{"id":24607390,"url":"https://github.com/redteampentesting/remarkable-encryption","last_synced_at":"2025-05-05T21:49:14.292Z","repository":{"id":137160112,"uuid":"369504474","full_name":"RedTeamPentesting/remarkable-encryption","owner":"RedTeamPentesting","description":"A document encryption solution for the reMarkable 2 ePaper tablet.","archived":false,"fork":false,"pushed_at":"2023-03-24T14:38:38.000Z","size":42,"stargazers_count":55,"open_issues_count":1,"forks_count":6,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-31T00:06:06.517Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedTeamPentesting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-21T10:52:57.000Z","updated_at":"2024-12-22T00:38:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"8dc7be35-c8e2-425e-9027-c14ea55ab480","html_url":"https://github.com/RedTeamPentesting/remarkable-encryption","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fremarkable-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fremarkable-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fremarkable-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedTeamPentesting%2Fremarkable-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedTeamPentesting","download_url":"https://codeload.github.com/RedTeamPentesting/remarkable-encryption/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252583095,"owners_count":21771787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-24T17:36:56.080Z","updated_at":"2025-05-05T21:49:14.285Z","avatar_url":"https://github.com/RedTeamPentesting.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Remarkable 2 Encryption\n\nThis repository contains multiple tools to encrypt the home folder of the\nreMarkable 2 epaper tablet using\n[`gocryptfs`](https://github.com/rfjakob/gocryptfs). Detailed background\ninformation can be found in the accompanying [blog\npost](https://blog.redteam-pentesting.de/2021/remarkable-encryption/).\n\n# Disclaimer\n\nThis project is considered experimental and it cannot be guaranteed that the\ndevice will not be bricked as a result of this setup. The project and the\ntoolchain in this repository were tested on the reMarkable 2 firmware version\n`3.2.3.1595`. If a different firmware version is used, the commit hash\n(`FRAMEBUFFER_COMMIT`) in the `Makefile` has to be updated to a\n[remarkable2-framebuffer](https://github.com/ddvk/remarkable2-framebuffer)\ncommit that supports the chosen firmware version. Otherwise, the toolchain\nlikely produces a crashing passphrase prompt application. In this case, the\ndevice can be unlocked by providing the passphrase via USB network connection:\n\n```bash\n# the actual IP addres may differ\necho 'yourpassphrase' | nc 10.11.99.1 1234\n```\n\nIn some cases, the GUI (`xochitl`) will start rendering on a dark background\ncausing graphics glitches right after entering the crytpo passphrase. This can\nbe fixed by provoking a full screen refresh for example by opening a document.\n\n# Build\n\nThis project is meant to be build using the [toltec v2.x\ntoolchain](https://github.com/toltec-dev/toolchain/tree/v2.x). However, as this\nproject contains Qt and Go builds, no single `toltec` Docker image can compile\nthe whole project. Instead, this project contains a `Dockerfile` which is based\non the `toltec` Qt `Dockerfile` and adds Go 1.20, `git` and `wget`.\n\n```bash\ndocker build -t remarkable-crypto-toolchain .\ndocker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/project remarkable-crypto-toolchain make\n```\n\nAlternatively, the components of this project can be built separately with the\nofficial `toltec` Docker images and the corresponding `Makefile` targets\n(`dist_go` with the `golang` image, `dist_qt` with the `qt` image and\n`dist_rest` in any environment with `wget`, `ar`, `tar` and `sha256sum`\ninstalled).\n\n# Deployment\n\nAfter building the project, the directory structure has to be created on the\nreMarkable 2:\n\n```bash\n# on reMarkable 2\nmkdir -p /home/crypto/bin /home/crypto/fs /home/crypto/lib\n```\n\nThe contents of the `dist` folder are replicated on the reMarkable:\n\n```bash\n# on build system\nscp dist/home/crypto/bin/* remarkable:/home/crypto/bin/\nscp dist/home/crypto/lib/* remarkable:/home/crypto/lib/\nscp dist/etc/systemd/system/cryptodaemon.service remarkable:/etc/systemd/system/\nscp dist/etc/systemd/system/framebufferserver.service remarkable:/etc/systemd/system/\n```\n\nThe setup can then be completed on the reMarkable:\n\n```bash\n# on reMarkable 2\nchmod u+x /home/crypto/bin/*\nPATH=/home/crypto/bin gocryptfs -init /home/crypto/fs\nsystemctl daemon-reload\n\n# WARNING: after the next step, xochitl (on plaintext home directory)\n# won't start by default anymore\nsystemctl mask xochitl --now\n\n# after this step the screen will become blank\nsystemctl enable framebufferserver --now\n\n# WARNING: After entering the password, xochitl will start with the\n# encrypted filesystem which is still empty. This means that the\n# device setup starts again and A NEW SSH PASSPHRASE IS SET.\nsystemctl enable cryptodaemon --now\n```\n\n# Contributions\n\nWe are happy to receive contributions in the form of issues or pull requests.\nHowever, the scope of this project remains limited to our usecase. This means\nthat only new features that suit this usecase are added. For different needs or\nif your threat model differs, feel free to fork this project.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fremarkable-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredteampentesting%2Fremarkable-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredteampentesting%2Fremarkable-encryption/lists"}