House Party Protocol - remote

evidence wiper program

Implementing this will make you feel that fuzzy feeling of being extra safe. House
Party Protocol is a
program that you control remotely and when activated, it encrypts all confidential
data on your computer. It's a life saver in case of police seizure or theft by
criminals.
One might suggest deleting instead of encrypting those files, but the encryption
is actually
safer. This is beyond the scope of this tutorial, but you will probably find all
answers on this topic here. Extra point goes to encrypting for being the same for
every system while irreversibly deleting files is system and hard drive dependent.
The name was inspired by a scene from Iron Man 3 movie in which Tony Stark
activates the
"House Party Protocol" when his house is destroyed. A guy named Utku Sen wrote
2 versions
and uploaded them to github:
python version (recommended and featured in this tutorial)
C# version
How it works?
There are 3 files in the process:
hpp.py - Python program that reads an uploaded text file (command.txt)
every 60 seconds
(adjustable) to check for the start command. If the
permission is given, the "party"
starts which means the program
encrypts all files in chosen location with AES
algorithm for 3
times with unique random key for each encryption process. It also
encrypts all files in all subdirectories.
bust.php - Minimalistic HTML and PHP website that writes "1" to
commands.txt if you submit
the correct password signaling that the
"party" should start. This is a public website
that can be reached from any
device with internet access.
command.txt - The file hpp.py periodically reads to know when to start the
action.
I used Kali Linux (Debian based), but it should work like this for any Linux
environment. If
you would like me to make a tutorial for Windows or any other OS, let me know in
the comments section.

First, you need to have a hosting account which can run php scripts. Many
websites offer that
service for free, I used 000webhost.
Next, copy the HTML and PHP code from Utkus github and save it as a PHP file
(.php). Then upload it along with empty command.txt file so they are both
accessible from any internet browser. You should be able to open the page that
prompts you the password at www.yoursite.com/bust.php :

The password can (should) be set in bust.php line 3:

$password = "utku123"; // Change it
Also make sure that you can access command.txt file at
www.yoursite.com/command.txt It should
display empty file until you submit your password to bust.php.
You should have your python program starting and silently running by default
every time you start your PC so the listener (method in hpp.py that periodically
checks for the start command) is always ready! You can do this by adding a bash
(.sh) script to your startup processes. Alternative option is to use SSH to run the
command. SSH can actually be used to implement the whole protocol without
using the hosting service.
Terminal command that starts it should look like this:
# python3 hpp.py -d /home/SuperSecretFolder -u
http://yourwebsite.com/command.txt -i 60
python3 is the version of python being used
hpp.py is name of the python program
-d /path specifies path to the folder that you want encrypted (all files in all
subdirectories will be encrypted too); you have to keep all your
confidential data in 1 folder
-u URL specifies URL to be checked
-i integer is the checking time period in seconds
Running that command will start the listener:
def listener(url,interval):
#arguments are given when starting the program
while True:
#repeat
if finish_control == 1:
break
#stop listening if the encryption is done
check_url(url)
#checks for the start command and act accordingly
sleep(interval)
#wait for specified time amount

Once the correct password is submitted, PHP script will write "1" to command.txt
file and respond with a message "1Completed". If the response is 0Completed
that means that there was an error writing to the command.txt file.
Next time the listener checks that file it will start the encryption and your files will
be safe! Remember that the program doesn't save used encryption keys so not
even you will be able to get your files back. This is good because it eliminates the
possibility of blackmailing you into decrypting the files.

This is what should happen if someone tries to open an encrypted file when the
job is done: