6d45770d98
Move command registry from components/command/ into components/core/. New modules: mod_canbus, mod_honeypot, mod_fallback, mod_redteam, mod_ota. Replace mod_proxy with tun_core (multiplexed SOCKS5 tunnel). Kconfig extended with per-module settings and async worker config.
484 lines
11 KiB
Plaintext
484 lines
11 KiB
Plaintext
menu "Epsilon Bot Configuration"
|
|
|
|
################################################
|
|
# Device
|
|
################################################
|
|
config DEVICE_ID
|
|
string "Device ID"
|
|
default "ce4f626b"
|
|
help
|
|
Unique device identifier sent to the C2 server.
|
|
|
|
################################################
|
|
# Core Network
|
|
################################################
|
|
menu "Network"
|
|
|
|
choice NETWORK_MODE
|
|
prompt "Connection Mode"
|
|
default NETWORK_WIFI
|
|
|
|
config NETWORK_WIFI
|
|
bool "WiFi"
|
|
|
|
config NETWORK_GPRS
|
|
bool "GPRS"
|
|
|
|
endchoice
|
|
|
|
menu "WiFi Settings"
|
|
depends on NETWORK_WIFI
|
|
|
|
config WIFI_SSID
|
|
string "WiFi SSID"
|
|
default "mywifi"
|
|
|
|
config WIFI_PASS
|
|
string "WiFi Password"
|
|
default ""
|
|
|
|
endmenu
|
|
|
|
menu "GPRS Settings"
|
|
depends on NETWORK_GPRS || FB_GPRS_FALLBACK
|
|
|
|
config GPRS_APN
|
|
string "APN"
|
|
default "sl2sfr"
|
|
|
|
config GPRS_TXD_PIN
|
|
int "UART TX GPIO"
|
|
default 27
|
|
|
|
config GPRS_RXD_PIN
|
|
int "UART RX GPIO"
|
|
default 26
|
|
|
|
config GPRS_PWR_KEY
|
|
int "Modem PWRKEY GPIO"
|
|
default 4
|
|
|
|
config GPRS_PWR_EN
|
|
int "Modem Power Enable GPIO"
|
|
default 23
|
|
|
|
config GPRS_RESET_PIN
|
|
int "Modem Reset GPIO"
|
|
default 5
|
|
|
|
config GPRS_LED_GPIO
|
|
int "Status LED GPIO"
|
|
default 13
|
|
|
|
endmenu
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Server
|
|
################################################
|
|
menu "Server"
|
|
|
|
config SERVER_IP
|
|
string "Server IP"
|
|
default "192.168.1.100"
|
|
|
|
config SERVER_PORT
|
|
int "Server Port"
|
|
default 2626
|
|
range 1 65535
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Async Workers
|
|
################################################
|
|
menu "Async Workers"
|
|
|
|
config ASYNC_WORKER_COUNT
|
|
int "Number of async command workers"
|
|
default 2
|
|
range 1 4
|
|
help
|
|
Number of FreeRTOS tasks that process async commands
|
|
in parallel on Core 1.
|
|
|
|
config ASYNC_QUEUE_DEPTH
|
|
int "Async command queue depth"
|
|
default 8
|
|
range 4 32
|
|
help
|
|
Maximum number of async commands waiting to be processed.
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Modules (Command Providers)
|
|
################################################
|
|
menu "Modules"
|
|
|
|
config MODULE_NETWORK
|
|
bool "Network Commands"
|
|
default y
|
|
help
|
|
ping, arp_scan, dos, tunnel proxy, etc.
|
|
|
|
config MODULE_RECON
|
|
bool "Recon Commands"
|
|
default n
|
|
depends on NETWORK_WIFI
|
|
help
|
|
Network reconnaissance commands.
|
|
|
|
config MODULE_FAKEAP
|
|
bool "Fake Access Point Commands"
|
|
default n
|
|
help
|
|
Fake AP, captive portal, sniffer.
|
|
|
|
config MODULE_HONEYPOT
|
|
bool "Honeypot Module"
|
|
default n
|
|
help
|
|
TCP honeypot services (SSH, Telnet, HTTP, FTP),
|
|
WiFi monitor, network anomaly detector.
|
|
|
|
config MODULE_FALLBACK
|
|
bool "Fallback - Resilient Connectivity"
|
|
default n
|
|
help
|
|
Autonomous network recovery module. Auto-triggers on C2 loss.
|
|
WiFi mode: hunts for networks, tries known WiFi, open WiFi, captive bypass.
|
|
GPRS mode: restarts modem, tries WiFi fallback if enabled.
|
|
Fully autonomous, no C2 commands needed.
|
|
|
|
config MODULE_REDTEAM
|
|
bool "Red Team - Offensive Operations"
|
|
default n
|
|
depends on NETWORK_WIFI
|
|
help
|
|
Offensive red team capabilities: WiFi attacks,
|
|
network MITM, covert exfiltration, implant management.
|
|
|
|
config MODULE_CANBUS
|
|
bool "CAN Bus Module (MCP2515)"
|
|
default n
|
|
help
|
|
CAN bus via MCP2515 SPI controller: sniff, inject, UDS, OBD-II, fuzzing.
|
|
Requires MCP2515 module with TJA1050 transceiver.
|
|
|
|
config MODULE_TUNNEL
|
|
bool "SOCKS5 Tunnel Proxy"
|
|
default n
|
|
depends on MODULE_NETWORK
|
|
help
|
|
Multiplexed SOCKS5 tunnel proxy. Connects to C3PO tunnel
|
|
server and allows concurrent TCP connections through the
|
|
ESP32 to the target network. Use with proxychains/nmap/curl.
|
|
|
|
config ESPILON_OTA_ENABLED
|
|
bool "OTA Updates"
|
|
default y
|
|
help
|
|
Enable over-the-air firmware updates.
|
|
|
|
config ESPILON_OTA_ALLOW_HTTP
|
|
bool "Allow OTA over plain HTTP (insecure)"
|
|
default n
|
|
depends on ESPILON_OTA_ENABLED
|
|
help
|
|
Allow firmware downloads over HTTP in addition to HTTPS.
|
|
WARNING: No TLS verification, use only on trusted networks.
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Tunnel Module Settings
|
|
################################################
|
|
menu "Tunnel Settings"
|
|
depends on MODULE_TUNNEL
|
|
|
|
config TUNNEL_MAX_CHANNELS
|
|
int "Maximum concurrent channels"
|
|
default 8
|
|
range 4 16
|
|
help
|
|
Maximum number of simultaneous TCP connections through
|
|
the tunnel. Each channel uses ~1.2 KB of lwIP memory.
|
|
|
|
config TUNNEL_FRAME_MAX
|
|
int "Maximum frame data size"
|
|
default 4096
|
|
range 1024 8192
|
|
help
|
|
Maximum payload per frame. Larger = better throughput,
|
|
but uses more stack/heap memory.
|
|
|
|
config TUNNEL_ENCRYPT
|
|
bool "Per-frame AEAD encryption"
|
|
default n
|
|
help
|
|
Encrypt each tunnel frame with ChaCha20-Poly1305.
|
|
Adds 28 bytes overhead per frame. Recommended when
|
|
the tunnel crosses untrusted networks.
|
|
|
|
config TUNNEL_TASK_STACK
|
|
int "Tunnel task stack size"
|
|
default 6144
|
|
range 4096 8192
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# CAN Bus Module Settings
|
|
################################################
|
|
menu "CAN Bus Settings"
|
|
depends on MODULE_CANBUS
|
|
|
|
config CANBUS_SPI_HOST
|
|
int "SPI host (2=HSPI, 3=VSPI)"
|
|
default 3
|
|
range 2 3
|
|
|
|
config CANBUS_PIN_MOSI
|
|
int "SPI MOSI GPIO"
|
|
default 23
|
|
|
|
config CANBUS_PIN_MISO
|
|
int "SPI MISO GPIO"
|
|
default 19
|
|
|
|
config CANBUS_PIN_SCK
|
|
int "SPI SCK GPIO"
|
|
default 18
|
|
|
|
config CANBUS_PIN_CS
|
|
int "SPI CS (chip select) GPIO"
|
|
default 5
|
|
|
|
config CANBUS_PIN_INT
|
|
int "MCP2515 INT (interrupt) GPIO"
|
|
default 4
|
|
|
|
config CANBUS_OSC_MHZ
|
|
int "MCP2515 oscillator frequency (MHz)"
|
|
default 8
|
|
help
|
|
Most cheap modules use 8MHz. Some use 16MHz.
|
|
Check the crystal on your module.
|
|
|
|
config CANBUS_DEFAULT_BITRATE
|
|
int "Default CAN bitrate (bps)"
|
|
default 500000
|
|
help
|
|
Standard automotive: 500000. Trucks (J1939): 250000.
|
|
|
|
config CANBUS_SPI_CLOCK_HZ
|
|
int "SPI clock speed (Hz)"
|
|
default 10000000
|
|
help
|
|
MCP2515 supports up to 10MHz SPI clock.
|
|
|
|
config CANBUS_RECORD_BUFFER
|
|
int "Record buffer size (frames)"
|
|
default 512
|
|
range 64 2048
|
|
|
|
config CANBUS_ISO_TP
|
|
bool "Enable ISO-TP transport layer"
|
|
default y
|
|
help
|
|
Required for UDS and OBD-II (multi-frame messages > 8 bytes).
|
|
|
|
config CANBUS_UDS
|
|
bool "Enable UDS diagnostic services"
|
|
default y
|
|
depends on CANBUS_ISO_TP
|
|
|
|
config CANBUS_OBD
|
|
bool "Enable OBD-II PID decoder"
|
|
default y
|
|
depends on CANBUS_ISO_TP
|
|
|
|
config CANBUS_FUZZ
|
|
bool "Enable CAN fuzzing engine"
|
|
default y
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Fallback Module Settings
|
|
################################################
|
|
menu "Fallback Module Settings"
|
|
depends on MODULE_FALLBACK
|
|
|
|
config FB_AUTO_HUNT
|
|
bool "Auto-activate on C2 connection loss"
|
|
default y
|
|
help
|
|
Start C2 failover after FB_TCP_FAIL_THRESHOLD consecutive
|
|
TCP failures, then trigger full network hunt if all C2
|
|
fallback addresses are unreachable.
|
|
|
|
config FB_STEALTH
|
|
bool "Enable stealth features (MAC random, low TX, passive scan)"
|
|
default y
|
|
|
|
config FB_MAX_KNOWN_NETWORKS
|
|
int "Max known networks in NVS"
|
|
default 16
|
|
range 4 32
|
|
|
|
config FB_MAX_C2_FALLBACKS
|
|
int "Max C2 fallback addresses"
|
|
default 4
|
|
range 1 8
|
|
|
|
config FB_TCP_FAIL_THRESHOLD
|
|
int "TCP failures before C2 failover"
|
|
default 10
|
|
range 3 30
|
|
help
|
|
Consecutive TCP connect failures before trying C2 fallback
|
|
addresses, then triggering full network hunt.
|
|
|
|
config FB_WIFI_FAIL_THRESHOLD
|
|
int "WiFi reconnect failures before hunt"
|
|
default 10
|
|
range 3 20
|
|
depends on NETWORK_WIFI
|
|
help
|
|
WiFi reconnect failures in the event handler before
|
|
auto-triggering the fallback hunt.
|
|
|
|
config FB_GPRS_FALLBACK
|
|
bool "GPRS fallback (cellular backup for WiFi mode)"
|
|
default n
|
|
depends on NETWORK_WIFI
|
|
help
|
|
Last resort when all WiFi strategies fail: init SIM800
|
|
modem and connect to C2 via GPRS.
|
|
|
|
config FB_WIFI_FALLBACK
|
|
bool "WiFi fallback (WiFi backup for GPRS mode)"
|
|
default n
|
|
depends on NETWORK_GPRS
|
|
help
|
|
When GPRS modem is dead, init WiFi and hunt for networks.
|
|
|
|
config FB_GPRS_FAIL_THRESHOLD
|
|
int "GPRS modem failures before WiFi fallback"
|
|
default 5
|
|
range 2 10
|
|
depends on FB_WIFI_FALLBACK
|
|
help
|
|
Consecutive GPRS connection failures before triggering
|
|
WiFi fallback hunt.
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Recon Module Settings
|
|
################################################
|
|
menu "Recon Settings"
|
|
depends on MODULE_RECON
|
|
|
|
config RECON_MODE_CAMERA
|
|
bool "Enable Camera Reconnaissance"
|
|
default n
|
|
|
|
config CAMERA_UDP_TOKEN
|
|
string "Camera UDP Token"
|
|
default "Sup3rS3cretT0k3n"
|
|
depends on RECON_MODE_CAMERA
|
|
help
|
|
Secret token prepended to camera UDP packets.
|
|
Must match CAMERA_SECRET_TOKEN on the C2 server.
|
|
|
|
config RECON_MODE_MLAT
|
|
bool "Enable MLAT (Multilateration) Module"
|
|
default n
|
|
help
|
|
Enable multilateration positioning using RSSI measurements.
|
|
Mode (BLE or WiFi) is selected at runtime from C2.
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Security
|
|
################################################
|
|
menu "Security"
|
|
|
|
config CRYPTO_FCTRY_NS
|
|
string "Factory NVS namespace for crypto"
|
|
default "crypto"
|
|
help
|
|
NVS namespace in the factory partition where the master key is stored.
|
|
|
|
config CRYPTO_FCTRY_KEY
|
|
string "Factory NVS key name for master key"
|
|
default "master_key"
|
|
help
|
|
NVS key name for the 32-byte master key blob in the factory partition.
|
|
|
|
config C2_VERIFY_SERVER
|
|
bool "Verify C2 server identity on connect"
|
|
default y
|
|
depends on NETWORK_WIFI
|
|
help
|
|
Performs a challenge-response handshake after TCP connect
|
|
to verify the server possesses the shared encryption key.
|
|
Protects against MITM attacks without requiring TLS.
|
|
|
|
endmenu
|
|
|
|
################################################
|
|
# Logging
|
|
################################################
|
|
menu "Logging"
|
|
|
|
choice ESPILON_LOG_LEVEL
|
|
prompt "Default log level"
|
|
default ESPILON_LOG_LEVEL_INFO
|
|
|
|
config ESPILON_LOG_LEVEL_ERROR
|
|
bool "Error"
|
|
|
|
config ESPILON_LOG_LEVEL_WARN
|
|
bool "Warn"
|
|
|
|
config ESPILON_LOG_LEVEL_INFO
|
|
bool "Info"
|
|
|
|
config ESPILON_LOG_LEVEL_DEBUG
|
|
bool "Debug"
|
|
|
|
config ESPILON_LOG_LEVEL_VERBOSE
|
|
bool "Verbose"
|
|
|
|
endchoice
|
|
|
|
config ESPILON_LOG_CMD_REG_VERBOSE
|
|
bool "Verbose command registration logs"
|
|
default n
|
|
help
|
|
If enabled, log each command registration.
|
|
Otherwise, a single summary line is printed.
|
|
|
|
config ESPILON_LOG_C2_VERBOSE
|
|
bool "Verbose C2 command logs"
|
|
default n
|
|
help
|
|
If enabled, print the full C2 command block
|
|
(name, argc, request id, args).
|
|
|
|
config ESPILON_LOG_BOOT_SUMMARY
|
|
bool "Show boot summary header"
|
|
default y
|
|
help
|
|
Print a BOOT SUMMARY header at startup.
|
|
|
|
endmenu
|
|
|
|
endmenu
|