{"id":26665436,"url":"https://github.com/elsehow/peerssh","last_synced_at":"2025-10-03T23:54:09.719Z","repository":{"id":76067820,"uuid":"52173128","full_name":"elsehow/peerssh","owner":"elsehow","description":"mad science using hopping codes","archived":false,"fork":false,"pushed_at":"2016-02-21T04:45:43.000Z","size":5,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-03T23:54:09.197Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elsehow.png","metadata":{"files":{"readme":"README.org","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-20T20:10:12.000Z","updated_at":"2018-09-24T15:50:08.000Z","dependencies_parsed_at":"2023-05-05T19:01:11.323Z","dependency_job_id":null,"html_url":"https://github.com/elsehow/peerssh","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/elsehow/peerssh","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2Fpeerssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2Fpeerssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2Fpeerssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2Fpeerssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elsehow","download_url":"https://codeload.github.com/elsehow/peerssh/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elsehow%2Fpeerssh/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278245378,"owners_count":25955015,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-03T02:00:06.070Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-25T17:37:11.109Z","updated_at":"2025-10-03T23:54:09.703Z","avatar_url":"https://github.com/elsehow.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"* peerssh\n** imagine we want to execute commands on a remote computer\n** but we don't want anyone else to be able to\n** complicating matters, this computer doesn't have a static hostname\n** and neither do we\n*** (a familiar problem to people who write malicious software, like randsomeware)\n** here i demonstrate a simple way to send a command over a publically accessible channel using a good PRNG \n* walk through basic idea of garage door opener\n** introduce how car garage door openers work\n*** output of a prng indistinguishable from noise\n*** even though output is deterministic given a seed\n**** if this seems like a contradiction to you, refer to []\n** show our basic implementation in js\n* DONE coordinating an action over a public channel\nCLOSED: [2016-02-20 Sat 20:39]\n** TODO introduce indra\n*** [[https://github.com/berkeley-biosense/indra-server][indra server]] on github\n*** TODO it's running at this address\n#+BEGIN_SRC js :tangle pubsub-host-config.js\nmodule.exports = \"http://indra.webfactional.com\"\n#+END_SRC\nyeah, yeah, it's not using https... well, we shouldn't really have to run https! cryptographically secure and all that\n*** it's very simple - it takes subscribers over web sockets\n*** and accepts post requests over this route\n**** the =key= field in json post relates to client subscription\n**** essentially the channel the message is published on \n** DONE receiver\nCLOSED: [2016-02-20 Sat 20:37]\n#+BEGIN_SRC js :tangle receiver.js\n'use strict';\n\n// parse command line opts\nvar argv = require('minimist')(process.argv.slice(2))\n// host uri for pubsub server\nvar host = require('./pubsub-host-config.js')\n\n// takes a seed -s and a start index -i over the command line\nvar garagedoor = require('garage-door-opener')\n// the sender is responsible for generating codes\nvar receiver = garagedoor.receiver(argv.s, argv.i)\n\n// connect to socket server\nvar socket = require('socket.io-client')(host)\nsocket.on('connect', () =\u003e {\n  socket.on('public-channel', (msg) =\u003e {\n    if (receiver.check(msg.key))\n      console.log('key ok!', msg)\n    else\n      console.log('key not ok!', msg)\n  })\n  console.log('listening for commands')\n})\n#+END_SRC\n*** TODO test simple config\n*** TODO test listening to different channels\n*** TODO test exec-ing commands\n** DONE sender\nCLOSED: [2016-02-20 Sat 20:37]\n#+BEGIN_SRC js :tangle sender.js\n  'use strict';\n\n  var split = require('split')\n  // parse command line opts\n  var argv = require('minimist')(process.argv.slice(2))\n  // host uri for pubsub server\n  var host = require('./pubsub-host-config.js')\n\n  // takes a seed -s and a start index -i over the command line\n  var garagedoor = require('garage-door-opener')\n  // the sender is responsible for generating codes\n  var sender = garagedoor.sender(argv.s, argv.i)\n\n  // a client for sending messages to the listener\n  var client = require('request-json')\n                 .createClient(host)\n\n  // posts a message with our sender key\n  function post (cmd) {\n    var payload = { \n      type: 'public-channel', // the public channel on which we're broadcasting\n      key: sender.next(),     // our new key\n      eval: cmd.toString()\n    }\n    client.post('/', payload, (err, res, body) =\u003e {\n      if (err)\n        console.log('ERR!', err)\n      else\n        console.log('posted')\n    })\n  }\n\n  // post data whenever user presses return \n  process.stdin.pipe(split()).on('data', post)\n#+END_SRC\n*** script loads config and listens to stdin\n*** splits stdin on newline and posts each bit as a command\n*** subscribes to responses\n*** =req.pipe(process.stdout)=\n* running shell commands over a public channel\n* authenticating a peer relationship over a public channel\n* peerscp\n** generating 2 binaries - a receiver and a sender\n** distributing them - to be kept secret, like a key\n** note that you can replicate the sender - authenticate multiple computers\n* cracking peerssh\n** forced to do a very long exhaustive search\n*** can simulate this / talk about complexity\n* limitations\n** no ssh\n** no encryption in response\n** tradeoffs between lookahead and security?\n* implications\n** perfect for your botnet or randsomeware\n** demonstrates the elegant simplicty of a rolling code\n*** and the nice propreties of a good PRNG\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felsehow%2Fpeerssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felsehow%2Fpeerssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felsehow%2Fpeerssh/lists"}