|Steven Polley 4ba8936fb9||5 months ago|
|.gitignore||6 months ago|
|README.md||5 months ago|
|main.go||5 months ago|
Security solution for my storage locker. Deployed to a raspberry pi with an attached camera.
In mid-October 2020, my storage unit was broken into. This is going to be my method of collecting evidence and hopefully to identify the intruder. I'm also just trying to have fun with what is overall a bad situation for me. The major constraint for this project is it must be low power and there is no persistent communication channel to allow streaming video off premises (risk is intruder may discover and remove the storage device from the premises). Using some clever tricks, I may be able to mitigate this risk 90% of the time by keeping a phone hidden in my parked vehicle which syncs log and video data when my vehicle is parked in my parking stall? If it's possible to communicate up to my unit in some way, I could trigger some form of alarm in my unit when motion is detected in my storage area.
The raspberry pi is configured as a WLAN AP which my phone will connect to. My phone will also be running syncthing and have the RPI configured as a sync device. The phone will pull logs and videos taken from the RPI which have been saved to the sync folder each time my phone connects.
This isn't a foolproof method in case the intruder locates the RPI / camera and disables / destroys it / removes it. The data is still stored on the RPI until the next time I'm within proximity. This is an acceptable risk given the constraints, however if a better method is discovered to immediately store the data outside of the storage unit that would be preferred (something low powered sitting in my vehicle? )
Full steps to re-build this system are below.
sudo apt update && sudo apt upgrade -y sudo apt install vim hostapd dnsmasq golang
# Disable the rainbow splash screen disable_splash=1 # Disable bluetooth dtoverlay=pi3-disable-bt # Set the bootloader delay to 0 seconds. The default is 1s if not specified. boot_delay=0
Edit /boot/cmdline.txt to make kernel quiet. The following is an example, the key part is the quiet flag
dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=32e07f87-02 rootfstype=ext4 elevator=deadline fsck.repair=yes quiet rootwait
The RPI will act as an access point (not wireless client) using WPA2-Personal with both PSK and MAC authentication. It also needs to act as a DHCP server. The reason this is required is to provide a communication channel to collect data from the device. Once it's installed in the field, there will be no LAN connectivity and will rely on me passing by with my cell phone in pocket to periodically synchronize logs and video feed data - so the Pi must be configured to act as an access point which my phone will automatically connect to once in range.
Set a static IP for WLAN0 interface by editing /etc/dhcpcd.conf
interface wlan0 static ip_address 10.69.0.1/30 denyinterfaces wlan0
Next configure the sole DHCP address. You can clear the entire contents of /etc/dnsmasq.conf and just add the following:
Finally, configure host access point daemon by creating the file named /etc/hostapd/hostapd.conf
interface=wlan0 hw_mode=g channel=7 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=StealThisYouStupidCrackheads wpa_passphrase=PASSWORD
Be sure to change the password in the above config. We also need to point the system to this config file by modifying /etc/default/hostapd - only modify the DAEMON_CONF line as such:
# Original #DAEMON_CONF="" # Change it to this DAEMON_CONF="/etc/hostapd/hostapd.conf"
Finally, add the MAC address of phone to the whitelist by editing /etc/hostapd/accept
Also make sure the services are enabled and reboot
sudo systemctl enable hostapd sudo systemctl enable dnsmasq sudo reboot
Once it comes back up, ensure that phone will connect and gets an IP address. Also attempt to ping the Pi from the phone (or vice versa) to validate communication is possible.
Follow the steps to add the syncthing apt source and isntall it - https://apt.syncthing.net/
Then setup the sync folder
sudo mkdir /sync
Create the systemd unit file at /etc/systemd/system/syncthing.service
[Unit] Description=syncthing [Service] RunAs=pi ExecStart=/usr/bin/syncthing [Install] WantedBy=multi-user.target
And enable it, so it starts following a boot.
sudo systemctl enable syncthing.service sudo systemctl start syncthing.service
Setup syncthing to sync this folder with syncthing on my phone.
Now that the infrastructure is set up the last thing needed is the application itself. The RPI will run hot while building and may crash if at minimum passive cooling is not provided. This stage may take up to an hour. Clone this repository (right here, the one you're reading) onto the rpi and grab all the go packages with go get.
go get deadbeef.codes/steven/storage-security cd ~/go/src/deadbeef.codes/steven/storage-security go get cd ~/go/src/gocv.io/x/gocv make install cd ~/go/src/deadbeef.codes/steven/storage-security go build . sudo chown root:root storage-security sudo mv storage-security /usr/local/bin
Create a systemd service unit file at /etc/systemd/system/storage-security.service
[Unit] Description=storage-security [Service] RunAs=pi ExecStart=/usr/local/bin/storage-security [Install] WantedBy=multi-user.target
And enable it, so it starts following a boot.
sudo systemctl enable storage-security.service
You should be able to test it out to see if motion detection and capture to file is working. If phone is connected to RPI SSID, then the /sync folder should also come over with the logs and capture video files.