A self-contained field cyberdeck on a ClockworkPi uConsole (Raspberry Pi Compute Module 5). One platform — web UI, terminal UI, and an on-device AI operator — over a single API, behind a hard engagement-scope gate and a signed audit trail. Designed to run dark: offline, on battery, over LoRa mesh.
01 // not "a Pi with Kali on it"
A web UI, an Ink terminal UI, and an AI chat operator all speak to the same FastAPI backend. One source of truth for state, scope, and audit.
Offense is inert until an operator arms a scoped engagement. Scope is enforced at execution time; out-of-scope is refused + logged; a kill switch reaches every queue.
Every audit record is emitted as an Ed25519 / did:web attestation a third party can verify offline — proof of conduct without having to trust the deck.
02 // what it can do
17 backend modules across red, blue, radio, and platform domains — offensive operations are engagement-gated; defensive and recon tooling runs for own-network monitoring.
| Domain | Capability |
|---|---|
| Wireless recon | AP/client discovery, channel survey, handshake & PMKID capture (aircrack-ng, hcxdumptool) on a MediaTek MT7961 in monitor mode |
| Wireless offense | gated — deauth, evil-twin & karma (airbase-ng), WPS (reaver / bully) |
| Wireless IDS | Kismet-driven rogue-AP / evil-twin / deauth-flood detection → live alert pager |
| Network | ARP & port scanning, baseline + diff change-detection (ARP-spoof / new-host alerts) |
| SDR | RTL-SDR receive; ADS-B aircraft map (43-field intel) live over the bus; RF capture / replay / analyze — transmit hard-gated |
| Mesh / comms | Meshtastic / LoRa SX1262 off-grid messaging; u-blox GPS with PPS time discipline |
| Server audit | nmap-vuln, nikto, lynis, SSH-config review (remote targets gated; secrets env-passed, never logged) |
| Cracking | managed hashcat queue; auto-converts captures to .hc22000 (hcxpcapngtool) |
| AI operator | WaRL0c — on-device assistant that guides an engagement and can drive in-scope ops |
03 // the build — build-your-own
Documented to the bill-of-materials and the wiring. You assemble it, you understand every layer. This is not a product you buy.
| Component | Detail |
|---|---|
| Chassis | ClockworkPi uConsole (handheld — keyboard, LCD, battery) |
| Compute | Raspberry Pi Compute Module 5, 8 GB RAM |
| Storage | 4 TB NVMe (Samsung 990 EVO Plus) — boots from NVMe |
| Expansion | Hacker Gadgets AIO V2 — RTL-SDR + LoRa SX1262 + GPS/PPS + PCF85063A RTC + USB 3.0 + RJ45 |
| Wi-Fi (attack) | MediaTek MT7961 USB — monitor mode + injection |
| SDR | RTL2838 (RX) on the AIO; HackRF for TX / replay |
| OS | Debian 13 (trixie), aarch64, kernel 6.12 |
AIO V2 power rails are enabled at boot via GPIO (SDR 7, GPS 27, LoRa 16, internal-USB 23, PPS 6); the staged build playbook brings up each subsystem with a health probe, so a build is verified, not assumed.
04 // software on the deck
| Tool | Role |
|---|---|
| kismet | wireless IDS / capture |
| aircrack-ng | wifi recon / attack suite |
| hcxdumptool / hcxtools | PMKID / handshake + conversion |
| hashcat | offline cracking |
| reaver / bully | WPS |
| nmap / nikto / lynis | scanning + hardening audit |
| bettercap | network recon / MITM |
| rtl-sdr / hackrf / soapysdr | SDR rx / tx |
| meshtasticd / gpsd / chrony | mesh + GPS + time |
| Layer | Built with |
|---|---|
| Backend | Python 3.11+ · FastAPI · Uvicorn · Pydantic v2 · SQLAlchemy |
| Crypto / audit | cryptography (Ed25519) · rfc8785 (JCS) for signed AAR records |
| Web UI | React · Vite · Leaflet (dark theme) |
| Terminal UI | Ink (TypeScript) — 16 screens, console or SSH |
| AI operator | PI agent libs + an OpenAI-compatible provider, key local to the deck |
05 // the safety model
06 // see it running
Real screens from a running Warlock OS deck — one web UI, one terminal UI, and an on-device AI operator, all over the same gated API.
