Eun0us/espilon-source
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1b89f6fd5
espilon-source/espilon_bot/main/Kconfig
Eun0us 8b6c1cd53d ε - ChaCha20-Poly1305 AEAD + HKDF crypto upgrade + C3PO rewrite + docs 
Crypto:
- Replace broken ChaCha20 (static nonce) with ChaCha20-Poly1305 AEAD
- HKDF-SHA256 key derivation from per-device factory NVS master keys
- Random 12-byte nonce per message (ESP32 hardware RNG)
- crypto_init/encrypt/decrypt API with mbedtls legacy (ESP-IDF v5.3.2)
- Custom partition table with factory NVS (fctry at 0x10000)

Firmware:
- crypto.c full rewrite, messages.c device_id prefix + AEAD encrypt
- crypto_init() at boot with esp_restart() on failure
- Fix command_t initializations across all modules (sub/help fields)
- Clean CMakeLists dependencies for ESP-IDF v5.3.2

C3PO (C2):
- Rename tools/c2 + tools/c3po -> tools/C3PO
- Per-device CryptoContext with HKDF key derivation
- KeyStore (keys.json) for master key management
- Transport parses device_id:base64(...) wire format

Tools:
- New tools/provisioning/provision.py for factory NVS key generation
- Updated flasher with mbedtls config for v5.3.2

Docs:
- Update all READMEs for new crypto, C3PO paths, provisioning
- Update roadmap, architecture diagrams, security sections
- Update CONTRIBUTING.md project structure
2026-02-10 21:28:45 +01:00

190 lines
3.8 KiB
Plaintext
Raw Blame History

menu "Epsilon Bot Configuration"
################################################
# Device
################################################
config DEVICE_ID
string "Device ID"
default "ce4f626b"
help
Unique device identifier sent to the C2 server.
################################################
# Core Network
################################################
menu "Network"
choice NETWORK_MODE
prompt "Connection Mode"
default NETWORK_WIFI
config NETWORK_WIFI
bool "WiFi"
config NETWORK_GPRS
bool "GPRS"
endchoice
menu "WiFi Settings"
depends on NETWORK_WIFI
config WIFI_SSID
string "WiFi SSID"
default "mywifi"
config WIFI_PASS
string "WiFi Password"
default ""
endmenu
menu "GPRS Settings"
depends on NETWORK_GPRS
config GPRS_APN
string "APN"
default "sl2sfr"
endmenu
endmenu
################################################
# Server
################################################
menu "Server"
config SERVER_IP
string "Server IP"
default "192.168.1.100"
config SERVER_PORT
int "Server Port"
default 2626
range 1 65535
endmenu
################################################
# Modules (Command Providers)
################################################
menu "Modules"
config MODULE_NETWORK
bool "Network Commands"
default y
help
ping, arp_scan, proxy, dos, etc.
config MODULE_RECON
bool "Recon Commands"
default n
depends on NETWORK_WIFI
help
Network reconnaissance commands.
config MODULE_FAKEAP
bool "Fake Access Point Commands"
default n
help
Fake AP, captive portal, sniffer.
endmenu
################################################
# Recon Module Settings
################################################
menu "Recon Settings"
depends on MODULE_RECON
config RECON_MODE_CAMERA
bool "Enable Camera Reconnaissance"
default n
config CAMERA_UDP_TOKEN
string "Camera UDP Token"
default "Sup3rS3cretT0k3n"
depends on RECON_MODE_CAMERA
help
Secret token prepended to camera UDP packets.
Must match CAMERA_SECRET_TOKEN on the C2 server.
config RECON_MODE_MLAT
bool "Enable MLAT (Multilateration) Module"
default n
help
Enable multilateration positioning using RSSI measurements.
Mode (BLE or WiFi) is selected at runtime from C2.
endmenu
################################################
# Security
################################################
menu "Security"
config CRYPTO_FCTRY_NS
string "Factory NVS namespace for crypto"
default "crypto"
help
NVS namespace in the factory partition where the master key is stored.
config CRYPTO_FCTRY_KEY
string "Factory NVS key name for master key"
default "master_key"
help
NVS key name for the 32-byte master key blob in the factory partition.
endmenu
################################################
# Logging
################################################
menu "Logging"
choice ESPILON_LOG_LEVEL
prompt "Default log level"
default ESPILON_LOG_LEVEL_INFO
config ESPILON_LOG_LEVEL_ERROR
bool "Error"
config ESPILON_LOG_LEVEL_WARN
bool "Warn"
config ESPILON_LOG_LEVEL_INFO
bool "Info"
config ESPILON_LOG_LEVEL_DEBUG
bool "Debug"
config ESPILON_LOG_LEVEL_VERBOSE
bool "Verbose"
endchoice
config ESPILON_LOG_CMD_REG_VERBOSE
bool "Verbose command registration logs"
default n
help
If enabled, log each command registration.
Otherwise, a single summary line is printed.
config ESPILON_LOG_C2_VERBOSE
bool "Verbose C2 command logs"
default n
help
If enabled, print the full C2 command block
(name, argc, request id, args).
config ESPILON_LOG_BOOT_SUMMARY
bool "Show boot summary header"
default y
help
Print a BOOT SUMMARY header at startup.
endmenu
endmenu
Reference in New Issue View Git Blame Copy Permalink