Create a Dead Man's Switch in Python to Encrypt a File When You Don't Check In [Tutorial]
Вставка
- Опубліковано 1 чер 2024
- Our Premium Ethical Hacking Bundle Is 90% Off: nulb.app/cwlshop
How to Create a Dead Man's Switch in Python 3
Full Tutorial: nulb.app/z5jcp
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Cyber Weapons Lab, Episode 196
If you've ever watched a classic mob movie, then you've seen a Dead Man's Switch in action. It involves some sort of information getting published if a certain person goes missing. But there are many different types of dead man switches, ones more useful for hackers. In this episode of Cyber Weapons Lab, we'll make a Python program that can encrypt and delete a file if you don't check in over Twitter during a set amount of time.
To learn more, check out the article on Null Byte's site: nulb.app/z5jcp
Twint tutorial: • Mine Twitter for Targe...
Follow Null Byte on:
Twitter: / nullbytewht
Flipboard: flip.it/3.Gf_0
Vimeo: vimeo.com/channels/nullbyte
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb - Навчання та стиль
I am just starting to learn python at the tender age of 59. It’s an interesting experience
Good for you. Remember programming is difficult and it's not just you, if you feel lost. Especially when learning.
@@definty thx man
@@iamthatiam4496 Sounds good dude
If you start with python you will love everything and you will be excited to find about more and more!
I believe that's about all languages!
Have a nice trip mate!
I really hope you enjoy it!
@@NullByteWHT i do. But let me tell you something- things have changed since I programmed in BASIC in the 1970s. Truth be told- this is quite enjoyable. Thank you
Cool extra feature you might add would be an extra code you can tweet which doesn't check you in, but encrypts the files immediately. A reverse uno card for the outrageous situation where you are being forced to "check in" at gunpoint lol.
Not so outrageous, depending on your threat model.
Of course, if your threat model is that extreme, that you even need a dead man’s switch is probably an indicator you may be Doing It Wrong(tm).
This seems particularly useful in my current circumstances. How timely. Thank you sir.
You getting hunted by the FBI or sum 🤔
Epstein people trying to kill you?
fuck kinda situation are u in
No one:
absolutely no one:
Elliot Alderson every few episodes:
first thing I had in mind lol
Very cool! I can think of a lot of practical examples for this. Something cool might be to trigger an email to go to someone with the encrypted file attached as well or actually just decrypt a secret file and email it out in the event something happened to you. I guess if something happens to you, you may as well just delete the file haha cause no one else will know how to decrypt it anyway.. Thanks for sharing!
just like on mr. robot or other tv shows, sending an email and/or sending a video file upon one’s death would also be interesting - like a video will / goodbye or spooky message to send to your friends after a certain amount of days, similar to a twilight zone episode with a telephone call from a dead person which ended up being the telephone line ran to a grave.
Google has an "inactive account manager" that you might find interesting
It has been a while Kody,thanks for this
If you really wanted to make it tweet and you don't have a developer account you could maybe use selenium
Admit it, you just come for the blinks.
Nah i actually come here for the tools and info
what blinks
been a long time since this was recommended to me, missed the videos ngl
It is a good idea to adjust your IDE fonts a bit, not all screens make 1080p that easily readable. I would also not encrypt a file, but use an encrypted Filesystem and forget it’s unlock key. That also fits well into network bound encryption. And you never need to know the encryption key
love the framed shodan pic in the background
Thank you so much for all. What is the procedure to do penetration tests of an API secured by OAuth the latest version in the security side. (Laravel, Spring boot, Nodejs...).
I’m at school right now supposed to be writing script for my stupid mock trial but Instead of learning laws imma watch my favourite teacher😄
Do good things with the law if that's where you're going!
aw come on mock trial is dope
Hi! there is a question about an antenna with three connectors for transmitting three spatial streams (outdoor). You can connect 3 adapters to it. Is it possible in this case to launch the attack of the evil double? Or do you need 2 separate antennas?
I love these videos! they are so interesting, good job!!
Yeahhh!! System Shock Image on the wall :) That rocks dude! n1ce video ;) thanks to share your knowledge with us!! Greetings from Switzerland
i just grow with this man thx null ..
Awsome! It would be GREAT if you actually increase the font size during the walkthrough... It would definitely makes it easier to follow up! Bless
Luv you the non Blinking Robot finally your back. 😃😃
Thank you so much for this information 😊
love this content, and love python, new sub for you!
This is critical. Thank you.
no don't use this if you are against a gov, it has some problems
Don’t use this for security. It’s absolutely not useful.
@@jonathanmcdonald7512 That...makes no sense.
It's critical because I don't want my mom to find the man butt pics on my computer. She isn't FBI, just old and zenophobic.
I understand nothing but I watch every video he posts 🧐.
these are the type of videos I like
Thank god you lowered the volume of the intro music.
Is there an advantage to doing this vs encrypting the entire drive from the get go?
Also if I may put in a video request. Since it’s a common tactic amongst thieves and LEO to cause a distraction then snatch your laptop away. I think a cool video project would be to make like a USB drive attached to a bracelet, and if it gets removed from the laptop prior to some kind of shutdown code, the laptop will automatically lock and then start deleting all the drives . Is this possible to do?
tails works like that
All this is way over my head, what's the best place to start learning in your opinion? Interesting in "hacking" so pen testing, cybersecurity, ect. It's all very overwhelming at first.
finally my parents will never find my foot folder if I die, I can go peacefully
1 thing worth bearing in mind is how it handles device connectivity going down.
Side-question, are we taking bets on how long until there's a comment here saying something like "HELP, laptop encrypted and can't remember password. How do i decrypt?"
Love u Work... Best Channel
Do you have certification, like OSCP?
Brooo yessir It’s KODY K. LETS GO
you always leave 100000 comments on each of his videos, jeez chill
I am with you on this, 06_8B. I like the positive attitude.
@@cryptoslynesso8288 I don't see you leaving enough comments, crypto. Pls don't take it out on my best friend 06_8B over here.
@@NullByteWHT fine
@@NullByteWHT plz dont hack me :(
Hey dude love the videos! Is there anyway you could show how to create a backdoor into a windows system using netcat, and exploit the OS using metasploit and gain privilege escalation?
Thankyou for hands on hacking tutorial❤️
Nice concept, but what about connecting a raspberry pi to a drill pointed to your hard disk?
just to be sure that the data are destroyed ^^
The encryption has absolutely 0 point unless you use non symmetric keys and only store the key to encrypt on the target system or make the script self destruct after encrypting so the password can't be just read back by someone else in plain text.
Only "0 point" (extremely ineffective, still not useless) in high profile scenarios. If it's for keeping a friend or family out it's practically overkill despite being defeatable.
That being said, there's no reason not to do that anyway though, sure. He does mention in the video that it should be deleted though, so are you really adding info that wasn't already said?
@@MsHojat Deleting something is never a sure strategy. If anyone is this concerned, the only thing the script should be doing is locking the computer (e.g. shutting it down), because all the files are already encrypted. Doubly so using different encryption schemes for the really important stuff.
This example of “at a protest” is absurd. A smart person working IT for law enforcement will be quickly doing a touch of OSINT on you, find your Twitter account, get a warrant, take control of the account, and bam, you’re screwed. Twitter is a ridiculous way to disarm this thing. (And I can think of half a dozen other things I would do to get around the possibility of such a script running, one of which being just not booting the device in question into the OS. Problem solved.)
But literally none of that matters. The need for a dead man’s switch pretty much means you’re doing it wrong. Your files should already be encrypted. If it’s important, then doubly so with different schemes (e.g. VeraCrypt inside LUKS).
The most such a script should bother doing is locking the computer, and it already should be locked if you, you know, closed the screen. Maybe do a thorough wipe of the drive? But that only matters for HDDs. The only way to securely wipe an SSD is to physically destroy it.
It’s a fine example of how to use a dead man’s switch to _grant_ access to something that was secured, but it’s not appropriate in the other direction.
Glad you like it!
Dude 😎 r u having mac book or running mac os In VMware
how come you use camel case for python, function names that are BothCaptialized instead of snake_case
Sir you are so cool keep going ❤️❤️❤️
Ayyyy he back lets goooo
Is twint still functional after Twitter changed the API?
My teacher challenged me to break into my schools FTP server and change some files. What do you think is the best way?
good ol sql injecting
I would make sure you get written permission or something first on contract for legal reasons. Maybe show him that you are able to view all the files inside then tell him what do you want me to change.
The best way would be to ask what version and brand of ftp server theyre running, get the os version and duplicate it all in a virtual box. Then practice on the virtual box so you don't go to prison.
Can this work with smartphones as well?
i have little problem when i run the sript i am learning python to and the problem is i typed everything right and all and when i hit enter all is say is : sleeping for 1 secs and then increments to 8 seconds affter that increments to 27 and so on can some one help ty so much to all
I see system shock behind I auto like. Man of culture.
Deadmen switch all you "homework"
Can you tell me the process of decrypt of crypt12 database with out key.
Thank you
I like this idea, but shouldn't the drive be encrypted from the get go?
If you are using this to WIPE a machine then that makes more sense. However, what happens if you get wasted and forget to check in 😭.
This is a usecase where Python is a particularly bad choice.
One can assume that anyone implementing something like this has it running on a personal server at home. In that case, the enemy will have physical access to your setup once you're "gone." And if so, encrypting your files most likely won't protect them at all if it's done with Python.
This is due to how Python handles variables. For instance using `del password` will only delete the reference link to the memory location of the data, but not the actual data stored there itself, meaning your actual password string.
Add to this that such data is often shared with other resources used by Python nilly willy. That makes a simple memdump a viable method to get hold of your secrets, even though you've instructed Python to "delete" it. On top of that, Python leaks a ton of data to various parts of your system. So even after a restart, there may still be sensitive data left lurking in logs or in system swap files. This makes it notoriously hard to securely encrypt files on a system where your enemies may get physical access if you're using Python (and some other high level languages as well). The better options would be a language where you can enjoy direct control over memory locations, such as with Rust. But the tradeoff is that lower lever languages are also harder to learn.
As yvrelna already mentioned, this security implementation is also patently bad, not just because of using Twitter, but mostly because it doesn't pre-encrypt sensitive files.
those browser extensions... you use them all?
You need to make video on ' Scrcpy ' tool its mirrors your android screen on your kali linux machine.
What you use for hacking “kali linux” please answer me 😊🥺
Yes
If you cant write bash or use fdisk .. Kali isn't something you need
@Null Byte could you please make a video on phishing whereby after the attack it redirects to the real login page or better yet, it even tries to login automatically on the real login page
Learn to program and earn the knowledge for yourself. It's the number one way to avoid jail
@@DotNetRussell yeah
What’s stopping someone from modifying your scripts memory to check their own Twitter message?
I can’t watch this without code reviewing your code. I recommend you read the book called clean code and also please rename your main function to main :)
Title suits you. You don't blink either.
has the framed System Shock picture always been there?
She comes and goes
@@NullByteWHT wow
sounds like something the actual shodan would do
shows up to guide the player towards her
and then dips for like the rest of the level
Great video, but you should be using while loop instead of recursion, otherwise the program will error.
What happens if you stop the script after encrypting a file? how do you launch it again to decrypt it?
Is it possible to use this code to check email or sms
Why would you want to have encrypted file PLUS COPY OF NON ENCRYPTED STILL EXISTING FILE? Am I missing the point?
I need a dead man's switch android app to send a pre-written email to a designated email address if i don't check into the app's timing setting (eg, app notifies me to check in every 2 days with a password), if i don't check in, it will try again 7 days later, and if that fails, the email will be sent
Use automate
Atlast something interesting
Merci bien
Incase anyone is wondering, I created a formula to predict nullbytes blinking:
1blink/71 seconds (on average)
Can we deploy it on this video feed with python to measure its accuracy?
Can you disarm the blinking using Twitter?
I might do this to my browser history
This video made me imagine my eventual death... i feel weird now
very cool.....dude....
I see a StackOverflow xD
no blinky
Love you kody
Also, using a scraper might not be the best idea. What if twitter changes their website design? That would break your scraper and will make your dead man switch fire prematurely.
Sir Kody i have a video idea... i want to see how to break into for instance, facebook's database and get some hashed passwords
Nice work, big question how do you find a person email address please. Long story behind this the person was a programmer in 1964.
Work on your OSINT skills.
What laptop does he use? I'm looking to buy a laptop and i want a really good under 800$ laptop. Anyone's got any suggestion?
there are few problems with this video
1. Python 3 in Oct 2020 and no type hinting?
2. CamelCase method name ... looks like you come from Java background and you dont do (1). Python PEP guide is method name should be lowercase_underscore
3. check yvrelna comment about how flaw is this approach
I wouldn't want to use Twitter for a dead man's switch.
I'd rather see one that operates entirely offline. Although something that maybe uses a personal website or non-web internet server could be just as good or better.
Also, about that... how would this react to a lost internet connection? I didn't watch the whole thing, but I'm guessing that a default fail state wasn't added. Maybe I'm wrong
You are wrong
@@tunus04 Where did he cover it, then? I just went over the video due to your claim, and _YOU_ seem to be wrong. There's no specification on what to do in a failed connection. Are you talking about "something bad happen"? Sure technically that's a catch, but it's a quite useless catch. We want to either specifically encrypt or specifically not encrypt due to a failed connection, and he didn't mention to people which one that it will be.
@@MsHojat I agree it's not a great switch, but it is one. There are other issues with the code. His code doesn't check the content of the tweet to ensure it contains the right kill phrase. As long as it finds a tweet regardless of its content, it will not encrypt.
Bro can I use in termux
is that a FUD STUB?
0:42 he blinked
Pls do have page on facebook ?
My movie of the grassy knoll will be safe.
The code you provided on screen was extremely elementary in style. Please use type annotations and PEP 8.
Dear creator can I do a vid about changing ip address?
when was the last time you blinked?
But where is this code deployed?
Is Null Byte on Discord??
Real life Sheldon Cooper. ✌😊😊
Twint is producing no result please help
Need to Zoom-In and *DROP* the *CRAP-O-LA* music!!!!!!!!!!!
Can u make a video how to access denied or blocked sites on different regions like in my region I can't access proxy sites and thank u for your efforts and don't hack me pls ;)
installation step failed in kali linux
Can you do a variant for Parler? The scenario can be going out to put out fires set by violent rioters and getting shot by them. Much more realistic.
Your website doesn't work in my country the regime blocked it
Why this is used for
awesome, now i can make telsa throw my computer the next time chatgpt response contains the words I'm sorry:
if not flatEarth and ai-safety['False']:
twint
hai whackd
John macafee has one