House Party Protocol – remote evidence wiper program
Implementing this will make you feel that fuzzy feeling of being extra safe. House Party Protocol is a program that you control remotely and when activated, it encrypts all confidential data on your computer. It’s a life saver in case of police seizure or theft by criminals.
One might suggest deleting instead of encrypting those files, but the encryption is actually safer. This is beyond the scope of this tutorial, but you will probably find all answers on this topic here. Extra point goes to encrypting for being the same for every system while irreversibly deleting files is system and hard drive dependent.
The name was inspired by a scene from Iron Man 3 movie in which Tony Stark activates the “House Party Protocol” when his house is destroyed. A guy named Utku Sen wrote 2 versions
and uploaded them to github:
python version (recommended and featured in this tutorial)
How it works?
There are 3 files in the process:
hpp.py – Python program that reads an uploaded text file (command.txt) every 60 seconds (adjustable) to check for the start command. If the permission is given, the “party” starts which means the program encrypts all files in chosen location with AES algorithm with unique random key for each encryption process. It also encrypts all files in all subdirectories.
bust.php – Minimalistic HTML and PHP website that writes “1” to commands.txt if you submit the correct password signaling that the “party” should start. This is a public website that can be reached from any device with internet access.
command.txt – The file hpp.py periodically reads to know when to start the action.
I used Kali Linux (Debian based), but it should work like this for any Linux environment. If you would like me to make a tutorial for Windows or any other OS, let me know in the comments section.
First, you need to have a hosting account which can run php scripts. Many websites offer that service for free, I used 000webhost.
Next, copy the HTML and PHP code from Utku’s github and save it as a PHP file (.php). Then upload it along with empty command.txt file so they are both accessible from any internet browser. You should be able to open the page that prompts you the password at www.yoursite.com/bust.php :
The password can (should) be set in bust.php line 3:
$password = "utku123"; // Change it
Also make sure that you can access command.txt file at www.yoursite.com/command.txt It should display an empty file until you submit your password to bust.php.
You should have your python program starting and silently running by default every time you start your PC so the listener (method in hpp.py that periodically checks for the start command) is always ready! You can do this by adding a bash (.sh) script to your startup processes. Alternative option is to use SSH to run the command. SSH can actually be used to implement the whole protocol without using the hosting service.
Terminal command that starts it should look like this:
# python3 hpp.py -d /home/SuperSecretFolder -u http://yourwebsite.com/command.txt -i 60
python3 is the version of python being usedhpp.py is name of the python program -d /path specifies path to the folder that you want encrypted (all files in all subdirectories will be encrypted too); you have to keep all your confidential data in 1 folder -u URL specifies URL to be checked -i integer is the checking time period in seconds Running that command will start the listener:
def listener(url,interval): #arguments are given when starting the program
while True: #repeat
if finish_control == 1:
break #stop listening if the encryption is done
check_url(url) #checks for the start command and act accordingly
sleep(interval) #wait for specified time amount
Once the correct password is submitted, PHP script will write “1” to command.txt file and respond with a message “1Completed”. If the response is “0Completed” that means that there was an error writing to the command.txt file.
Next time the listener checks that file, it will start the encryption and your files will be safe! Remember that the program doesn’t save used encryption keys so not even you will be able to get your files back. This is good because it eliminates the possibility of blackmailing you into decrypting the files.
This is what should happen if someone tries to open an encrypted file when the job is done: