The idea for T-Pot Mobile started a couple of years back when T-Pot started to support the ARM64 architecture. Raspberry Pi hardware was hard to come by at reasonable prices so the journey took a little longer than anticipated. Started as a one-day-a-month project at work, it fastly turned into a weekend / evening project (winter was coming) and the first version was done in December.
While already being an eye catcher the display was not bright enough, the resistive touchpanel and the resolution really did limit the possibilities. In consequence a new display had to be found that helped overcome the drawbacks. The Waveshare 4.3" capacitive display was great choice with a higher resolution.
The case had to redesigned and the code had to be adjusted to work with a capacitive display. Quickly it was decided to make this available for everyone (once T-Pot 24.04 was released).
I am very happy to share this project as Open Source, with a huge thanks to Telekom Security to make this possible. Cannot wait to see your prints, spins and forks!
- T-Pot Mobile
T-Pot Mobile is developed specifically to make T-Pot a tangible, fully wireless honeypot supporting the following hardware components:
- Raspberry Pi 4 model B with 8GB of RAM, 64GB microSD card
- Waveshare 4.3" touch display, make sure to order the version including the case
- Waveshare UPS HAT with 2 * 18650 batteries
- ZTE MF79U Wingle CAT4-4G with the USB plug removed
- Nuts and standoff assortment
- Regarding the hardware limits of the Raspberry Pi4 platform (mainly RAM and storage) T-Pot Mobile will use a
docker-compose.ymlspecifically adjusted for this use case.
The GUI has been developed using Pygame (Raspbian / Debian Bookworm is fully supported and required).
- Raspbian Lite, 64bit based on Raspbian / Debian Bookworm
- At least T-Pot 24.04.0 which will be installed by the T-Pot Mobile installer
- Prepare the microSD Card with a user i.e.
tsecand the WiFi settings for your local network (adjustments of the Wifi settings are described here)
env bash -c "$(curl -sL https://github.com/telekom-security/tpotmobile/raw/main/install.sh)"
Boot the machine, SSH into Raspbian on tcp/22, run the following commands and follow the installer:
sudo apt install git
git clone https://github.com/telekom-security/tpotmobile
cd tpotmobile
bash install.sh
The install.sh script will also install T-Pot. When the installer asks for a T-Pot type, please choose (M)obile in order to download the correct docker images.
Then sudo reboot the machine, please notice after the reboot SSH will only be available via tcp/64295.
It takes about 8 minutes until all services are started successfully after installation.
- Login: Factory default, adjust after setup
- SSID: Factory default, adjust after setup
- PSK: Factory default, adjust after setup
- For Telekom in Germany: Setup the LTE stick to use APN with NAT Type 2:
internet.t-d1.de. - Use NAT forwarding only for ports 1-64000 to avoid exposing T-Pot management ports, such as SSH.
- For DHCP / MAC settings ensure that the same IP will always be assigned to the T-Pot Wifi Adapter or NAT will break once a new IP lease starts.
- After turning the device on (UPS HAT power switch in on-position) the device will automatically boot and wait for the mobile network / WiFi to be fully enabled.
- It takes roughly 8-10 minutes until all services have been started, then the first events should trickle in.
- After Shutting Down the device can be turned off (UPS HAT power switch in off-position). Always shutdown the device first to avoid damaging the elasticsearch index and / or filesystem.
- Once the device has started the GUI will wait for Elasticsearch to be available, afterwards the GUI will switch into event mode (default: Last 1h). The GUI can be fully utilized once events have been written to the Elasticsearch index.
- A single touch will switch between the event modes (Last 1m, 15m, 1h, 24h).
- Swiping up from the bottom of the screen towards the top of the screen (at least half the height of the screen) will open the dialog box.
- Will exit the dialog box.
- While in Stats mode the button will be called "Map" and when pressed will open the Map mode.
- While in Map mode the button will be called "Stats" and when pressed will open the Stats mode.
- The Reboot button will reboot the system.
- The Power Off button will shut down the system. The system is designed for 24/7 operation, however it needs to be turned off using the Power Off function to avoid damaging the file system or elastic search indices.
- For troubleshooting you can connect a keyboard.
- Press
qto exit the GUI. - Login to the system with your username, i.e.
tsecand the password you chose. - You now have access to the console as with any other Raspbian / Debian installation.
- In
/etc/systemd/systemare the T-Pot systemd service filestpot.serviceandtpotdisplay.servicelocated. Whiletpot.servicedoes control the T-Pot servicestpotdisplay.servicecontrols the T-Pot Mobile GUI. - Start T-Pot:
sudo systemctl start tpot.service - Start T-Pot Mobile GUI:
sudo systemctl start tpotdisplay.service - Stop T-Pot:
sudo systemctl stop tpot.service - Stop T-Pot Mobile GUI:
sudo systemctl stop tpotdisplay.service
- T-Pot Mobile will restart the device by default every day. You can change the cronjob settings with
sudo crontab -e.
- While OS updates will be installed automatically the docker image pull policy is set to
missing. This means even if newer image versions are availabledocker composewill not pull them. If your mobile connection is perfectly fine with downloading large docker image files then you can adjustTPOT_PULL_POLICYintpotce/.envtoalways. Otherwise install updates using a different network connection i.e. LAN / WiFi. - Update tpotce:
cd tpotce && sudo systemctl stop tpot && git pull - Update tpotmobile:
cd tpotmobile && sudo systemctl stop tpotdisplay && git pull - Update docker images:
cd tpotce && docker compose -f docker-compose.yml pull
- Raspbian uses Network Manager by default.
- You can find and adjust network connections in
/etc/NetworkManager/system-connections. - By default you will find
preconfigured.nmconnectionwhich contains the settings provided by Raspberry Pi Imager.
For 3d printing we were using PLA+ filament with the following settings, depending on your usage other filament types need to be considered i.e. PETG, ABS or ASA (those remain untested regarding the case). While the support settings will complicate the removal of the supports it improves not only the print quality but also in better layer adhesion for the supports.
-
- Layer height 0,2mm
- 8 solid base layers
- 8 solid top layers
- 6 perimeters for vertical shells
-
- 100%
- Ironing enabled on the topmost surface only (you can leave this out, looks better enabled though)
-
- Style: Snug
- Top / bottom contact Z distance: 0.1
- Sheath around the support enabled
- Pattern: Rectilinear
- Pattern angle: 45Β°
- Top / bottom interface layers: 2
- Interface Pattern: Rectilinear
Make sure you ordered the display including the case, this will provide you with most of the required assembly parts, otherwise the case will not fit.
Place the display face down
Insert the microSD card into the Pi4, after installing Raspbian. It will be harder to reach the microSD card later in the process.
Screw the smallest standoffs in (included in the display / case package).
Align the Raspberry Pi on the standoffs and use the nuts (4 x M2.5) and standoffs (4 x M2.5 + 6) from the assortment to secure it.
Insert the flex DSI cable and ensure the cable and socket connectors align and the pins face each other.
Now screw the standoffs with the short end into the remaining four threads of the display backplate.
Install the UPS HAT on top of the Pi4 and secure it with the four phillips-head screws.
Add the remaining standoffs.
Insert the batteries and be careful about polarity.
If you are using the LTE stick you have probably soldered the power connectors to a stacking HAT. You can now place it on top of the UPS HAT.
Now is a good time to test everything before putting it into the case. Connect the power supply to the UPS HAT and switch the UPS HAT on.
Now put the LTE stick back into its case, insert the SIM card (which at this point should be setup not to require a PIN) and slide the LTE stick into its casket of the 3d printed case.
Slide the components carefully into the case and make sure not to damage the ribbon cable of the display.
Hold the display in place and turn the case upside down to secure the standoffs in the case using the Phillips-head screws.
Done. Now connect the power supply (barrel connector) and turn the UPS HAT on. Depending on your usage the UPS HAT will only fully charge the batteries if the USB-C power supply for the Pi4 is connected as well.
- Thanks to everyone who gave their feedback and thus leading the project to v2!
- Thanks to Thomas Tschersich and Thomas Breitbach who have T-Pot Mobile always readily available for our customers at Telekom-Security.
- Flags are provided by Flagpedia.
- Display dtbo and ina219 module are provided by Waveshare, all copyrights apply.
- DTS overlays are provided by RaspberryPi.