Odo is a framework for coordinating and automating tools during red teaming and other scenarios. In the case demonstrated at DefCon 29 it automates monitoring an ESPKey in a weaponized reader, cloning the captured credential using a Proxmark3, and alerting the user via haptic at each step in the process.
- python3 (>= 3.9 for Lovense module)
- python3 venv module (some OS need to install it separately)
- MQTT broker (tested with mosquitto v2.0.10)
-
Setup python virtualenv
python3 -m venv .venv -
Activate virtualenv
source .venv/bin/activate -
Install requirements
pip install -r requirements.txt
-
Modify
config.yaml.sampleas needed and save asconfig.yaml -
Run
main.pypython main.py
Example minimal config.yaml with ESPKey, Proxmark3, & Lovense haptic feedback
---
modules:
espkey:
lovense:
proxmark3:
- Pi & ESPKey on same WiFi network.
- Recommend to configure Pi in AP mode with
hostapdand connect ESPKey as client.
Defaults to espkey.local mDNS name for ESPKey host
python -m espkey
- Proxmark3 client
- Follow setup instructions from: https://github.com/RfidResearchGroup/proxmark3
- Compiled and
make install. - Proxmark3 client wrapper
pm3should be in your PATH and client should connect to Proxmark3 before attempting to run Odo
python -m proxmark3
Display captured credentials, status of components, change modes, & select a specific credential
To run screen without root:
sudo setcap "cap_dac_override+ep cap_sys_rawio+ep" $(eval readlink -f `which node`)
- node >= v15
- npm
- pigpio
cd screen_ws13npm install
cd screen_ws13node index.js
See our contributers guide here