Skip to content
/ usbkill Public
forked from deekayen/usbkill

usbkill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately, ungracefully shuts down your computer.

1 star 507 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wh1t3fang/usbkill

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits

.gitignore

.gitignore

 
 

README.md

README.md

 
 

usbkill.sh

usbkill.sh

 
 

Repository files navigation

usbkill

usbkill waits for a change on your USB ports, then immediately turns off your computer without prompts or signaling other open applications. Depending on your point of view, it's an un-clean shutdown and may trigger fsck or other file integrity checks on re-start even though the poweroff signal syncs open files to disk first.

It works on Mac OS X and Ubuntu.

To run:

sudo usbkill.sh

Linux

Try adding usbkill.sh to your /etc/rc.local. Any USB device changes not whitelisted in /etc/usbkill/settings will cause your computer to shutdown.

Mac OS

Unlike the original Python-based version, this Bash version does not require any additional programs like python3 or lsusb to be installed.

Why?

This is for the security paranoid - if law enforcement surprises you or confiscates your laptop from you when you are at a public library.

  • Law enforcement will use a mouse jiggler to keep the screensaver and sleep mode from activating. If someone inserts a mouse jiggler, it would be much more secure for the laptop to immediately turn off, re-protecting all your data with your whole-disk encryption. You can also use this as a kill switch by quickly removing a USB device to turn the computer off and prevent cold boot attacks on RAM.
  • Blocking unauthorized USB devices prevents installing backdoors or malware on your computer or to retrieve documents from your computer via USB.

The usbkill daemon monitors for devices that are inserted since it started running and for devices that were removed since it started.

A settings file at /etc/usbkill/settings can be configured to use a list of whitelisted USB devices so that you may still use an external mouse or USB storage device you trust. The check interval can also be modified - the default is to check every second.

Make sure to use whole-disk encryption! Otherwise, your adversary will just re-start the computer and make a copy of all your files.

Other nasty ideas

Bash can trap signals to close usbkill, however a kill -9 probably won't get trapped. The other signals could still be trapped and cause the computer to shutdown when the script is signaled to close. Unfortunately, this can cause your computer to always have an unclean shutdown since a normal shutdown would still signal the script to close and thereby cause a premature poweroff event.

Contact

david@dkn.email

PGP/GPG Fingerprint

7E38 B4FF 0A7C 2F28 5C31 2C8C EFD7 EC8D B5D4 C172

Issues

https://github.com/deekayen/usbkill

About

usbkill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately, ungracefully shuts down your computer.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%