Home » Articles » House Party Protocol – remote evidence wiper program
Click Here To Hide Tor

House Party Protocol – remote evidence wiper program

Implementing this will make you feel that fuzzy feeling of being extra safe. House Party Protocol is a program that you control remotely and when activated, it encrypts all confidential data on your computer. It’s a life saver in case of police seizure or theft by criminals.

One might suggest deleting instead of encrypting those files, but the encryption is actually safer. This is beyond the scope of this tutorial, but you will probably find all answers on this topic here. Extra point goes to encrypting for being the same for every system while irreversibly deleting files is system and hard drive dependent.

The name was inspired by a scene from Iron Man 3 movie in which Tony Stark activates the “House Party Protocol” when his house is destroyed. A guy named Utku Sen wrote 2 versions

and uploaded them to github:

python version (recommended and featured in this tutorial)

C# version

How it works?

There are 3 files in the process:

hpp.py – Python program that reads an uploaded text file (command.txt) every 60 seconds (adjustable) to check for the start command. If the permission is given, the “party” starts which means the program encrypts all files in chosen location with AES algorithm with unique random key for each encryption process. It also encrypts all files in all subdirectories.

bust.php – Minimalistic HTML and PHP website that writes “1” to commands.txt if you submit the correct password signaling that the “party” should start. This is a public website that can be reached from any device with internet access.

command.txt – The file hpp.py periodically reads to know when to start the action.

I used Kali Linux (Debian based), but it should work like this for any Linux environment. If you would like me to make a tutorial for Windows or any other OS, let me know in the comments section.

First, you need to have a hosting account which can run php scripts. Many websites offer that service for free, I used 000webhost.

Next, copy the HTML and PHP code from Utku’s github and save it as a PHP file (.php). Then upload it along with empty command.txt file so they are both accessible from any internet browser. You should be able to open the page that prompts you the password at www.yoursite.com/bust.php :

The password can (should) be set in bust.php line 3:

Also make sure that you can access command.txt file at www.yoursite.com/command.txt It should display an empty file until you submit your password to bust.php.

You should have your python program starting and silently running by default every time you start your PC so the listener (method in hpp.py that periodically checks for the start command) is always ready! You can do this by adding a bash (.sh) script to your startup processes. Alternative option is to use SSH to run the command. SSH can actually be used to implement the whole protocol without using the hosting service.

Terminal command that starts it should look like this:

python3 is the version of python being usedhpp.py is name of the python program -d /path specifies path to the folder that you want encrypted (all files in all subdirectories will be encrypted too); you have to keep all your confidential data in 1 folder -u URL specifies URL to be checked -i integer is the checking time period in seconds Running that command will start the listener:

Once the correct password is submitted, PHP script will write “1” to command.txt file and respond with a message “1Completed”. If the response is “0Completed” that means that there was an error writing to the command.txt file.

Next time the listener checks that file, it will start the encryption and your files will be safe! Remember that the program doesn’t save used encryption keys so not even you will be able to get your files back. This is good because it eliminates the possibility of blackmailing you into decrypting the files.

This is what should happen if someone tries to open an encrypted file when the job is done:

14 comments

  1. can this be accomplished in the following fashion:
    when a certain user like admin/admin logs in, the encryption starts automatically with no need for internet connection?
    I guess one would need to test this first before relying on it.

    • Filip Jelic

      I see what you want, that’s what I thought about too. If you make user log in a trigger, your files will encrypt next time you log in. It can be made in a way that you have 60 seconds to submit your password to PREVENT files from being encrypted (similar to real life alarms).

      Huge upside here is that you don’t have to react (sometimes you will find out too late that your laptop is missing). And you don’t need internet.

      Huge downside is that you lose your data if you can get drunk (or worse) and forget to type in the password. Another thing, some program can freeze your computer causing the same issue.

      On the other hand, you can use SSH instead of internet (as I mentioned in the article) which would be more reliable. I would opt for this variation.

      However, if you don’t mind making a backup of your files (and you can keep it safe), your idea combined with 60seconds password prompt is perfect, but having all files on external hard drive or USB opens other dangers, not to mention it’s a big hassle.

      • thanks. As a quick side note: my view was simply having multiple logins available and one of those being the burner one or whatever the appropriate name is; one I can just log into when needed.
        The 60 second limit is quite nice indeed and serves the same purpose. Albeit not live and automatic in the cloud, physical backups seems the way to go.

  2. Why not just encrypt to begin with? Say, using Tails?

    • Filip Jelic

      That would be a great alternative, but remembering and entering a strong passphrase seems like more hassle than implementing this protocol.

      Take in consideration that you might be forced or tricked to give up the password whereas in HPP you don’t know the password nor it is ever saved.

      • Just use a hardware encrypted USB with Tails and their persistent storage. It’s no more a hassle than implementing and testing some protocol, only to have it go wrong at the last moment. Besides, it’s easily overcome by blocking the electromagnetic spectrum in the area, something that TLAs/LE is very good at. A good typist can do 70 to 90 words per minute, which is far more than the 60-character maximum length imposed by TrueCrypt which, by the way, you can mount (although, not create) with Tails.

        • Filip Jelic

          As I said, encrypted storage is a great thing, but there are ways to get your password.

          Why not have both? Use encrypted storage as well as house party protocol to be safe even if someone gets the password for your storage you can encrypt your files with passwords that are never saved.

  3. any way to have this run on an android phone?

  4. You said you can do this with Windows also, Please please please write that tutorial I can’t find any info on this outside of this article, thanks so much!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *