Close

Does this project spark your interest?

Become a member to follow this project and don't miss any updates

Web security everywhere

Secure your Internet, control your data, fight censorship. Bring your secure and autonomous all in one security device everywhere.

5 80 67
Enjoy this project?
Share on twitter   Share on Facebook

This project was created on 07/23/2014 and last updated 3 days ago.

Description
UnJailPi uses the available connectivity to build a secure access-point to make you bypass
internet filters and use a secured internet or even browse anonymously.
Connect your laptop/smartphone/iThing to the UnJailPi secured wifi access-point, no
additional setup is needed. Enjoy a secured internet anywhere, anytime.

UnJailPi can connect the internet via a public wifi access-point, 3G internet via phone
usb/wifi tethering, corporate cable network, or even your own router/ADSL box.

It is very easy to use with its touch control interface and its fully automatized functions.

It even runs autonomously on its external battery.
Details

While I'm rewriting this part, please read the project logs to learn many important details and what is currently under changes.

Basically, it acts as a wifi / ethernet router and access point. It could connect to the internet using some random wifi, a wired network, or a tethered android phone. On the secured side, it acts as a wireless access point or a wired router with internet forwarding.

From the touch screen interface, TOR or an OpenVPN tunnel could be enabled. This custom interface could be used for basic operation, while an optional web interface could be used for more advanced tasks (connecting to a public wifi for an example). This last part may move to the main python interface sooner or later.


Connection diagram

Functions :

  • on-demand OpenVPN transparent tunnelling to a remote trusted network/server (here, it is a second Raspberry Pi),
  • on-demand Tor transparent proxy for anonymous browsing,
  • fully automated firewall rules switching
  • touch display custom control interface, 
  • optional configuration web interface - REMOVED from last prototype device -
  • optional on-board encrypted mini-cloud with android sync - REMOVED from last prototype device -

It runs on main AC or with external 10.000mAh battery, providing 6-8 hours of running time.

As a bonus, it also includes the PiNoIR camera, for advanced HD night photography or movies but this part is now a project on its own. - REMOVED from last prototype device -

The main issue is I don't have easy access to a 3D printer, CNC machine or this kind of very cool hardware, so I have to use some ingenuity and elbow grease instead.

System Design Document

Presentation slideshow PDF

Software bits :

  • [Client device] Notro fbtft Raspbian (cleaned up)
  • [Server device] OpenWRT scratch build
  • hostapd
  • dnsmasq + dnsutils
  • OpenVPN client and server
  • OpenSSL
  • TOR
  • Apache + PHP + MySQL + Twitter Bootstrap (optional) - REMOVED from last prototype device -
  • Samba + ntfs-3g (optional) - REMOVED from last prototype device -
  • Notro FBTFT driver
  • WiringPi
  • Python + Pygame + python-psutil + python-evdev
  • geoip-database + libgeoip1 + python-geoip_1.2.4-2_armhf.deb

Licences

Each software or library used is under one of these licences :

  • Creative Commons Attribution-ShareAlike
  • GNU General Public License 2 or 3
  • Apache Licence 1.0
  • BSD Licence
  • PHP Licence
  • MIT Licence

Final project may use MIT licence (to be confirmed).

Components
  • 1 × [Client device] Raspberry Pi model B / B+
  • 1 × [Server device] Raspberry Pi model B / BPi-R1
  • 1 × [Client device] 2.8" SPI touch TFT
  • 1 × [Client device] PiModules UPiS advanced
  • 1 × [Client Device] PiModules UPiS Case
  • 2 × [Client device] USB WiFi interfaces
  • 1 × [Client device, Optional] 10.000mAh external battery

Project logs
  • Back to building...

    4 days ago • 0 comments

    As mentionned, I had a show on wednesday : some swiss CEO and technician wanted to see my prototype. This was a very informative moment, we had some great talk about the whole concept.

    Now, I know people and corporations are very interested in it. I just had to do a small demonstration, under their own corporate network, to make the prototype speak by itself.

    I see swiss people are very interested about the "physical security" features : 

    • on the actual prototype, SD-card could be removed (or even destroyed) to make the device useless in a few seconds
    • the device software could be installed on the SD-card almost on-demand, from an encrypted image file

    Although, I know the actual prototype is not enough. It is very nice for the client side, but corporations are also interested in the server side. They want the server side to provide 4x ethernet hub/switch, I'm actually thinking about this feature. I know the BPi-R1 open router could provide everything I need, but it's not released yet. I'm actually trying to get an engineering prototype, but I may have it in a month.

    On the other hand, I'm now invited to HP Europe headquarters in Geneva to test it from their corporate network. This is again a great opportunity for some great talks about the concept. This show will take place after the september 28, as I still have a lot of work until the next contest vote...

    So, since wednesday, and taking into account the discussions we had here with GeremyCondra, Dan and other people, I'm doing some big changes.

    The project is now two devices :

    • The first device is the actual prototype device. 

    People really want the touch interface, so I rebuilt the software from scratch, using notro Raspbian image. I removed every unnecessary parts from it and kept only what is needed for the device to work. There is no more Apache, PHP, MySQL, X desktop, camera, etc... I will post an installed components list for everyone to check. I may have some more to remove.

    I'm also trying to move to Moebius OS, as it is a minimal Raspbian. However I would have to rebuild the touch display kernel for it, and time is missing... So while I'm working on it, the actual prototype is still Raspbian based : I need it to work for the shows.

    • The second device is the router/server device. 

    It is still Raspberry Pi-B based, as I don't have the BPi-R1 device to build it yet. I also think it is a good idea to build it around a well known board. It will allow a lot of people to build it at home.

    I tried Kali Linux and Moebius, but I think a specialized router distro would be the better choice. So, I'm actually building OpenWRT from scratch for this second device. I think It would also be easier to move to a different board.

    However it still needs some kind of physical interface. I don't plan to use a touch display on it (although it would be nice), but I may use some I2C LCD display and a small keypad, as it doesn't require some big librairies.

    I would like to know your opinions about these changes. What do you think about them ?

  • Think time

    9 days ago • 0 comments

    Hi people,

    Given the comments and reactions on the project blog article, I think it's time for a little explaination. I think there was some misunderstanding, maybe because of the name's project.
    I don't mean to secure the whole world internet with this box. Many people are way smarter than me on this subject, and they are doing well most of the time. But I also know there is something to do from the end-user perspective.

    For the last 15 years, I worked in many structures, always doing some computers repair / cleanup / hardening, etc. I had many (well, thousands, litterally) end users computers to work on, and also many small / moderate / big companies. During these many years, one thing became clear, from the end-user perspective : privacy is too difficult for individuals to really interest in. People computers are full of virus and malwares all the time, because it's just to difficult to not click on the last Facebook link. People use the same weak password everywhere, and continue to do so, just because it's too difficult to remember them all. And I could tell you many other stories. Companies are not different, really.
    During these many years, when I work on people computers, often directly at their home, I take this time, while I'm repairing/cleaning their computer, to give them advices, tell them about privacy, what to do to harden it. Some listen, many don't. Sometimes, I could even teach them about some linux, and remove their old Windows XP for some fresh distro.
    But, when I leave someone computer, it's meant to be secure, at least for a few hours (and then, they return on clicking on this stupid FB video...). Believe it or not, the last active virus I met on my own computers, was wormblast, many years ago. This one teached me many things.

    Now that I own my own (still very new) little one-man company, I could do whatever I want. I don't have people above me to tell me how to do things anymore, when they just want to hide easy processes, because they think computer litterate people could hurt their business. A boss urged me to remove the tools that I often install and configure for customers (you see, a simple noscript plugin) because it would hurt his business. This is a silly practice, and this time is over (for me at least).

    I may have not made myself clear enough. I don't meant this box could be use to add privacy to an already crippled endpoint. It's meant to help keep privacy on a already clean endpoint. Cleaning computers is my all day job (well until recently ^^), this part I could assume, and I think I'm known to do it well. But I know many people would be interested in a little standalone box to help them understand all this, while being easy to use. Installing TOR / VPN tunnel / HTTPS everywhere, configuring them well, and using them on the endpoint is not a solution for these people. They want to push a button to activate privacy, basically. If I could teach them how and why to use Keepass for example, this would be a win already. I don't blame them at all, this is not their job. This is mine. 

    From an other point of view, when customers see my device, they ask me what is it, they are interested in it. This could easily lead me to teach them some privacy concepts, from a fun perspective : "yes, I built it from scratch, and it does this". Wow factor is a great way to teach important stuff to people, nowadays.

    I agree with both the two guys that are discussing on the project blog article : there are things to change on my concept. There are many components to remove, this box should be almost barebone. The actual prototypes, I built them for me, from start. Because I needed this kind of tool in my everyday work. There's a LCD screen (and camera on the first HaD prototype) because I used my first Raspberry Pi as a learning tool, did many things with it, and had a lot of fun. Look at the very first prototype video, more than one year ago : it's just a very autonomous box, with 2 bicolors leds only (I posted a fun...

    Read more »

  • The new prototype

    11 days ago • 0 comments

    Here is the new prototype. The box found a new home in the PiModules acrylic case.

    The PiModules UPiS advanced battery board works very well, and I solved the overheat issue with a custom top plate, leaving enough room for heat to dissipate.

    Unfortunately, the UPiS for Raspberry Pi B+ is not out yet, so I had to go back to the original Raspberry Pi B. The new UPiS may be released during this month, so hopefully the next prototype will be ready for the next contest stage.

View all 18 project logs

Build instructions

See all instructions

Discussions

Tachyon wrote 11 days ago null point

Regarding the heat issue...try starting simple. Block off the sides and let convection do the work. This is assuming you make it to be stood up as in the first photo. Note that you'll need to leave an opening at the bottom.

Are you sure? [yes] / [no]

GuyisIT wrote 12 days ago null point

Congrats on making the cut for the HaD Prize! This is an awesome project, and I can' wait to see the code.

Are you sure? [yes] / [no]

Arcadia Labs wrote 11 days ago null point

Many thanks for your support ! I'm actually cleaning up the actual code for a first release, so it won't take long.

Are you sure? [yes] / [no]

Arcadia Labs wrote a month ago null point

Actually I'm exploring another board, more adapted to this use (the Banana Pi). Code is 100% compatible, but I still need to make the LCD work as expected :)
I have plans to make a really nice enclosure, but it takes time. I second you on this :)

Are you sure? [yes] / [no]

DigiGram wrote a month ago null point

Now I have a good reason to get a RPi!! This looks awesome. Will really look into building something like this! But with a case that will not have TSA remove my luggage at the airport :D (Being a foreign Chemical Engineer already puts you on some kind of watchlist)

Are you sure? [yes] / [no]