server.py

#!/usr/bin/python
# Nuke My LUKS - server
# A simple network-based panic button designed to overwrite the LUKS header
# with random data and reboot the computer in case of an emergency situation.
# 
# IMPORTANT: This will make *impossible* to recover any data stored in the disk
# even if the password is known. Use this code with precaution.
#
# by Julio Cesar Fort - julio@whatever.io


import sys
import socket
import select
import os.path
import platform
import base64
import ConfigParser
from subprocess import Popen, PIPE

try:
    from bcrypt import hashpw, gensalt
except ImportError as err:
    print "[!] Error importing 'bcrypt': %s" % err
    sys.exit()

DEFAULT_PORT = 1337
ERROR = -1
NUKEMYLUKS_CMD = './nukemyluks.sh'

def main():
    # check if we're running this code on Linux or not
    if 'Linux' not in platform.system():
        print "[!] Error: this can only run on Linux."
        sys.exit(ERROR)
    
    # create a broadcast UDP receving socket
    receiving_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    receiving_socket.bind(('<broadcast>', DEFAULT_PORT))
    receiving_socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
    receiving_socket.setblocking(0)
    
    while True:
        result = select.select([receiving_socket], [], [])
        msg = result[0][0].recv(1024)
        
        if msg.startswith("nukemyluks_"):            
            try:
                configparser = ConfigParser.ConfigParser()
                configparser.read('config.ini')
                hashed_secret = configparser.get('config', 'password_hash')
            except Exception as err:
                print "[!] Error reading config file: %s" % err
                # TODO: send error message back containing the server IP
                sys.exit()
            
            secret = base64.b64decode(msg[len("nukemyluks_"):])
            
            if hashed_secret == hashpw(secret, hashed_secret):
                if not os.path.isfile(NUKEMYLUKS_CMD):
                    print "[!] Cannot execute the %s (No such file)" % NUKEMYLUKS_CMD
                    sys.exit(ERROR)

                cmd_output = Popen([NUKEMYLUKS_CMD], stdout=PIPE,
                                   stdin=PIPE, stderr=PIPE)
                STDOUT, STDERR = cmd_output.communicate()
                print STDOUT
                # TODO: send a success message back containing the server IP

if __name__ == '__main__':
    main()