Command Line Fu: surveillance with Raspberry Pi

Today we are building the a primitive surveillance system using a Raspberry Pi. This is our goal:

Take a picture every hour -> send it as encrypted email

These are the basic prerequisites:

  • A Raspberry Pi, no matter which model. OS: Raspbian Jessie. Others might also work.
  • A Raspberry Pi camera module, no matter which model.

Required software

One needs the following software, all available through the standard repositories:

  • raspistill (usually installed by default in raspbian)
  • gpg (usually installed by default in raspbian)
  • curl
  • tmux

All in all this is a relatively lightweight setup, all tooling is standard in the linux world. Use apt-get install to get any missing programs.

Mail

I used yandex.com as mail provider and created a dedicated account, let us assume that it is raspberry_surveillance_1111@yandex.com. Any other mail provider may most likely work as well. One simply needs to substitute some parameters in the snippets below. Let us further assume that we send mails to one address john.doe@yandex.com. Let us also assume that john.doe@yandex.com has a PGP key pair and uploaded the public key to a public keyserver. Then import the key at the Pi

pi$> gpg --recv-keys 999AAA1

where 999AAA1 is the key id. Then trust the key after checking the fingerprint

pi$> gpg --edit-key "john.doe@yandex.com"
trust
5

bash script

Sending mail using curl will require that we build up a text block containing the raw email contents. We can script that in a straightforward, although slightly hacky way:

#!/usr/bin/env bash

echo 'From: "Raspberry Pi" <raspberry_surveillance_1111@yandex.com>' \
     | (cat && echo 'To: "John Doe" <john.doe@yandex.com>') \
     | (cat && echo 'Subject: Encrypted Message Title') \
     | (cat && echo 'MIME-Version: 1.0') \
     | (cat && echo 'Content-Type: multipart/encrypted;') \
     | (cat && echo ' protocol="application/pgp-encrypted";') \
     | (cat && echo ' boundary="gc0p4Jq0M2Yt08jU534c0p"') \
     | (cat && echo '') \
     | (cat && echo 'This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)') \
     | (cat && echo '--gc0p4Jq0M2Yt08jU534c0p') \
     | (cat && echo 'Content-Type: application/pgp-encrypted') \
     | (cat && echo 'Content-Description: PGP/MIME version identification') \
     | (cat && echo '') \
     | (cat && echo 'Version: 1') \
     | (cat && echo '') \
     | (cat && echo '--gc0p4Jq0M2Yt08jU534c0p') \
     | (cat && echo 'Content-Type: application/octet-stream; name="encrypted.asc"') \
     | (cat && echo 'Content-Description: OpenPGP encrypted message') \
     | (cat && echo 'Content-Disposition: inline; filename="encrypted.asc"') \
     | (cat && echo '') \
     | (cat && \
         ( \
               (echo 'Content-Type: multipart/mixed; boundary="wnfqnfqwjnwjqnfjohBbBHk9124b"') \
               | (cat && echo 'From: raspberry_surveillance_1111@yandex.com') \
               | (cat && echo 'Subject: Encrypted Message Title') \
               | (cat && echo '') \
               | (cat && echo '--wnfqnfqwjnwjqnfjohBbBHk9124b') \
               | (cat && echo 'Content-Type: multipart/mixed;') \
               | (cat && echo ' boundary="------------561248FHHE61H523"') \
               | (cat && echo '') \
               | (cat && echo 'This is a multi-part message in MIME format.') \
               | (cat && echo '--------------561248FHHE61H523') \
               | (cat && echo 'Content-Type: text/plain; charset=windows-1252') \
               | (cat && echo 'Content-Transfer-Encoding: quoted-printable') \
               | (cat && echo '') \
               | (cat && echo '') \
               | (cat && echo '') \
               | (cat && echo '') \
               | (cat && echo '') \
               | (cat && echo '--------------561248FHHE61H523') \
               | (cat && echo 'Content-Type: image/jpeg;') \
               | (cat && echo ' name="raspistill.jpg"') \
               | (cat && echo 'Content-Transfer-Encoding: base64') \
               | (cat && echo 'Content-Disposition: attachment;') \
               | (cat && echo ' filename="raspistill.jpg"') \
               | (cat && echo '') \
               | (cat && (raspistill -o - | base64)) \
               | (cat && echo '') \
               | (cat && echo '--------------561248FHHE61H523--') \
               | (cat && echo '') \
               | (cat && echo '--wnfqnfqwjnwjqnfjohBbBHk9124b--') \
               | gpg --encrypt --quiet --armor --output - --recipient john.doe@yandex.com) \
         ) \
     | (cat && echo '') \
     | (cat && echo -n '--gc0p4Jq0M2Yt08jU534c0p--') \
     | curl --url 'smtps://smtp.yandex.com:465' --ssl-reqd --mail-from 'raspberry_surveillance_1111@yandex.com' --mail-rcpt 'john.doe@yandex.com' --user "raspberry_surveillance_1111@yandex.com:password" -T  -

Schedule

We will use a tmux session and loop infinitely:

pi$> tmux new -s picsandmails
pi$> while true; do ./sendpic.sh; sleep 3600; done
pi$> CTRL+B d

Remarks

  • At no point in the bash script any file is written to the filesystem. Everything works with pipes and streams, any data is kept in memory. This avoids the problem of a potentially filling the Pis memory card. Of course your mail inbox fills up, but there are ways around this.
  • On first sight it seems that using curl is way inferior to mail. That is partially true, but in real systems I want to avoid putting my mail credentials in any config files. I extended the script to work with environment variables, which I am exporting inside the tmux sessions. Also I am not sure if the pipe/stream approach here can be used as straightforward.
  • The sent mail contain no message body and one attachment. Leveraging this limitation is trivial.
  • A nice extension idea: sign the mails by the Pi with a dedicated PGP key.
Advertisements

About goobypl5

pizza baker, autodidact, particle physicist
This entry was posted in Encryption, Security/Encryption and tagged , , , , , , , , . Bookmark the permalink.

Share your thoughts

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s