mirror of
https://github.com/EFForg/rayhunter.git
synced 2026-05-06 03:49:08 -07:00
3455adbf95
* client mode added
* Prevent OTA daemons dmclient and upgrade from running and phoning home to Verizon
* Fix workflow
* WIFI changes to support moxee. May need to rebase as delivering refactoring under other PR.
* code changes for rust based wifi client mode docs next
* Doc changes & security fixes
* Added watchdog and recover if crash occurs for wifi.
* Remove changes which were from device UI work (seperate feature which snuck into this branch)
* Add missing wifi and firewall module declarations
* cleaning up the code a bit
* Gate wpa_suplicant in installer and workflow to avoid building binary every push
* fix to check diskspace
* Improved support for subnet colisions, and attempts to rejoin network.
* Add WiFi client support and S01iptables to T-Mobile and Wingtech installers
Both installers now deploy wpa_supplicant, wpa_cli, udhcpc-hook.sh, and
the S01iptables boot-time firewall script. Config generation uses the
shared install_config/install_wifi_creds helpers instead of manual string
replacement.
* Revert "Add WiFi client support and S01iptables to T-Mobile and Wingtech installers"
This reverts commit 944b369c4f.
* Fix build: ignore unused wifi_ssid/wifi_password fields in T-Mobile and Wingtech installers
* Moved to a wifi crate
* Add host route and arp_filter to prevent subnet collisions
* add wakelock so kernel doesn't shut down wifi on battery when wifi is enabled
* Move wifi to external wifi-station crate, remove wifi from installer, extract OTA blocking
* fixed outdated info, moved udhcpc hook to wifi-station crate.
* Update to new version of wifi-station
* Address PR review feedback: replace Docker wpa build, add iw, remove OTA, revert unrelated changes
- Replace Docker-based wpa_supplicant build with shell script (scripts/build-wpa-supplicant.sh)
- Add iw cross-compilation and deployment to Orbic installer
- Skip wifi tool install if binary already exists on device
- Remove OTA daemon blocker (extracted for separate PR)
- Revert unrelated UZ801 and T-Mobile installer changes
- Remove connection.rs test scaffolding
- Rewrite S01iptables init script to read config.toml directly
- Pin url crate to 2.5.4 to fix MSRV
* Fix build script: use bash for parameter substitution
The ${VAR//pattern/replacement} syntax is a bash extension that
doesn't work in dash (Ubuntu's /bin/sh).
* Fix iw build: export PKG_CONFIG_LIBDIR as env var
Passing PKG_CONFIG_LIBDIR as a make variable doesn't export it to
$(shell pkg-config ...) calls. Set it as an environment variable
so pkg-config finds the cross-compiled libnl.
* Point wifi-station to GitHub rev 97c579a
* add comment
* Update daemon/src/config.rs
Add decorators
Co-authored-by: Andrej Walilko <walilkoa@gmail.com>
* Update daemon/src/server.rs
add utopia doc support
Co-authored-by: Andrej Walilko <walilkoa@gmail.com>
* Update daemon/src/server.rs
add utopia doc support
Co-authored-by: Andrej Walilko <walilkoa@gmail.com>
* Update to wifi-station with utoipa doc strings
* add utoipa to wifi-station
* added WPA3 support
* fix firewall port detection, update wifi-station to c267d37
fix ntfy port_or_known_default, comment out ntfy_url in config
template, update wifi-station with resolv.conf bind mount
fallback, udhcpc_bin config, and module path fix for UZ801
* show wifi UI for tmobile and wingtech, add udhcpc_bin config
both devices have wifi hardware and backend support. wingtech
verified on hardware (QCA6174 via PCIe). uz801 excluded for now
due to driver scan limitations with hostapd active.
* install wifi tools from orbic-usb installer, fix DNS default to Quad9, bump wifi-station rev
* fix Modal scroll listener leak, correct file transfer timeout math, document firewall fail-open, clarify UZ801 wifi status
* build-dev.sh: build wifi tools so install-dev works for orbic-family devices
* update Cargo.lock for wifi-station e8ec5b4
* fix setup_timeout_server crypto provider install, apply rustfmt
* Update installer/src/connection.rs
Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>
* Update installer/src/orbic.rs
Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>
* apply rustfmt to AdbConnection::run_command
---------
Co-authored-by: Andrej Walilko <walilkoa@gmail.com>
Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>
70 lines
2.6 KiB
TOML
70 lines
2.6 KiB
TOML
# cat config.toml
|
|
qmdl_store_path = "/data/rayhunter/qmdl"
|
|
port = 8080
|
|
debug_mode = false
|
|
colorblind_mode = false
|
|
# Device selection. This will be overwritten by the installer. Defaults to "orbic".
|
|
#device = "orbic"
|
|
# UI Levels:
|
|
#
|
|
# Orbic and TP-Link with color display:
|
|
# 0 = invisible mode, no indicator that rayhunter is running
|
|
# 1 = Subtle mode, display a colored line at the top of the screen when rayhunter is running (green=running, white=paused, red=warnings)
|
|
# 2 = Demo Mode, display a fun orca gif
|
|
# 3 = display the EFF logo
|
|
# 4 = High Visibility mode, fill the entire screen with the status color (green=running, white=paused, red=warnings)
|
|
#
|
|
# TP-Link with one-bit display:
|
|
# 0 = invisible mode
|
|
# 1..3 = show emoji for status. :) for running, ! for warnings, no mouth for paused.
|
|
ui_level = 1
|
|
|
|
# 0 = rayhunter does not read button presses
|
|
# 1 = double-tapping the power button starts new recording
|
|
key_input_mode = 0
|
|
|
|
# If set, attempts to send a notification to the url when a new warning is triggered
|
|
# ntfy_url = "https://ntfy.sh/your-topic"
|
|
# What notification types to enable. Does nothing if the above ntfy_url is not set.
|
|
enabled_notifications = ["Warning", "LowBattery"]
|
|
|
|
# Disk Space Management
|
|
# Minimum free space (MB) required to start recording
|
|
min_space_to_start_recording_mb = 1
|
|
# Minimum free space (MB) to continue recording (stops if below this)
|
|
min_space_to_continue_recording_mb = 1
|
|
|
|
# WiFi Client Mode
|
|
# Toggle wifi_enabled to connect the device to an existing WiFi network.
|
|
# Credentials are stored separately in wpa_sta.conf and managed via the web UI.
|
|
wifi_enabled = false
|
|
|
|
# DNS servers to use when WiFi client mode is active.
|
|
# Defaults to ["9.9.9.9", "149.112.112.112"] (Quad9) if not specified.
|
|
# dns_servers = ["9.9.9.9", "149.112.112.112"]
|
|
|
|
# Device Security
|
|
# Restrict outbound traffic to essential services only (DHCP, DNS,
|
|
# HTTPS, and replies to inbound connections). Applies to all outbound
|
|
# interfaces (WiFi and cellular). Loopback and hotspot bridge traffic
|
|
# are always allowed. Defaults to true (recommended).
|
|
firewall_restrict_outbound = true
|
|
|
|
# Additional TCP ports to allow outbound when the firewall is active.
|
|
# DHCP (67-68), DNS (53), and HTTPS (443) are always allowed.
|
|
# Example: allow HTTP (80) and SSH (22).
|
|
# firewall_allowed_ports = [80, 22]
|
|
|
|
# Analyzer Configuration
|
|
# Enable/disable specific IMSI catcher detection heuristics
|
|
# See https://github.com/EFForg/rayhunter/blob/main/doc/heuristics.md for details
|
|
[analyzers]
|
|
imsi_requested = true
|
|
connection_redirect_2g_downgrade = true
|
|
lte_sib6_and_7_downgrade = true
|
|
null_cipher = true
|
|
nas_null_cipher = true
|
|
incomplete_sib = true
|
|
test_analyzer = false
|
|
diagnostic_analyzer = true
|