /dev/null +++ b/lib/udev/rules.d/95-kloak.rules @@ -0,0 +1,23 @@ +SUBSYSTEM!="input", GOTO="end" + + +# do not run kloak on devices created by kloak +KERNEL=="event*", ATTRS{name}=="kloak*", GOTO="end" + +# new keyboard or mouse attached, start kloak@event[0-9].service +KERNEL=="event*", ACTION=="add", ENV{ID_INPUT_KEYBOARD}=="1", RUN+="/usr/bin/systemctl restart kloak.service" +KERNEL=="event*", ACTION=="add", ENV{ID_INPUT_KEYBOARD}=="1", GOTO="end" + +KERNEL=="event*", ACTION=="add", ENV{ID_INPUT_MOUSE}=="1", RUN+="/usr/bin/systemctl restart kloak.service" +KERNEL=="event*", ACTION=="add", ENV{ID_INPUT_MOUSE}=="1", GOTO="end" + + +# keyboard or mouse removed, stop the service +KERNEL=="event*", ACTION=="remove", ENV{ID_INPUT_KEYBOARD}=="1", RUN+="/usr/bin/systemctl restart kloak.service" +KERNEL=="event*", ACTION=="remove", ENV{ID_INPUT_KEYBOARD}=="1", GOTO="end" + +KERNEL=="event*", ACTION=="remove", ENV{ID_INPUT_MOUSE}=="1", RUN+="/usr/bin/systemctl restart kloak.service" +KERNEL=="event*", ACTION=="remove", ENV{ID_INPUT_MOUSE}=="1", GOTO="end" + + +LABEL="end" diff --git a/src/main.c b/src/main.c index eae5fe8..614013e 100644 --- a/src/main.c +++ b/src/main.c @@ -232,12 +232,15 @@ void init_inputs() { } void init_outputs() { + const char *name = "kloak output device"; for (int i = 0; i < device_count; i++) { int err = libevdev_new_from_fd(input_fds[i], &output_devs[i]); if (err != 0) panic("Could not create evdev for input device: %s", named_inputs[i]); + libevdev_set_name(output_devs[i], name); + err = libevdev_uinput_create_from_device(output_devs[i], LIBEVDEV_UINPUT_OPEN_MANAGED, &uidevs[i]); if (err != 0) From e9284abf22adb36968011fb9ab47cc1357b58e9b Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 15:31:49 -0500 Subject: [PATCH 21/44] Fix build failure, adjust number of supported devices to account for systems with many input devices --- debian/control | 2 +- src/main.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index bd303e7..b8ad8ca 100644 --- a/debian/control +++ b/debian/control @@ -5,7 +5,7 @@ Source: kloak Section: misc Priority: optional Maintainer: Patrick Schleizer -Build-Depends: debhelper (>= 13.11.6), debhelper-compat (= 13), dh-apparmor, libevdev2, libevdev-dev, libsodium23, libsodium-dev, pkg-config +Build-Depends: debhelper (>= 13.11.4), debhelper-compat (= 13), dh-apparmor, libevdev2, libevdev-dev, libsodium23, libsodium-dev, pkg-config Homepage: https://github.com/vmonaco/kloak Vcs-Browser: https://github.com/vmonaco/kloak Vcs-Git: https://github.com/vmonaco/kloak.git diff --git a/src/main.c b/src/main.c index 614013e..5f001c4 100644 --- a/src/main.c +++ b/src/main.c @@ -16,8 +16,8 @@ #include "keycodes.h" #define BUFSIZE 256 // for device names and rescue key sequence -#define MAX_INPUTS 16 // number of devices to try autodetection -#define MAX_DEVICES 16 // max number of devices to read events from +#define MAX_INPUTS 48 // number of devices to try autodetection +#define MAX_DEVICES 48 // max number of devices to read events from #define MAX_RESCUE_KEYS 10 // max number of rescue keys to exit in case of emergency #define MIN_KEYBOARD_KEYS 20 // need at least this many keys to be a keyboard #define POLL_TIMEOUT_MS 1 // timeout to check for new events From 5beda6da49cf1ef9ef09767e35a5660015160ee8 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 15:52:53 -0500 Subject: [PATCH 22/44] Add address and undefined behavior sanitization --- Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1c92e87..20dae2c 100644 --- a/Makefile +++ b/Makefile @@ -3,12 +3,16 @@ TARGETARCH=$(shell gcc -dumpmachine) # https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html +# # Omitted the following flags: # -D_GLIBCXX_ASSERTIONS # application is not written in C++ # -fstrict-flex-arrays=3 # not supported in Debian Bookworm's GCC version (12) # -fPIC -shared # not a shared library # -fexceptions # not multithreaded # -fhardened # not supported in Debian Bookworm's GCC version (12) +# +# Added the following flags: +# -fsanitize=address,undefined # enable ASan/UBSan CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ -fstack-clash-protection \ @@ -16,7 +20,8 @@ CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ -Wl,-z,now -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -Wtrampolines \ -Wbidi-chars=any -fPIE -pie -Werror=implicit \ -Werror=incompatible-pointer-types -Werror=int-conversion \ - -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing + -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing \ + -fsanitize=address,undefined ifeq ($(TARGETARCH), x86_64-linux-gnu) CFLAGS += -fcf-protection=full # only supported on x86_64 From d7f386dcdd25263eb9e7a7031b171fdec3d0d4d3 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 17:59:36 -0500 Subject: [PATCH 23/44] Enable use on non-Intel architectures, fix syscall whitelist --- debian/control | 2 +- usr/lib/systemd/system/kloak.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index b8ad8ca..fe0fcdf 100644 --- a/debian/control +++ b/debian/control @@ -29,7 +29,7 @@ Package: kloak ## qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60269d8c ## qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x6000178c ## Update: Same as above. -Architecture: amd64 +Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libevdev2, libsodium23 Description: anti keystroke deanonymization tool A keystroke-level online anonymization kernel. diff --git a/usr/lib/systemd/system/kloak.service b/usr/lib/systemd/system/kloak.service index 244f1f8..bed50d9 100644 --- a/usr/lib/systemd/system/kloak.service +++ b/usr/lib/systemd/system/kloak.service @@ -55,7 +55,7 @@ NoNewPrivileges=true RestrictRealtime=true RestrictNamespaces=true SystemCallArchitectures=native -SystemCallFilter=ioctl nanosleep select write read openat close brk fstat lseek mmap mprotect munmap rt_sigaction rt_sigprocmask access execve getuid arch_prctl set_tid_address set_robust_list prlimit64 pread64 getrandom newfstatat clock_nanosleep pselect6 poll shmctl openat getdents64 +SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd [Install] WantedBy=multi-user.target From 7fa9500c32f6560bf6ee7fe55438e27869601a0e Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 18:15:42 -0500 Subject: [PATCH 24/44] Add some missing syscalls for x86_64 --- usr/lib/systemd/system/kloak.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/lib/systemd/system/kloak.service b/usr/lib/systemd/system/kloak.service index bed50d9..b445975 100644 --- a/usr/lib/systemd/system/kloak.service +++ b/usr/lib/systemd/system/kloak.service @@ -55,7 +55,7 @@ NoNewPrivileges=true RestrictRealtime=true RestrictNamespaces=true SystemCallArchitectures=native -SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd +SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd access fstat pread64 poll [Install] WantedBy=multi-user.target From ba5df2543f247ed5592690d97019e0444e79b749 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 18:33:55 -0500 Subject: [PATCH 25/44] Do resource cleanup on panic --- src/main.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/main.c b/src/main.c index 5f001c4..9a0b567 100644 --- a/src/main.c +++ b/src/main.c @@ -24,7 +24,7 @@ #define DEFAULT_MAX_DELAY_MS 20 // upper bound on event delay #define DEFAULT_STARTUP_DELAY_MS 500 // wait before grabbing the input device -#define panic(format, ...) do { fprintf(stderr, format "\n", ## __VA_ARGS__); fflush(stderr); exit(EXIT_FAILURE); } while (0) +#define panic(format, ...) do { fprintf(stderr, format "\n", ## __VA_ARGS__); fflush(stderr); cleanup(); exit(EXIT_FAILURE); } while (0) #ifndef min #define min(a, b) ( ((a) < (b)) ? (a) : (b) ) @@ -85,6 +85,14 @@ ssize_t strtcpy(char *restrict dst, const char *restrict src, size_t dsize) return trunc ? -1 : (ssize_t)slen; } +void cleanup() { + for (int i = 0; i < device_count; i++) { + libevdev_uinput_destroy(uidevs[i]); + libevdev_free(output_devs[i]); + close(input_fds[i]); + } +} + void sleep_ms(long milliseconds) { struct timespec ts; ts.tv_sec = milliseconds / 1000; @@ -483,11 +491,7 @@ int main(int argc, char **argv) { main_loop(); // close everything - for (int i = 0; i < device_count; i++) { - libevdev_uinput_destroy(uidevs[i]); - libevdev_free(output_devs[i]); - close(input_fds[i]); - } + cleanup(); exit(EXIT_SUCCESS); } From bb4a7143877eb12904e797224c2b0afc05463713 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Mon, 23 Sep 2024 18:41:47 -0500 Subject: [PATCH 26/44] Add a useful change from https://github.com/vmonaco/kloak/pull/65 that got missed --- src/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index 9a0b567..43807ad 100644 --- a/src/main.c +++ b/src/main.c @@ -192,7 +192,7 @@ void detect_devices() { char device[BUFSIZE]; for (int i = 0; i < MAX_DEVICES; i++) { - sprintf(device, "/dev/input/event%d", i); + snprintf(device, sizeof(device), "/dev/input/event%d", i); if ((fd = open(device, O_RDONLY)) < 0) { continue; From 98febd4ffde18ff2d37f6882cf0e1f6d03bfc53a Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 24 Sep 2024 05:00:47 +0000 Subject: [PATCH 27/44] bumped changelog version --- changelog.upstream | 94 ++++++++++++++++++++++++++++++++++++++++++++++ debian/changelog | 6 +++ 2 files changed, 100 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 5624446..0461ffc 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,97 @@ +commit 81a5ef129afff70ca3683ac393031ed51170378c +Merge: e937174 e1e03d7 +Author: Patrick Schleizer +Date: Tue Sep 24 00:55:31 2024 -0400 + + Merge remote-tracking branch 'github-whonix/master' + +commit e1e03d786078dd8b0e2bddb4a982afd76b864797 +Merge: e937174 bb4a714 +Author: Patrick Schleizer +Date: Tue Sep 24 00:52:03 2024 -0400 + + Merge pull request #1 from ArrayBolt3/arraybolt3 + + Harden and enhance Kloak + +commit bb4a7143877eb12904e797224c2b0afc05463713 +Author: Aaron Rainbolt +Date: Mon Sep 23 18:41:47 2024 -0500 + + Add a useful change from https://github.com/vmonaco/kloak/pull/65 that got missed + +commit ba5df2543f247ed5592690d97019e0444e79b749 +Author: Aaron Rainbolt +Date: Mon Sep 23 18:33:55 2024 -0500 + + Do resource cleanup on panic + +commit 7fa9500c32f6560bf6ee7fe55438e27869601a0e +Author: Aaron Rainbolt +Date: Mon Sep 23 18:15:42 2024 -0500 + + Add some missing syscalls for x86_64 + +commit d7f386dcdd25263eb9e7a7031b171fdec3d0d4d3 +Author: Aaron Rainbolt +Date: Mon Sep 23 17:59:36 2024 -0500 + + Enable use on non-Intel architectures, fix syscall whitelist + +commit 5beda6da49cf1ef9ef09767e35a5660015160ee8 +Author: Aaron Rainbolt +Date: Mon Sep 23 15:52:53 2024 -0500 + + Add address and undefined behavior sanitization + +commit e9284abf22adb36968011fb9ab47cc1357b58e9b +Author: Aaron Rainbolt +Date: Mon Sep 23 15:31:49 2024 -0500 + + Fix build failure, adjust number of supported devices to account for systems with many input devices + +commit 0d91a09a76ffa21b2782d673fcb91b16574b58d6 +Author: Aaron Rainbolt +Date: Mon Sep 23 14:27:59 2024 -0500 + + Add support for new devices attached after kloak starts (adapted from https://github.com/vmonaco/kloak/pull/67) + +commit 7f9bc1bcfd08e8b3554e135a4c4d59a0a09b26d8 +Author: Aaron Rainbolt +Date: Mon Sep 23 13:39:55 2024 -0500 + + Harden code based on advice from ChatGPT3 (adapted from https://github.com/vmonaco/kloak/pull/65) + +commit b0f0c926d84a6d60363c89c11b8f36cc55b57459 +Author: Aaron Rainbolt +Date: Mon Sep 23 13:24:20 2024 -0500 + + Add a header file to make future development easier (adapted from https://github.com/vmonaco/kloak/pull/61) + +commit dd255ad28bd404f3aad6012949d4fb4e04330db9 +Author: Aaron Rainbolt +Date: Mon Sep 23 13:08:09 2024 -0500 + + Use strtcpy rather than strncpy + +commit c9c5a9876bd7fba17ec638efd065cc0836329766 +Author: Aaron Rainbolt +Date: Mon Sep 23 12:36:13 2024 -0500 + + Add compiler hardening flags, fix all GCC warnings + +commit 36385d7b0050601e6f255b168c297dab8d8fb027 +Author: Aaron Rainbolt +Date: Mon Sep 23 11:16:50 2024 -0500 + + Use monotonic time for delay tracking + +commit e937174bb71313d943d8fb8965ae339343d0337f +Author: Patrick Schleizer +Date: Fri Feb 2 12:46:17 2024 +0000 + + bumped changelog version + commit de06819bf221b994e00a0e8ccd93c64f66b20dec Author: Patrick Schleizer Date: Fri Feb 2 07:33:00 2024 -0500 diff --git a/debian/changelog b/debian/changelog index 32fda52..3485db9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.2.53-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Tue, 24 Sep 2024 05:00:47 +0000 + kloak (0:0.2.52-1) unstable; urgency=medium * New upstream version (local package). From 0f3ae73fc107e4103f2e9933960bdedce63df7cf Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 24 Sep 2024 01:02:28 -0400 Subject: [PATCH 28/44] fork of kloak from upstream from now, doing normal version bump with reach rebuild since version numbers are now managed by Whonix --- debian/make-helper-overrides.bsh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/make-helper-overrides.bsh b/debian/make-helper-overrides.bsh index 22bba0b..cc1d4f8 100755 --- a/debian/make-helper-overrides.bsh +++ b/debian/make-helper-overrides.bsh @@ -3,7 +3,8 @@ ## Copyright (C) 2016 - 2023 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. -version_numbers_by_upstream=true +## Fork. +#version_numbers_by_upstream=true ## Already included upstream. genmkfile_lintian_post_opts+=" --suppress-tags maintainer-manual-page" From b08597935959a9a37d96ec49f372d08084e6a82a Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 24 Sep 2024 05:03:38 +0000 Subject: [PATCH 29/44] bumped changelog version --- changelog.upstream | 16 ++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 0461ffc..2a26f77 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,19 @@ +commit 0f3ae73fc107e4103f2e9933960bdedce63df7cf +Author: Patrick Schleizer +Date: Tue Sep 24 01:02:28 2024 -0400 + + fork of kloak from upstream + + from now, doing normal version bump with reach rebuild + + since version numbers are now managed by Whonix + +commit 98febd4ffde18ff2d37f6882cf0e1f6d03bfc53a +Author: Patrick Schleizer +Date: Tue Sep 24 05:00:47 2024 +0000 + + bumped changelog version + commit 81a5ef129afff70ca3683ac393031ed51170378c Merge: e937174 e1e03d7 Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index 3485db9..a74cbf0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.0-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Tue, 24 Sep 2024 05:03:38 +0000 + kloak (0:0.2.53-1) unstable; urgency=medium * New upstream version (local package). From ac9d1fc2712966a5ae834a690a885db9f10b2b0b Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Tue, 24 Sep 2024 13:41:35 -0500 Subject: [PATCH 30/44] Add -p option for disabling rescue key sequence --- src/main.c | 45 ++++++++++++++++++++++++++++++++------------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/src/main.c b/src/main.c index 43807ad..ac98494 100644 --- a/src/main.c +++ b/src/main.c @@ -36,6 +36,8 @@ static int interrupt = 0; // flag to interrupt the main loop and exit static int verbose = 0; // flag for verbose output +static int persistent = 0; // flag for persistent mode (diables rescue key sequence) +static int custom_rescue = 0; // flag for setting a custom rescue key sequence static char rescue_key_seps[] = ", "; // delims to strtok static char rescue_keys_str[BUFSIZE] = "KEY_LEFTSHIFT,KEY_RIGHTSHIFT,KEY_ESC"; @@ -332,15 +334,17 @@ void main_loop() { panic("read() failed: %s", strerror(errno)); // check for the rescue sequence. - if (ev.type == EV_KEY) { - int all = 1; - for (int j = 0; j < rescue_len; j++) { - if (rescue_keys[j] == ev.code) - rescue_state[j] = (ev.value == 0 ? 0 : 1); - all = all && rescue_state[j]; + if (!persistent) { + if (ev.type == EV_KEY) { + int all = 1; + for (int j = 0; j < rescue_len; j++) { + if (rescue_keys[j] == ev.code) + rescue_state[j] = (ev.value == 0 ? 0 : 1); + all = all && rescue_state[j]; + } + if (all) + interrupt = 1; } - if (all) - interrupt = 1; } // schedule the keyboard event to be released sometime in the future. @@ -392,6 +396,7 @@ void usage() { fprintf(stderr, " -s startup_timeout: time to wait (milliseconds) before startup. Default 100.\n"); fprintf(stderr, " -k csv_string: csv list of rescue key names to exit kloak in case the\n" " keyboard becomes unresponsive. Default is 'KEY_LEFTSHIFT,KEY_RIGHTSHIFT,KEY_ESC'.\n"); + fprintf(stderr, " -p: persistent mode (disable rescue key sequence)\n"); fprintf(stderr, " -v: verbose mode\n"); } @@ -405,10 +410,13 @@ void banner() { for (int i = 1; i < device_count; i++) { printf("* %s\n", named_inputs[i]); } - - printf("* Rescue keys : %s", lookup_keyname(rescue_keys[0])); - for (int i = 1; i < rescue_len; i++) { - printf(" + %s", lookup_keyname(rescue_keys[i])); + if (persistent) { + printf("* Persistent mode, rescue keys disabled"); + } else { + printf("* Rescue keys : %s", lookup_keyname(rescue_keys[0])); + for (int i = 1; i < rescue_len; i++) { + printf(" + %s", lookup_keyname(rescue_keys[i])); + } } printf("\n"); @@ -424,7 +432,7 @@ int main(int argc, char **argv) { printf("You are not root! This may not work...\n"); while (1) { - int c = getopt_long(argc, argv, "r:d:s:k:vh", long_options, NULL); + int c = getopt_long(argc, argv, "r:d:s:k:vph", long_options, NULL); if (c < 0) break; @@ -447,13 +455,24 @@ int main(int argc, char **argv) { break; case 'k': + if (persistent) { + panic("-k and -p options are mutually exclusive, try -h for help\n"); + } strtcpy(rescue_keys_str, optarg, BUFSIZE); + custom_rescue = 1; break; case 'v': verbose = 1; break; + case 'p': + if (custom_rescue) { + panic("-k and -p options are mutually exclusive, try -h for help\n"); + } + persistent = 1; + break; + case 'h': usage(); exit(0); From a290f5f0fd864ea459e1c3e75a424fe7dd33cca8 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Tue, 24 Sep 2024 15:25:56 -0500 Subject: [PATCH 31/44] Fix minor bug in makefile, add check for pkg-config --- Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 20dae2c..9ccb25b 100644 --- a/Makefile +++ b/Makefile @@ -24,10 +24,14 @@ CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ -fsanitize=address,undefined ifeq ($(TARGETARCH), x86_64-linux-gnu) - CFLAGS += -fcf-protection=full # only supported on x86_64 +CFLAGS += -fcf-protection=full # only supported on x86_64 endif ifeq ($(TARGETARCH), aarch64-linux-gnu) - CFLAGS += -mbranch-protection=standard # only supported on aarch64 +CFLAGS += -mbranch-protection=standard # only supported on aarch64 +endif + +ifeq (, $(shell which pkg-config)) +$(error pkg-config not installed!) endif all : kloak eventcap From fb6cff17fe950846a1af6c3e4edc323c0bfb56fe Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 01:04:05 +0000 Subject: [PATCH 32/44] bumped changelog version --- changelog.upstream | 25 +++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 31 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 2a26f77..e67ae85 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,28 @@ +commit 47e67bad20c321a8556e4256ad473e0a97ef3971 +Merge: b085979 a290f5f +Author: Patrick Schleizer +Date: Tue Sep 24 20:59:42 2024 -0400 + + Merge remote-tracking branch 'ArrayBolt3/master' + +commit a290f5f0fd864ea459e1c3e75a424fe7dd33cca8 +Author: Aaron Rainbolt +Date: Tue Sep 24 15:25:56 2024 -0500 + + Fix minor bug in makefile, add check for pkg-config + +commit ac9d1fc2712966a5ae834a690a885db9f10b2b0b +Author: Aaron Rainbolt +Date: Tue Sep 24 13:41:35 2024 -0500 + + Add -p option for disabling rescue key sequence + +commit b08597935959a9a37d96ec49f372d08084e6a82a +Author: Patrick Schleizer +Date: Tue Sep 24 05:03:38 2024 +0000 + + bumped changelog version + commit 0f3ae73fc107e4103f2e9933960bdedce63df7cf Author: Patrick Schleizer Date: Tue Sep 24 01:02:28 2024 -0400 diff --git a/debian/changelog b/debian/changelog index a74cbf0..0bb3b25 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.1-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Wed, 25 Sep 2024 01:04:05 +0000 + kloak (0:0.3.0-1) unstable; urgency=medium * New upstream version (local package). From aad35c7038ae645e27af125f5c0b1adf59d0f063 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 00:16:22 -0400 Subject: [PATCH 33/44] add readlink syscall (required in VirtualBox) --- usr/lib/systemd/system/kloak.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/lib/systemd/system/kloak.service b/usr/lib/systemd/system/kloak.service index b445975..3eebeb5 100644 --- a/usr/lib/systemd/system/kloak.service +++ b/usr/lib/systemd/system/kloak.service @@ -55,7 +55,7 @@ NoNewPrivileges=true RestrictRealtime=true RestrictNamespaces=true SystemCallArchitectures=native -SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd access fstat pread64 poll +SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd access fstat pread64 poll readlink [Install] WantedBy=multi-user.target From b7831111dfc305ed7fbaa60f69163df38746af51 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 04:16:46 +0000 Subject: [PATCH 34/44] bumped changelog version --- changelog.upstream | 12 ++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index e67ae85..b1cd2e2 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,15 @@ +commit aad35c7038ae645e27af125f5c0b1adf59d0f063 +Author: Patrick Schleizer +Date: Wed Sep 25 00:16:22 2024 -0400 + + add readlink syscall (required in VirtualBox) + +commit fb6cff17fe950846a1af6c3e4edc323c0bfb56fe +Author: Patrick Schleizer +Date: Wed Sep 25 01:04:05 2024 +0000 + + bumped changelog version + commit 47e67bad20c321a8556e4256ad473e0a97ef3971 Merge: b085979 a290f5f Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index 0bb3b25..a8887b8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.2-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Wed, 25 Sep 2024 04:16:46 +0000 + kloak (0:0.3.1-1) unstable; urgency=medium * New upstream version (local package). From cec549dbfa81a927775a0f7b1d7c9a8116a45694 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 00:19:52 -0400 Subject: [PATCH 35/44] add open syscall (required in VirtualBox) --- usr/lib/systemd/system/kloak.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/lib/systemd/system/kloak.service b/usr/lib/systemd/system/kloak.service index 3eebeb5..5c45aa3 100644 --- a/usr/lib/systemd/system/kloak.service +++ b/usr/lib/systemd/system/kloak.service @@ -55,7 +55,7 @@ NoNewPrivileges=true RestrictRealtime=true RestrictNamespaces=true SystemCallArchitectures=native -SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd access fstat pread64 poll readlink +SystemCallFilter=brk clock_nanosleep close execve faccessat getdents64 getpid getrandom getuid ioctl madvise mmap mprotect munmap newfstatat openat ppoll prlimit64 read readlinkat rseq rt_sigaction set_robust_list set_tid_address sigaltstack write rt_sigprocmask sysinfo uname getcwd access fstat pread64 poll readlink open [Install] WantedBy=multi-user.target From db54b34d50df8ffd0b9c6c55338aecea07de6928 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 00:23:29 -0400 Subject: [PATCH 36/44] apparmor --- etc/apparmor.d/usr.sbin.kloak | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/apparmor.d/usr.sbin.kloak b/etc/apparmor.d/usr.sbin.kloak index fcd5f48..ca4eac6 100644 --- a/etc/apparmor.d/usr.sbin.kloak +++ b/etc/apparmor.d/usr.sbin.kloak @@ -1,4 +1,4 @@ -# Last Modified: Sun Jul 9 12:23:04 2023 +# Last Modified: Wed Sep 25 04:21:21 2024 include ## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP @@ -24,6 +24,9 @@ include /{,usr/}lib{,32,64}/** mr, owner /dev/input/event* r, owner /dev/uinput rw, + owner /proc/*/cmdline r, + owner /proc/*/environ r, + owner /proc/*/maps r, owner /sys/devices/virtual/input/** r, # Site-specific additions and overrides. See local/README for details. From 3cbe8b2ba4d50f6d23823736a90109e89a5c07c4 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Wed, 25 Sep 2024 04:23:39 +0000 Subject: [PATCH 37/44] bumped changelog version --- changelog.upstream | 18 ++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 24 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index b1cd2e2..0ecd4d3 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,21 @@ +commit db54b34d50df8ffd0b9c6c55338aecea07de6928 +Author: Patrick Schleizer +Date: Wed Sep 25 00:23:29 2024 -0400 + + apparmor + +commit cec549dbfa81a927775a0f7b1d7c9a8116a45694 +Author: Patrick Schleizer +Date: Wed Sep 25 00:19:52 2024 -0400 + + add open syscall (required in VirtualBox) + +commit b7831111dfc305ed7fbaa60f69163df38746af51 +Author: Patrick Schleizer +Date: Wed Sep 25 04:16:46 2024 +0000 + + bumped changelog version + commit aad35c7038ae645e27af125f5c0b1adf59d0f063 Author: Patrick Schleizer Date: Wed Sep 25 00:16:22 2024 -0400 diff --git a/debian/changelog b/debian/changelog index a8887b8..af95433 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.3-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Wed, 25 Sep 2024 04:23:39 +0000 + kloak (0:0.3.2-1) unstable; urgency=medium * New upstream version (local package). From 38604467ed76f6d236e5c207913d9533bdab05ab Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Wed, 25 Sep 2024 12:41:58 -0500 Subject: [PATCH 38/44] Don't set the output device name under Qubes OS, it causes a scary notification to appear --- src/main.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index ac98494..49648ba 100644 --- a/src/main.c +++ b/src/main.c @@ -34,6 +34,9 @@ #define max(a, b) ( ((a) > (b)) ? (a) : (b) ) #endif +const char *qubes_detect_file = "/usr/share/qubes/marker-vm"; +static bool is_qubes_vm = false; + static int interrupt = 0; // flag to interrupt the main loop and exit static int verbose = 0; // flag for verbose output static int persistent = 0; // flag for persistent mode (diables rescue key sequence) @@ -249,7 +252,14 @@ void init_outputs() { if (err != 0) panic("Could not create evdev for input device: %s", named_inputs[i]); - libevdev_set_name(output_devs[i], name); + // Setting the device name under Qubes is pointless, as a Qubes VM + // will never have a dynamically changing number of input devices like + // a normal VM or a physical system. Furthermore, setting the device + // name causes an alarming "Denied qubes.InputKeyboard from vm to + // dom0" notification. + if (!is_qubes_vm) { + libevdev_set_name(output_devs[i], name); + } err = libevdev_uinput_create_from_device(output_devs[i], LIBEVDEV_UINPUT_OPEN_MANAGED, &uidevs[i]); @@ -431,6 +441,10 @@ int main(int argc, char **argv) { if ((getuid()) != 0) printf("You are not root! This may not work...\n"); + if (access(qubes_detect_file, F_OK) == 0) { + is_qubes_vm = true; + } + while (1) { int c = getopt_long(argc, argv, "r:d:s:k:vph", long_options, NULL); From c3500fc38cea3d69c96765f6691688e4079ecd67 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Wed, 25 Sep 2024 13:43:06 -0500 Subject: [PATCH 39/44] Don't use AddressSanitizer, incompatible with Whonix's vm.mmap_rnd_bits setting --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9ccb25b..5fb8026 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ -Wbidi-chars=any -fPIE -pie -Werror=implicit \ -Werror=incompatible-pointer-types -Werror=int-conversion \ -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing \ - -fsanitize=address,undefined + -fsanitize=undefined ifeq ($(TARGETARCH), x86_64-linux-gnu) CFLAGS += -fcf-protection=full # only supported on x86_64 From 4bbdf38cc6c6f9162348d9b23deef3169f8465b8 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Wed, 25 Sep 2024 15:17:27 -0500 Subject: [PATCH 40/44] Update README.md --- README.md | 55 ++++++------------------------------------------------- 1 file changed, 6 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 63da14a..20f82b1 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# anti keystroke deanonymization tool # +# anti keystroke deanonymization tool kloak: *Keystroke-level online anonymization kernel* @@ -23,8 +23,7 @@ Fedora: Debian: - $ sudo apt install devscripts - $ sudo mk-build-deps --remove --install + $ sudo apt install make pkg-config libsodium-dev libevdev-dev First, compile `kloak` and the event capture tool `eventcap`: @@ -94,7 +93,7 @@ sudo apt-get install kloak ### How to build deb package -Replace `apparmor-profile-torbrowser` with the actual name of this package with `kloak` and see [instructions](https://www.whonix.org/wiki/Dev/Build_Documentation/apparmor-profile-torbrowser). +See the [Whonix package build documentation](https://www.whonix.org/wiki/Dev/Build_Documentation/security-misc). Replace the sample package name `security-misc` with `kloak` to download, build, and install kloak. ### Whonix contact and support @@ -107,27 +106,6 @@ Replace `apparmor-profile-torbrowser` with the actual name of this package with ### Troubleshooting -#### Can't open input/output device - -`kloak` will attempt to find your keyboard device to read events from and the location of `uinput` to write events to. If `kloak` cannot find either the input device or output device, these must be specified with the `-r` and `-w` options, respectively. - -To find the keyboard device for reading events: determine which device file corresponds to the physical keyboard. Use `eventcap` (or some other event capture tool) and look for the device that generates events when keys are pressed. This will typically be one of `/dev/input/event[0-7]`. In this example, it's `/dev/input/event4`: - - $ sudo ./eventcap /dev/input/event4 - Reading From : /dev/input/event4 (AT Translated Set 2 keyboard) - Type: 4 Code: 4 Value: 15 - Type: 1 Code: 15 Value: 0 - Type: 0 Code: 0 Value: 0 - Type: 4 Code: 4 Value: 56 - Type: 1 Code: 56 Value: 0 - Type: 0 Code: 0 Value: 0 - -`uinput` is the [kernel module](http://thiemonge.org/getting-started-with-uinput) that allows user-land applications to create input devices. This is typically located at either `/dev/uinput` or `/dev/input/uinput`. - -Start `kloak` by specifying the input and output device files: - - $ sudo ./kloak -r /dev/input/event4 -w /dev/uinput - #### My keyboard seems very slow `kloak` works by introducing a random delay to each key press and release event. This requires temporarily buffering the event before it reaches the application (e.g., a text editor). @@ -149,38 +127,17 @@ The full usage and options are: -s startup_timeout: time to wait (milliseconds) before startup. Default 100. -k csv_string: csv list of rescue key names to exit kloak in case the keyboard becomes unresponsive. Default is 'KEY_LEFTSHIFT,KEY_RIGHTSHIFT,KEY_ESC'. + -p: persistent mode (disable rescue key sequence) -v: verbose mode ## Try it out -Consider these three different scenarios: -* Train normal, test normal -* Train normal, test kloak -* Train `kloak`, test `kloak` - -*Train normal* means to train with normal typing behavior, i.e., without `kloak` running. At the enrollment page on the KeyTrac demo (demo no longer available), enter a username and password without `kloak` running, and then on the authenticate page, try authenticating. For example, the train normal/test normal result is: - -
-

-
- -Start `kloak` and then try authenticating again. These results were obtained using a maximum delay of 200 ms (`-d 200`). The train normal/test `kloak` result is: - -
-

-
- -Enroll With `kloak` running and then try authenticating with `kloak` still running. Again, this is with a 200 ms maximum delay. The train `kloak`/test `kloak` result is: - -
-

-
- -Your results may differ, especially in the train `kloak`/test `kloak` scenario. The train `kloak`/test `kloak` scenario is more difficult to anonymize than the train normal/test `kloak` scenario. This is because *kloak obfuscates your typing behavior, but does not make your typing behavior similar to other users*. This dilemma relates to the problem of user cooperation. It's easy to make your typing behavior look like something that it's not, but what should that be? If it's too unique, then the change does more harm then good, allowing you to be easily identified. Without the cooperation of other users, it's difficult to choose a behavior that's hard to distinguish. +See the [kloak defense testing](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak) instructions. ## Background `kloak` has two goals in mind: + * Make it difficult for an adversary to identify a user * Make it difficult for an adversary to replicate a user's typing behavior From f5ee77ee73f90c02fede10cdc510a1a6417dd74f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Thu, 26 Sep 2024 11:07:01 +0000 Subject: [PATCH 41/44] bumped changelog version --- changelog.upstream | 31 +++++++++++++++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 37 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 0ecd4d3..02a2aed 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,34 @@ +commit 9b96a2330e5dd9d2829bb662f0f01ff9c1e5b505 +Merge: 3cbe8b2 4bbdf38 +Author: Patrick Schleizer +Date: Thu Sep 26 06:53:11 2024 -0400 + + Merge remote-tracking branch 'ArrayBolt3/master' + +commit 4bbdf38cc6c6f9162348d9b23deef3169f8465b8 +Author: Aaron Rainbolt +Date: Wed Sep 25 15:17:27 2024 -0500 + + Update README.md + +commit c3500fc38cea3d69c96765f6691688e4079ecd67 +Author: Aaron Rainbolt +Date: Wed Sep 25 13:43:06 2024 -0500 + + Don't use AddressSanitizer, incompatible with Whonix's vm.mmap_rnd_bits setting + +commit 38604467ed76f6d236e5c207913d9533bdab05ab +Author: Aaron Rainbolt +Date: Wed Sep 25 12:41:58 2024 -0500 + + Don't set the output device name under Qubes OS, it causes a scary notification to appear + +commit 3cbe8b2ba4d50f6d23823736a90109e89a5c07c4 +Author: Patrick Schleizer +Date: Wed Sep 25 04:23:39 2024 +0000 + + bumped changelog version + commit db54b34d50df8ffd0b9c6c55338aecea07de6928 Author: Patrick Schleizer Date: Wed Sep 25 00:23:29 2024 -0400 diff --git a/debian/changelog b/debian/changelog index af95433..0f55b76 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.4-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Thu, 26 Sep 2024 11:07:01 +0000 + kloak (0:0.3.3-1) unstable; urgency=medium * New upstream version (local package). From 29477f98d1192ced4fb0e630c07dbd8b97942d22 Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Thu, 26 Sep 2024 14:08:48 -0500 Subject: [PATCH 42/44] Generate debugging info --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 5fb8026..f817b37 100644 --- a/Makefile +++ b/Makefile @@ -37,10 +37,10 @@ endif all : kloak eventcap kloak : src/main.c src/keycodes.c src/keycodes.h - gcc src/main.c src/keycodes.c -o kloak -lm $(shell pkg-config --cflags --libs libevdev) $(shell pkg-config --cflags --libs libsodium) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) + gcc -g src/main.c src/keycodes.c -o kloak -lm $(shell pkg-config --cflags --libs libevdev) $(shell pkg-config --cflags --libs libsodium) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) eventcap : src/eventcap.c - gcc src/eventcap.c -o eventcap $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) + gcc -g src/eventcap.c -o eventcap $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) clean : rm -f kloak eventcap From 62a657ea69d07eb1164b1c5634f9f4035ce013a9 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 27 Sep 2024 00:48:20 +0000 Subject: [PATCH 43/44] bumped changelog version --- changelog.upstream | 19 +++++++++++++++++++ debian/changelog | 6 ++++++ 2 files changed, 25 insertions(+) diff --git a/changelog.upstream b/changelog.upstream index 02a2aed..a4ed2f3 100644 --- a/changelog.upstream +++ b/changelog.upstream @@ -1,3 +1,22 @@ +commit 222994ec63c36898b8a89fca2f0210384da2a0c3 +Merge: f5ee77e 29477f9 +Author: Patrick Schleizer +Date: Thu Sep 26 20:47:43 2024 -0400 + + Merge remote-tracking branch 'ArrayBolt3/master' + +commit 29477f98d1192ced4fb0e630c07dbd8b97942d22 +Author: Aaron Rainbolt +Date: Thu Sep 26 14:08:48 2024 -0500 + + Generate debugging info + +commit f5ee77ee73f90c02fede10cdc510a1a6417dd74f +Author: Patrick Schleizer +Date: Thu Sep 26 11:07:01 2024 +0000 + + bumped changelog version + commit 9b96a2330e5dd9d2829bb662f0f01ff9c1e5b505 Merge: 3cbe8b2 4bbdf38 Author: Patrick Schleizer diff --git a/debian/changelog b/debian/changelog index 0f55b76..1a98136 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +kloak (0:0.3.5-1) unstable; urgency=medium + + * New upstream version (local package). + + -- Patrick Schleizer Fri, 27 Sep 2024 00:48:20 +0000 + kloak (0:0.3.4-1) unstable; urgency=medium * New upstream version (local package). From d4e7b4c0428527ea002e1ea61839effc0cb5e88e Mon Sep 17 00:00:00 2001 From: Aaron Rainbolt Date: Sun, 6 Oct 2024 01:23:57 -0500 Subject: [PATCH 44/44] Change emulated device names to keep GTK from treating a cloaked VirtualBox tablet like a touchscreen --- lib/udev/rules.d/95-kloak.rules | 2 +- src/main.c | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/udev/rules.d/95-kloak.rules b/lib/udev/rules.d/95-kloak.rules index 9c5e02b..51fbdc0 100644 --- a/lib/udev/rules.d/95-kloak.rules +++ b/lib/udev/rules.d/95-kloak.rules @@ -2,7 +2,7 @@ SUBSYSTEM!="input", GOTO="end" # do not run kloak on devices created by kloak -KERNEL=="event*", ATTRS{name}=="kloak*", GOTO="end" +KERNEL=="event*", ATTRS{name}=="*kloak", GOTO="end" # new keyboard or mouse attached, start kloak@event[0-9].service KERNEL=="event*", ACTION=="add", ENV{ID_INPUT_KEYBOARD}=="1", RUN+="/usr/bin/systemctl restart kloak.service" diff --git a/src/main.c b/src/main.c index 49648ba..951bd58 100644 --- a/src/main.c +++ b/src/main.c @@ -245,7 +245,8 @@ void init_inputs() { } void init_outputs() { - const char *name = "kloak output device"; + char *name; + const char *suffix = " kloak"; for (int i = 0; i < device_count; i++) { int err = libevdev_new_from_fd(input_fds[i], &output_devs[i]); @@ -258,7 +259,17 @@ void init_outputs() { // name causes an alarming "Denied qubes.InputKeyboard from vm to // dom0" notification. if (!is_qubes_vm) { + const char *tmp_name = libevdev_get_name(output_devs[i]); + name = malloc(strlen(tmp_name) + strlen(suffix) + 1); + if (name == NULL) + panic("Could not allocate memory for device name: %s", tmp_name); + + strcpy(name, tmp_name); + strcat(name, suffix); + libevdev_set_name(output_devs[i], name); + + free(name); } err = libevdev_uinput_create_from_device(output_devs[i], LIBEVDEV_UINPUT_OPEN_MANAGED, &uidevs[i]);