NOdES – Regaining internet’s freedom, one device at a time
The name NOdES stands for Network Operating Expandable System, the smaller “d” in the middle of the name is a representation of a (d)evice in the middle of the NODES network.
⚠️NOTE: The NOdES project was discontinued at it’s first iteration, as a proof of concept. Hence it is not secure nor a stable and working product. Please notice that throughout the whole document I’ll talk about both the functions that have been present in the project before it was shut down and the possible future iterations that could have been implemented into the device.
OVERVIEW
NOdES is an IT multitool made to create a “private and personal space” inside the internet infrastructure. The first concept owes its beginnings to my personal need of a single, portable and headless device that is single-handedly capable of connecting any device i want to any network, both wired and wireless, avoiding any restriction made by the network owner and respecting my privacy.
The brain behind the whole project is a Raspberry PI 3, loaded with a custom-kernel Arch GNU/Linux based operating system. The Raspberry is a great board, but it is useless without electric power, which is usually delivered by a wall charger. Being NOdES a portable device I decided to power it using a 10KmAh power-bank, which should output enough electricity to run the raspberry for some 20-ish hours.
Features
HEADLESS FUNCTIONALITY AND FEEDBACK:
NOdES is an headless device. This means that it has to be able to work and function disconnected and free from any other component, computer or input/output data device, such as a monitor or a keyboard. This is perfectly fine, but it doesn’t allow any communication with the end user. To avoid this problem I made a small shield with a liquid crystal display, which is able to connect to the raspberry and display some important information about the project.
The display is driven by the lcd.py library, located in Display. The library is a fork of the outdated RPISpy library, made in 2012 (refer to “Useful information”). In the same folder You can find parser.py, a program able to parse a couple of commands and send the result out to a socket in localhost, which is picked up by server.py that displays it on the screen.
the schematic for the connection can be found in the “programs” directory on Git.
NETWORKING (Pt.1):
The Main function of the NOdES project is that the device is able to generate an access point with Network address translation functionalities. If the Network Manager is able to connect to a known network, whether it is wireless or wired, a program named pycreateap starts checking the connection and creates an access point using the internal antenna of the raspberry. please notice that the wireless repeater/access point functionality is only activated if there are more than two interfaces, being one a wired one, and the other two both wireless.
This functionality can be activated in the headless mode or by hands, connecting to the device via SSH.
NETWORKING (Pt.2):
alongside pycreateap, another program is launched at the bootup of the raspberry: the program is a Network management tool, made in collaboration with a friend, composed by a wsgi server and a database, both managed by a python script. This part of the project allows the user to manage any connected device using the web interface. the connection is based on accounts. anyone that has an active account in the database is able to connect to the device’s access point. The access management is based on a script that writes data on the iptables of the operating system, tho this function is not yet implemented due to time restrains.This program allows NOdES to be placed in a public environment without any PSK, but allowing only known hosts to be routed on the internet.
PRIVACY:
These days privacy is a big deal on the IT playground. I tried to fit NOdES with as many privacy tools as I could.
The default routing configuration for the device is a standard reroute on the internet. It is though possible to activate a privacy flag inside the main config file of the project, allowing it to reroute any package on the Tor Network, making it an actual Tor node. This way any traffic sent to the device and from the device to the internet is encrypted with the usual onion encryption used by the Tor Network.
NETWORK SECURITY (BLUE HAT):
The NOdES project can also be used as a monitoring device on a network. Thanks to the tBB program made by Daniele Parmeggiani, NOdES can be connected to any network to monitor the behavior of the nodes connected to that network. Right now it is only possible to see this data connecting to the raspberry via remote shell, but I am planning to make a parser to be able to show the nodes data on the same site that allows the admin to manage the ap-connected devices.
NETWORK SECURITY (RED HAT):
The project is also packed with a couple of penetration testing tools, just in the case you might need them. Alongside with the typical Nmap and Ettercap combo, NOdES will have a custom NetworkManager tool that ,as soon as connected to a network, starts to monitor the nodes for other mac address, and as soon as a known mac address goes online, the tool changes the iface cloned mac address to the one offline. This way the device is absolutely invisible in the network.
USE-CASE SCENARIOS
When you find out that "cool" and "useful" are not synonynms
The NOdES project is a device focused on privacy, but it has a lot more in it’s sights. Apart from the privacy focus, and all the other technological targets mentioned above, the device is able to peek out in the security-network-infrastructures field. In fact adding a powerful 1200Mbps high-gain antenna, we can chain-connect tens, or hundreds of NOdES toghether, making a security infrastructure still able to communicate with the internet, as long as a single device is connected to a working repeater.
With the proper INBN (Intelligent node based network) software a similar infrastructure can be used to communicate even if any other network is taken down.
Not implemented ideas
ADDING A SDR:
Let’s talk doomsday scenarios: a great possible idea to make this project even more useful in case of an unfortunate situation is to add a SDR (software defined radio) to be able to communicate with any other similar device, allowing for radio bridges and long distance connections. Unfortunately SDRs are pretty expensive and I can’t really afford to buy one to implement
COMPLETELY HEADLESS AI-LIKE FUNCTIONALITIES:
Right now the source interface selection is made giving a certain “weight” to every interface, a process similar to the one made by routers in a mesh network, to understand which way is better for forwarding packets. This could be improved with an automatic selection between any connection available, including unknown open connections. this can be “easily” made with a neural-network like selection tool, teaching the network’s weights (making it a post-learning network) on a couple of factors like the ping speed to the router, the ping speed to the network and tBB’s monitoring results. this is a great implementation, unfortunately it is as great as the amount of time it needs to be made properly.
ANDROID APPLICATION:
An android application would be great to be able to connect to the device without an heavy browser to load the data. It just would be the easiest way to manage NOdES.
I did not work on the application yet, but i was thinking about a possible integration with the already downloadable KDEconnect apk, since it has a great amunt of functionalities for connecting android and linux based distributions.
DISCLAIMERS
This idea is more of a concept than an actual product, created for academic purpose only. The tBB tool created by dpdani is not, I suggest you to take a look to his docs and his other great works on Github.
Every modification to the kernel and/or any program inside the project NOdES is published under the original license as in Open Source terms and conditions, feel free to contribute.
NO WARRANTIES APPLIED:
as in FOSS1 and OSS2, the Software and information in this document are provided as is , without warranty of any kind, including the warranty of design, merchantability and fitness for a particular purpose.
1 – FOSS: Free and Open Source Software
2 – OSS: Open Source Software
ACKNOWLEDGEMENTS
Thanks to:
- Matt Hawkins, for allowing me to abuse his old and deprecated library,
- Elena Ascari, for helping me with the design and printing of the enclosure of the device,
- FlamesNetwork, for the technical help and how to’s
- The Raspberry PI foundation mailing-list for helping me develop my crazy ideas.
- Dpdani for providing with the amazing tBB tool
