added customization command for boot option on install.sh
parent
bd06adfd5a
commit
f872de3dc5
20
README.md
20
README.md
|
@ -15,8 +15,7 @@
|
|||
|
||||
|
||||
|
||||
|
||||
SUPPORT:
|
||||
SUPPORT CURRENT/FUTURE WORKS:
|
||||
|
||||
|
||||
https://www.buymeacoffee.com/politictech (public Tutorials/Blog posts and option to donate a coffee if you feel up to it; also private ethical consulting + message me) [backup blog: https://politictech.wordpress.com]
|
||||
|
@ -25,17 +24,22 @@ BTC: 3QDdTcLwLTPXKMBp5dLUhKJG6KbDxWsYWS
|
|||
|
||||
CashApp: https://cash.app/$HumanRightsTech
|
||||
|
||||
XMR:481wHzXEsW9E519uu3SiynMuGe1yUT43iiJ8M49fgxfngHr9MUPVNAmPgyjS4XYtvzD1TbK7P5ywUWhGo11ibT2RQhEcRSX
|
||||
|
||||
|
||||
|
||||
VIDEO CHANNELS (including guide to wipri, linux, sdr, more):
|
||||
### VIDEO CHANNELS (including guide to wipri, linux, sdr, more):
|
||||
|
||||
|
||||
PEERTUBE: https://tube.tchncs.de/video-channels/privacy__tech_tips/videos
|
||||
|
||||
ODYSEE VIDEO/FILE CHANNEL: https://odysee.com/$/invite/@RTP:9 (joining Odysee with my invite link helps me promote content + you earn cryptocurrency (LBRY) for watching videos)
|
||||
|
||||
YOUTUBE: https://www.youtube.com/channel/UChVCEXzi39_YEpUQhqmEFrQ
|
||||
|
||||
BRIGHTEON: https://www.brighteon.com/channels/righttoprivacy
|
||||
|
||||
BITCHUTE: https://www.bitchute.com/channel/yourprivacytv
|
||||
|
||||
BRANDNEWTUBE: https://brandnewtube.com/@RightToPrivacy (NEW)
|
||||
|
||||
|
||||
|
@ -76,15 +80,20 @@ wipri -d [device] -r [randomizes mac continually changing times/addresses] -a [c
|
|||
|
||||
First if deciding to install to start at boot (option), edit the wipri flags in wipri.service to your liking.
|
||||
|
||||
|
||||
sudo bash install.sh
|
||||
|
||||
|
||||
That's it. wipri is now installed as a command. install.sh gives the additional option of starting itself at boot
|
||||
if you answer 'yes' to the question of installing as a systemd service. By default the systemd service will start
|
||||
a new mac identity on each boot. You can change this by editing the wipri.service file.
|
||||
Do not forget to include -d [devicename] when issuing commands.
|
||||
|
||||
|
||||
Tip: if you decide to try the newer -A wifi access point randomize, pair with your choice of static mac flags to create new WiFi network (prevents static databasing such as Wigle)
|
||||
For the above random ssid option I added optional netcat notification and will expand on this later. Post a question if you have one.
|
||||
|
||||
|
||||
### Additional Info:
|
||||
|
||||
wipri generated mac addresses use valid OUI's (unlike many mac randomizations). See below for why.
|
||||
|
@ -92,11 +101,12 @@ wipri generated mac addresses use valid OUI's (unlike many mac randomizations).
|
|||
If using a Pinephone I suggest selecting -p for home, -P for out. This will mimic an iPhone/Android phone: one of the most common devices around. -p for static (w/mac checking to prevent leaks), -P for continually changing Apple/Android mac at continuously changing times/mac addresses.
|
||||
For even more broad randomization use -r for continuously changing randomization at continuously changing randomized times (all brands) or -i for static random mac identity
|
||||
|
||||
|
||||
### Why does wipri use valid OUI's?
|
||||
|
||||
One documented method of tracking down a devices' 'real mac address' includes
|
||||
cancelling/striking out all mac addresses with an invalid/nonexistent OUI preface.
|
||||
From here one can narrow down from false OUI's. Wipri avoids this issue by using OUI lists.
|
||||
From here one can narrow down from false OUI's. Wipri avoids this issue by using OUI lists (all brands).
|
||||
wipri is argument/flag based, to more easily allow you to incorporate wipri commands into scripts.
|
||||
Run wipri command anytime you need privacy or (optionally) or use the install.sh script to install
|
||||
wipri w/optional new identity changes for each boot. Wipri disables ipv6 by default
|
||||
|
|
16
install.sh
16
install.sh
|
@ -4,6 +4,11 @@
|
|||
# Makes wipri a common Linux command
|
||||
# Optionally makes systemd unique identity at boot (only if yes is answered at end ques)
|
||||
#
|
||||
|
||||
wpcmd="wipri -d wlan0 -p" # Example command for boot, set on question during running
|
||||
wpservicefile='wipri.service' # wipri.service file location for the boot section
|
||||
|
||||
|
||||
echo "Creating /etc/wipri directory..."
|
||||
sudo mkdir /etc/wipri
|
||||
sleep .5
|
||||
|
@ -17,20 +22,25 @@ sleep .5
|
|||
echo "Making wipri an executable command..."
|
||||
chmod +x /usr/bin/wipri
|
||||
sleep .5
|
||||
echo "We are done here!"
|
||||
echo "We are done installing the command!"
|
||||
echo ""
|
||||
echo "Simply type wipri (as root) or sudo wipri to begin using/receive help."
|
||||
echo "Simply type wipri -H (as root) or sudo wipri -H to receive help."
|
||||
echo ""
|
||||
sleep .25
|
||||
echo "Would you like to additionally have wipri change your identity at boot (systemd)?"
|
||||
echo "This will start a new uniquely generated identity (mac/hostname) for your wifi device at each boot."
|
||||
read -p "Start a new disinfo identity at each boot (yes/no)?: " boot
|
||||
if [ $boot == yes ]; then
|
||||
|
||||
read -p "What wipri mac address command would you like to start at boot? (ex: wipri -d wlan0 -p): " wpcmd
|
||||
sed -i "13s/.*/ExecStart=$wpcmd/" $wpservicefile
|
||||
sed -i "14s/.*/ExecReload=killall -9 wipri;$wpcmd/" $wpservicefile
|
||||
cp wipri.service /etc/systemd/system/wipri.service
|
||||
systemctl daemon-reload
|
||||
systemctl enable wipri.service
|
||||
systemctl start wipri.service
|
||||
echo "WiPri has been started/added new identity at each boot."
|
||||
echo "WiPri has now been started/added new identity at each boot."
|
||||
echo "Remember not to run conflicting mac address changes at same time as each device only carries 1 mac address at a time!"
|
||||
echo "To stop/disable issue at boot: systemctl stop wipri && systemctl disable wipri."
|
||||
echo "Enjoy your right to privacy [Declared a basic right in United Nations Declaration Of Human Rights]."
|
||||
else
|
||||
|
|
|
@ -1,33 +1,36 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# wipri: WiFi Privacy (device mimic/disinfo enhancement)
|
||||
# wipri: WiFi/LAN Privacy Metadata Spoof/unique continual randomization options (device mimic/disinfo enhancement)
|
||||
# MAC/device/WiFi TX randomizer + SSID/WiFi network randomization
|
||||
#
|
||||
# Run wipri -H for help/examples (as well as tips below)
|
||||
#
|
||||
# SUPPORT:
|
||||
#--------------------------------------------
|
||||
#
|
||||
# SUPPORT FUTURE/CURRENT PUBLIC INTEREST WORKS:
|
||||
#
|
||||
# BTC: 3QDdTcLwLTPXKMBp5dLUhKJG6KbDxWsYWS
|
||||
#
|
||||
# (Read my public blog posts below or (optionally) grab coffee)
|
||||
# https://www.buymeacoffee.com/politictech
|
||||
#
|
||||
# XMR:481wHzXEsW9E519uu3SiynMuGe1yUT43iiJ8M49fgxfngHr9MUPVNAmPgyjS4XYtvzD1TbK7P5ywUWhGo11ibT2RQhEcRSX
|
||||
# CashApp: https://cash.app/$HumanRightsTech
|
||||
# https://www.buymeacoffee.com/politictech (Read my public blog posts, help me to a coffee (if you like))
|
||||
#
|
||||
#---------------------------------------------
|
||||
#
|
||||
# SEE README.md FOR ADDITIONAL INFORMATION/LINKS
|
||||
#
|
||||
# WiPri MAC changer by default only using valid OUI
|
||||
# WiPri MAC changer by default only uses valid OUI
|
||||
# lists (why: invalid OUI's make your MAC more trackable)
|
||||
# [You can also put your own .OUI lists together]
|
||||
#
|
||||
# Works out of box on most Linux (including most Pinephone OS)
|
||||
# Works out of box on most Linux (including most Pinephone/Linux phones)
|
||||
# WiPri relies on built in Linux standards like ip to change mac address
|
||||
#
|
||||
# Issue: wipri -H
|
||||
# for examples printout and descriptions;
|
||||
#
|
||||
# 'maccheck' func checks mac every .5sec on -p, -m, -i modes
|
||||
# preventing mac leaks (by setting mac again when
|
||||
# detected to have changed).
|
||||
# Unlike other mac changing, WiPri has unique function to ensures no leak on (static) -p, -m, -i modes
|
||||
# as another backup to prevent mac leaks (setting mac again when change detected from flag/choice).
|
||||
# ***WARNING: do not attempt to run conflicting commands on same device at same time as devices carry a single mac at a time
|
||||
#
|
||||
# Ethical REDTEAM/Human Rights purposes;
|
||||
# Helping you lose those pesky advertising trackers/WiFi Beacon related;
|
||||
|
@ -35,12 +38,13 @@
|
|||
#
|
||||
# NOTE: disables ipv6 by default for multiple reasons: ipv6 address
|
||||
# can derive MAC address; to disable feature change turnipv6 variable to "off"
|
||||
# [permanent disabling of ipv6 will need sys modification]
|
||||
#
|
||||
# Tip #1: -a enables all 3 changes to happen simultaneously to mimic new
|
||||
# devices: changes to random MAC addresses/hostnames/txpower signal strengths,
|
||||
# at varied, randomized changing time periods;
|
||||
# Tip #1: -a enables 3 changes to happen simultaneously to mimic new
|
||||
# devices: changes random MAC addresses/hostnames/txpower signal strengths,
|
||||
# at varied, randomized continually changing (yet simultaneous) time periods;
|
||||
#
|
||||
# TIP #2: static flags recommended for home so as not flood router w/new macs
|
||||
# TIP #2: static flags recommended for home/work so as not flood home router w/new macs
|
||||
# (ie: -p, -i, -m)
|
||||
#
|
||||
# TIP #3: continuously changing both times/mac addr flags for travel privacy/movement
|
||||
|
@ -51,19 +55,36 @@
|
|||
# *If you try experimental txpower options be sure to keep 'hightx'
|
||||
# variable low enough to do so within your countries regulations*
|
||||
#
|
||||
# e-mail: <righttoprivacy@tutanota.com>
|
||||
# Gitlab: https://gitlab.com/Aresesi - Repository (Main/1st update)
|
||||
# Github: https://github.com/righttoprivacy - Repository mirror
|
||||
# Hidden Onion (Tor) Gitea server: http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/WiPri
|
||||
#---------------------------------------------------------------------
|
||||
# PLEASE FILE ISSUE ON REPOSITORY BELOW: OR LEAVE USAGE PROBLEM COMMENT ON VIDEO/BLOG
|
||||
#
|
||||
# https://politictech.wordpress.com - Backup Blog
|
||||
#
|
||||
# DOWNLOADS/SCRIPTS/CODE:
|
||||
# Anonymous Code Host Tor .onion (Main): http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/WiPri
|
||||
# Gitlab: https://gitlab.com/Aresesi - Repository (backup)
|
||||
# Github: https://github.com/righttoprivacy - Repository (backup)
|
||||
#
|
||||
#
|
||||
# SOCIAL MEDIA:
|
||||
# https://www.fosstodon.org/@RTP - Follow on Mastodon
|
||||
# https://twitter.com/tvprivacy - Follow on Twitter
|
||||
#
|
||||
# https://www.youtube.com/channel/UChVCEXzi39_YEpUQhqmEFrQ - videos on Linux/tech
|
||||
# https://www.buymeacoffee.com/politictech/posts - Main Blog Posts (Public)
|
||||
#
|
||||
# VIDEO CHANNELS:
|
||||
#
|
||||
# ODYSEE: https://odysee.com/@RTP
|
||||
# PEERTUBE: https://tube.tchncs.de/video-channels/privacy__tech_tips
|
||||
# https://www.youtube.com/channel/UChVCEXzi39_YEpUQhqmEFrQ - videos on Linux/tech
|
||||
# BITCHUTE: https://www.bitchute.com/yourprivacytv
|
||||
#
|
||||
# e-mail: <righttoprivacy[at]tutanota.com> (private (ethical) consulting available upon request)
|
||||
# Free answers to questions in video/blog comments (maybe your question can help others!) :)
|
||||
#
|
||||
# BLOG:
|
||||
#
|
||||
# https://www.buymeacoffee.com/politictech/posts - Main Blog Posts/Extras (Public)
|
||||
# https://politictech.wordpress.com - Backup Blog
|
||||
#---------------------------------------------------------------------
|
||||
|
||||
|
||||
# Text Colors
|
||||
|
@ -78,7 +99,7 @@ cat << "EOF"
|
|||
@@ @@ ,@@ @.
|
||||
&@ @@ @@ @& @@ @
|
||||
@@ @@ @@ @@ @@ @@
|
||||
@( @@ @@ [WiPri v2]@@ @@ @@
|
||||
@( @@ @@ [WiPri 1.2]@@ @@ @@
|
||||
@@ @@ @ *@ @@ @@
|
||||
@@ @@ .--.' @@ @@
|
||||
@@ . |0_0 |' @@ @@
|
||||
|
@ -107,7 +128,7 @@ echo -e "$BLUE concept/code: $ENDCOLOR $RED righttoprivacy@tutanota.com $ENDCOL
|
|||
echo ""
|
||||
echo -e "$WHITE ----------------------------------------------------------- $ENDCOLOR"
|
||||
echo -e "$BLUE Detected Devices: $ENDCOLOR"
|
||||
nmcli dev status|awk '{print $1;}'| grep -v 'lo'| grep -v 'p2p'
|
||||
nmcli dev status|awk '{print $1;}'| grep -v 'lo'| grep -v 'p2p' || echo "$RED nmcli not found:$ENDCOLOR $BLUEdon't worry, it was optional.$ENDCOLOR"
|
||||
echo -e "$BLUE Usage: $ENDCOLOR"
|
||||
echo "wipri -d [device][any combination of below flags here]"
|
||||
echo "-a [anonymous/ghost mode: continuously change MAC/hostname/signal strength at"
|
||||
|
@ -120,17 +141,16 @@ echo "-i [rand (valid) MAC identity]"
|
|||
echo "-h [rand hostname]"
|
||||
echo "-R [restore prev hostname]"
|
||||
echo "-s [random signals]"
|
||||
echo "-A [generic yet randomized WiFi Access Point]"
|
||||
echo "-A [generic randomized WiFi SSID (AP)]"
|
||||
echo "-H help"
|
||||
echo -e "$BLUE To see multiple examples/descriptions see: $WHITE wifi -H $RESETCOLOR"
|
||||
echo ""
|
||||
|
||||
# VARIABLES
|
||||
checktime=".5" # seconds between mac addr checks: lower = more frequent checks
|
||||
hightime="60" # Make this number higher if you want randomization times longer
|
||||
lowtime="40" # Make this number lower to lower min time randomized
|
||||
rando=$((RANDOM%$hightime+$lowtime))
|
||||
statictime="500" # time in sec between resets of static mac (to prevent driver crash leaks)
|
||||
hightime="600" # Make this number higher if you want randomization times longer
|
||||
lowtime="300" # Make this number lower to lower min time randomized
|
||||
rando=$((RANDOM%$hightime+$lowtime)) # Create Random time
|
||||
turnipv6="off" # default is ipv6 off- change to "on" if you do NOT want to disable ipv6
|
||||
oui_file='/etc/wipri/final.OUI' # Valid OUI list required for verifiable MAC addresses
|
||||
phoui_file='/etc/wipri/phone.OUI' # phone OUI file
|
||||
|
@ -144,13 +164,14 @@ if [ $turnipv6 == "off" ]; then
|
|||
fi
|
||||
|
||||
# Hostname randomization - generic yet completely random hostname generation
|
||||
# Feel free to edit these arrays: keep in mind defaults are named strategically for a random yet generic base
|
||||
function hostn {
|
||||
echo -e "ORG_HOSTNAME=$HOSTNAME" > '/etc/wipri/hostname.saved' # Saving original hostname for easy -R flag restore
|
||||
array[0]="localhost"
|
||||
array[1]="laptop"
|
||||
array[2]="computer"
|
||||
array[3]="DESKTOP"
|
||||
array[4]="My-iPhone"
|
||||
array[4]="Owner-iPhone"
|
||||
array[5]="PC"
|
||||
array[6]="Toshiba"
|
||||
groupnum=$[ $RANDOM % 7 ]
|
||||
|
@ -214,7 +235,7 @@ function maccheck() {
|
|||
do
|
||||
curmac=$(cat /sys/class/net/$netdev/address)
|
||||
sleep .25
|
||||
if [ $curmac != $mac ]; then
|
||||
if [ "$curmac" != "$mac" ]; then
|
||||
echo "Sys MAC addr chang detected. Fixing!"
|
||||
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
|
||||
fi
|
||||
|
@ -237,9 +258,9 @@ namebase4="xfinitywifi"
|
|||
|
||||
# If setting nc (netcat) notify set "off" disregard below
|
||||
ncnotify="on" # Turn on or off netcat name change notification
|
||||
ncport="2" # port to send name changes
|
||||
ncport="60821" # port to send name changes
|
||||
ncprotocol="tcp" # netcat protocol [udp/tcp]
|
||||
ncserver="192.168.42.39" # netcat server to notify each name change (static ip/name)
|
||||
ncserver="192.168.42.38" # netcat server to notify each name change (static ip/name)
|
||||
|
||||
# **NOTE** edit these as needed to match your needs/system
|
||||
hostapdconf='/etc/hostapd/hostapd.conf' # location for hostapd.conf file
|
||||
|
@ -281,6 +302,15 @@ netname() {
|
|||
|
||||
}
|
||||
|
||||
|
||||
# Notify server of new name changes [Work in progress- set the $ncnotify variable above to 'yes' or 'no' to turn off]
|
||||
notify() {
|
||||
if [ $ncnotify == "on" ]; then
|
||||
echo -n $randname >>/dev/$ncprotocol/$ncserver/$ncport
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
########## End access point stuff
|
||||
|
||||
# flags
|
||||
|
@ -324,7 +354,7 @@ while getopts ":d:apPrm:ihRsAH" arg; do
|
|||
do
|
||||
echo -e "$BLUE new static random cellphone MAC identity (retained/checked to prevent leaks) $ENDCOLOR"
|
||||
phmacrand
|
||||
maccheck
|
||||
maccheck &
|
||||
done
|
||||
;;
|
||||
|
||||
|
@ -366,7 +396,7 @@ while getopts ":d:apPrm:ihRsAH" arg; do
|
|||
echo -e "$BLUE setting static: $RED ${OPTARG} $ENDCOLOR"
|
||||
mac=${OPTARG}
|
||||
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
|
||||
maccheck
|
||||
maccheck &
|
||||
;;
|
||||
|
||||
|
||||
|
@ -374,7 +404,7 @@ while getopts ":d:apPrm:ihRsAH" arg; do
|
|||
i)
|
||||
echo -e "$BLUE new static random valid MAC identity ($RED HELD: $BLUE checked/retained to prevent leaks) $ENDCOLOR"
|
||||
macrand
|
||||
maccheck
|
||||
maccheck &
|
||||
;;
|
||||
|
||||
|
||||
|
@ -426,7 +456,7 @@ while getopts ":d:apPrm:ihRsAH" arg; do
|
|||
# wipri -d $netdev -i & # uncomment this if you don't want to have to run flags for mac
|
||||
systemctl restart hostapd
|
||||
echo ' '
|
||||
/bin/echo -e "$BLUE New WiFi Network SSID: $RED $randname $ENDCOLOR"
|
||||
/bin/echo -e "$BLUE WiFi Network SSID changed to: $RED $randname $ENDCOLOR"
|
||||
# Notify remote server of new name change via Netcat [set $ncnotify variable for on/off: default off]
|
||||
notify
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ After=boot.mount
|
|||
DefaultDependencies=no
|
||||
|
||||
# Feel free to change wipri commands below to meet your needs/wants
|
||||
# install *WILL* use the commands below, edit as needed before running install.sh!
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/wipri -d wlan0 -i
|
||||
|
|
Loading…
Reference in New Issue