--- - hosts: - 127.0.0.1 gather_facts: true become: true vars: kernel: min: "6.1" full: "6.1.21-v8+" pwnagotchi: hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}" version: "{{ lookup('env', 'PWN_VERSION') | default('pwnagotchi-torch', true) }}" system: boot_options: - "dtoverlay=dwc2" - "dtoverlay=spi1-3cs" - "dtparam=spi=on" - "dtparam=i2c_arm=on" - "dtparam=i2c1=on" - "gpu_mem=16" modules: - "i2c-dev" services: enable: - dphys-swapfile.service - pwnagotchi.service - bettercap.service - pwngrid-peer.service - fstrim.timer disable: - apt-daily.timer - apt-daily.service - apt-daily-upgrade.timer - apt-daily-upgrade.service - bluetooth.service - ifup@wlan0.service packages: bettercap: # We will install bettercap from source # url: "https://github.com/jayofelony/bettercap/releases/download/2.32.1/bettercap-2.32.1.zip" ui: "https://github.com/bettercap/ui/releases/download/v1.3.0/ui.zip" pwngrid: # url: "https://github.com/evilsocket/pwngrid/releases/download/v1.10.3/pwngrid_linux_aarch64_v1.10.3.zip" apt: downgrade: - libpcap0.8-dev_1.9.1-3_arm64.deb - libpcap0.8_1.9.1-3_arm64.deb - libpcap-dev_1.9.1-3_arm64.deb hold: - libpcap-dev - libpcap0.8 - libpcap0.8-dev - firmware-atheros - firmware-brcm80211 - firmware-libertas - firmware-misc-nonfree - firmware-realtek remove: - raspberrypi-net-mods - dhcpcd5 - triggerhappy - wpasupplicant - nfs-common - libraspberrypi0 - libraspberrypi-dev - libraspberrypi-doc - libraspberrypi-bin - ansible install: - bluez - raspberrypi-kernel-headers - git - libgmp3-dev - gawk - qpdf - bison - flex - make - autoconf - libtool - texinfo - gcc-arm-none-eabi - wl - libfl-dev - g++ - xxd - aircrack-ng - time - rsync - vim - wget - screen - build-essential - dkms - python3-pip - python3-smbus - unzip - libopenmpi-dev - libatlas-base-dev - libelf-dev - libopenjp2-7 - libtiff5 - tcpdump - lsof - libgstreamer1.0-0 - libavcodec58 - libavformat58 - libswscale5 - libusb-1.0-0-dev - libnetfilter-queue-dev - libopenmpi3 - dphys-swapfile - libdbus-1-dev - libdbus-glib-1-dev - liblapack-dev - libhdf5-dev - libc-ares-dev - libeigen3-dev - fonts-dejavu - fonts-dejavu-core - fonts-dejavu-extra - python3-pil - python3-smbus - libfuse-dev - libatlas-base-dev - libopenblas-dev - libblas-dev - bc - libgl1-mesa-glx - libncursesw5-dev - libssl-dev - libsqlite3-dev - tk-dev - libgdbm-dev - libc6-dev - libbz2-dev - libffi-dev - zlib1g-dev - fonts-freefont-ttf - fbi - python3-flask - python3-flask-cors - python3-flaskext.wtf - build-essential - libpcap-dev - libusb-1.0-0-dev - libnetfilter-queue-dev environment: ARCHFLAGS: "-arch arm64" tasks: - name: Create pi user user: name: pi password: "{{ 'raspberry' | password_hash('sha512') }}" shell: /bin/bash generate_ssh_key: true - name: change hostname lineinfile: dest: /etc/hostname regexp: '^raspberrypi' line: "{{pwnagotchi.hostname}}" state: present when: lookup('file', '/etc/hostname') == "raspberrypi" register: hostname - name: add hostname to /etc/hosts lineinfile: dest: /etc/hosts regexp: '^127\.0\.1\.1[ \t]+raspberrypi' line: "127.0.1.1\t{{pwnagotchi.hostname}}" state: present when: hostname.changed - name: disable sap plugin for bluetooth.service lineinfile: dest: /lib/systemd/system/bluetooth.service regexp: '^ExecStart=/usr/lib/bluetooth/bluetoothd$' line: 'ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap' state: present - name: configure dphys-swapfile lineinfile: path: /etc/dphys-swapfile regexp: "^CONF_SWAPSIZE=.*$" line: "CONF_SWAPSIZE=2048" - name: update apt package cache apt: update_cache: yes - name: install packages become_user: root apt: name: "{{ packages.apt.install }}" state: present # Install nexmon to fix wireless scanning (takes 2.5G of space) - name: clone nexmon repository git: repo: https://github.com/DrSchottky/nexmon.git dest: /usr/local/src/nexmon register: nexmongit - name: make firmware shell: "source ./setup_env.sh && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: choose the right kernel version (bcm43436b0) replace: dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile backup: no regexp: "KERNEL_VERSION = .*$" replace: "KERNEL_VERSION = {{ kernel.min }}" - name: choose the right kernel release (variable) (bcm43436b0) lineinfile: dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile insertafter: "DRIVER_FOLDER_NAME = .*$" line: "KERNEL_RELEASE = {{ kernel.full }}" - name: choose the right kernel release (replace string) (bcm43436b0) replace: dest: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/Makefile backup: no regexp: "shell uname -r" replace: "KERNEL_RELEASE" - name: make firmware patch (bcm43436b0) shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware (bcm43436b0) copy: src: /usr/local/src/nexmon/patches/bcm43436b0/9_88_4_65/nexmon/brcmfmac43436-sdio.bin dest: /usr/lib/firmware/brcm/brcmfmac43436-sdio.bin - name: choose the right kernel version (bcm43430a1) replace: dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile backup: no regexp: "KERNEL_VERSION = .*$" replace: "KERNEL_VERSION = {{ kernel.min }}" - name: choose the right kernel release (variable) (bcm43430a1) lineinfile: dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile insertafter: "DRIVER_FOLDER_NAME = .*$" line: "KERNEL_RELEASE = {{ kernel.full }}" - name: choose the right kernel release (replace string) (bcm43430a1) replace: dest: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/Makefile backup: no regexp: "shell uname -r" replace: "KERNEL_RELEASE" - name: make firmware patch (bcm43430a1) shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware (bcm43430a1) copy: src: /usr/local/src/nexmon/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin dest: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin - name: copy 43430-sdio as 43436s-sdio for the special 43430/1 /2 copy: src: /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin dest: /usr/lib/firmware/brcm/brcmfmac43436s-sdio.bin - name: Delete the firmware blob to avoid it crashing file: state: absent path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.clm_blob - name: Delete the RPiZW firmware blob to avoid it crashing file: state: absent path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,model-zero-w.clm_blob - name: Delete the RPi3 firmware blob to avoid it crashing file: state: absent path: /usr/lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob - name: choose the right kernel version (bcm43455c0) replace: dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile backup: no regexp: "KERNEL_VERSION = .*$" replace: "KERNEL_VERSION = {{ kernel.min }}" - name: choose the right kernel release (variable) (bcm43455c0) lineinfile: dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile insertafter: "DRIVER_FOLDER_NAME = .*$" line: "KERNEL_RELEASE = {{ kernel.full }}" - name: choose the right kernel release (replace string) (bcm43455c0) replace: dest: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/Makefile backup: no regexp: "shell uname -r" replace: "KERNEL_RELEASE" - name: make firmware patch (bcm43455c0) shell: "source ./setup_env.sh && cd /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/ && make" args: executable: /bin/bash chdir: /usr/local/src/nexmon/ - name: install new firmware (bcm43455c0) copy: src: /usr/local/src/nexmon/patches/bcm43455c0/7_45_206/nexmon/brcmfmac43455-sdio.bin dest: /usr/lib/firmware/brcm/brcmfmac43455-sdio.bin - name: backup original driver copy: src: "/usr/lib/modules/{{ kernel.full }}/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz" dest: "/usr/lib/modules/{{ kernel.full }}/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko.xz.orig" - name: copy modified driver copy: src: "/usr/local/src/nexmon/patches/driver/brcmfmac_{{ kernel.min }}.y-nexmon/brcmfmac.ko" dest: "/usr/lib/modules/{{ kernel.full }}/kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko" - name : load brcmfmac drivers command: "/sbin/depmod -a {{ kernel.full }}" # To shrink the final image, remove the nexmon directory (takes 2.5G of space) post build and installation - name: Delete nexmon content & directory file: state: absent path: /usr/local/src/nexmon/ - name: Create custom plugin directory file: path: /usr/local/share/pwnagotchi/custom-plugins/ state: directory - name: clone pwnagotchi repository git: repo: https://github.com/jayofelony/pwnagotchi.git dest: /usr/local/src/pwnagotchi register: pwnagotchigit - name: create /usr/local/share/pwnagotchi/ folder file: path: /usr/local/share/pwnagotchi/ state: directory - name: build pwnagotchi wheel command: "python3 setup.py sdist bdist_wheel" args: chdir: /usr/local/src/pwnagotchi when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version) - name: install pwnagotchi wheel and dependencies pip: name: "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}" extra_args: "--no-cache-dir" when: (pwnagotchigit.changed) or (pip_packages['pwnagotchi'] is undefined) or (pip_packages['pwnagotchi'] != pwnagotchi_version) - name: remove pwnagotchi folder file: state: absent path: /usr/local/src/pwnagotchi # Install go-1.20.6 - name: Install go-1.21 unarchive: src: https://go.dev/dl/go1.21.1.linux-arm64.tar.gz dest: /usr/local remote_src: yes register: golang - name: Update .bashrc for go-1.21 blockinfile: dest: /home/pi/.bashrc state: present block: | export GOPATH=$HOME/go export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin when: golang.changed - name: download pwngrid 1.10.4 git: repo: https://github.com/jayofelony/pwngrid.git dest: /usr/local/src/pwngrid register: pwngrid - name: install pwngrid 1.10.4 shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install" args: executable: /bin/bash chdir: /usr/local/src/pwngrid when: pwngrid.changed - name: remove pwngrid folder file: state: absent path: /usr/local/src/pwngrid - name: download bettercap v2.32.1 git: repo: https://github.com/jayofelony/bettercap.git dest: /usr/local/src/bettercap register: bettercap - name: Install bettercap v2.32.1 shell: "export GOPATH=$HOME/go && export PATH=/usr/local/go/bin:$PATH:$GOPATH/bin && go mod tidy && make && make install" args: executable: /bin/bash chdir: /usr/local/src/bettercap when: bettercap.changed - name: remove bettercap folder file: state: absent path: /usr/local/src/bettercap - name: clone bettercap caplets git: repo: https://github.com/jayofelony/caplets.git dest: /tmp/caplets register: capletsgit - name: install bettercap caplets make: chdir: /tmp/caplets target: install when: capletsgit.changed - name: download and install bettercap ui unarchive: src: "{{ packages.bettercap.ui }}" dest: /usr/local/share/bettercap/ remote_src: yes mode: 0755 - name: add HDMI powersave to rc.local blockinfile: path: /etc/rc.local insertbefore: "exit 0" block: | if ! /opt/vc/bin/tvservice -s | egrep 'HDMI|DVI'; then /opt/vc/bin/tvservice -o fi - name: create /etc/pwnagotchi folder become_user: root file: path: /etc/pwnagotchi state: directory - name: check if user configuration exists become_user: root stat: path: /etc/pwnagotchi/config.toml register: user_config - name: create /etc/pwnagotchi/config.toml become_user: root copy: dest: /etc/pwnagotchi/config.toml content: | # Add your configuration overrides on this file any configuration changes done to default.toml will be lost! # Example: # ui.display.enabled = true # ui.display.type = "waveshare_2" when: not user_config.stat.exists - name: enable ssh on boot become_user: root file: path: /boot/ssh state: touch - name: adjust /boot/config.txt become_user: root lineinfile: dest: /boot/config.txt insertafter: EOF line: '{{ item }}' with_items: "{{system.boot_options}}" - name: adjust /etc/modules become_user: root lineinfile: dest: /etc/modules insertafter: EOF line: '{{ item }}' with_items: "{{system.modules}}" - name: change root partition become_user: root replace: dest: /boot/cmdline.txt backup: no regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+" replace: "root=/dev/mmcblk0p2" - name: configure /boot/cmdline.txt become_user: root lineinfile: path: /boot/cmdline.txt backrefs: True state: present backup: no regexp: '(.*)$' line: '\1 modules-load=dwc2,g_ether' - name: Add pwnlog alias lineinfile: dest: /home/pi/.bashrc line: "\nalias pwnlog='tail -f -n300 /var/log/pwn*.log | sed --unbuffered \"s/,[[:digit:]]\\{3\\}\\]//g\" | cut -d \" \" -f 2-'" insertafter: EOF - name: Add pwnver alias lineinfile: dest: /home/pi/.bashrc line: "\nalias pwnver='python3 -c \"import pwnagotchi as p; print(p.__version__)\"'" insertafter: EOF - name: download old libpcap packages get_url: url: "http://ports.ubuntu.com/pool/main/libp/libpcap/{{ item }}" dest: /usr/local/src/ with_items: "{{ packages.apt.downgrade }}" - name: install old libpcap packages become_user: root apt: force: True state: present deb: "/usr/local/src/{{ item }}" with_items: "{{ packages.apt.downgrade }}" register: libpcap - name: remove old libpcap files become_user: root file: path: "/usr/local/src/{{ item }}" state: absent with_items: "{{ packages.apt.downgrade }}" - name: add firmware packages to hold become_user: root dpkg_selections: name: "{{ item }}" selection: hold with_items: "{{ packages.apt.hold }}" when: libpcap.changed - name: disable unnecessary services become_user: root systemd: name: "{{ item }}" state: stopped enabled: no with_items: "{{ services.disable }}" - name: enable services become_user: root systemd: name: "{{ item }}" enabled: true state: stopped with_items: "{{ services.enable }}" - name: remove ssh keys become_user: root file: state: absent path: "{{ item }}" with_fileglob: - "/etc/ssh/ssh_host*_key*" - name: remove unnecessary apt packages become_user: root apt: name: "{{ packages.apt.remove }}" state: absent purge: yes - name: clean apt cache become_user: root apt: autoclean: true - name: remove dependencies that are no longer required become_user: root apt: autoremove: yes handlers: - name: reload systemd services become_user: root systemd: daemon_reload: yes