oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

updated deniability tutorials

Browse source
This commit is contained in:
nihilist 2024-11-17 21:26:32 +01:00
parent b6e810047d
commit 48096306fc
8 changed files with 91 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
opsec/livemode/5.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 180 KiB

BIN
opsec/livemode/6.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 51 KiB

44
opsec/livemode/index.html
View file

@ -228,7 +228,6 @@ this is a test file written from live mode, into a non-system drive!
<p>Then we simply reboot the host OS into regular non-live mode to check if our first test file on the system drive is gone, and if the second test file on the non-system drive has been effectively saved:</p>
<img src="2.png" class="imgRz">
<img src="" class="imgRz">
<p>And then we check that the first test file we created in the system drive is effectively not there anymore:</p>
<pre><code class="nim">
nothing@debian-tests:~$ lsblk
@ -257,6 +256,49 @@ this is a test file written from live mode, into a non-system drive!
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Emergency Shutdown Script</b></h2> </br> </br>
<p>Now in order to make sure we can shutdown the Host OS quickly, we need to have an emergency shutdown script, that can be ran by a non-root user in order to immediately shutdown the Host OS whenever we need it.</p>
<p>First we need to make sure the user is able to run the shutdown command:</p>
<pre><code class="nim">
nothing@debian:~$ su -
Password:
root@debian:~# visudo
[...]
nothing ALL=NOPASSWD:/sbin/shutdown
nothing ALL=NOPASSWD:/sbin/reboot
[...]
</pre></code>
<p>Then we create a simple shutdown.sh script:</p>
<pre><code class="nim">
nothing@debian:~$ vim shutdown.sh
nothing@debian:~$ cat shutdown.sh
#!/bin/bash
/sbin/shutdown -h now
nothing@debian:~$ chmod +x shutdown.sh
</pre></code>
<p>Then, you need to hook it up to a shortcut, such as <b>Super+R</b>, i'm going to do it in Cinnamon as this is the Desktop Environment i use:</p>
<img src="5.png" class="imgRz">
<img src="6.png" class="imgRz">
<p>And thats it! you now you have a shortcut that you can use to immediately shutdown the Host OS.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">

BIN
opsec/sensitivevm/0.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 177 KiB

After

Width:  |  Height:  |  Size: 363 KiB

Before After
Before After

BIN
opsec/sensitivevm/41.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
opsec/sensitivevm/42.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 374 KiB

52
opsec/sensitivevm/index.html
View file

@ -539,8 +539,50 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<p>So basically from here, if you are not in a QEMU VM, you simply need to hit the shortcut <b>"SUPER+R"</b>.</p>
<p>If you are focused in a QEMU VM, you need to do <b>"Ctrl+Alt"</b> (to focus out of the QEMU VM), and then <b>"SUPER+R"</b> to run the wipe.sh script from the Host OS.</p>-->
<img src="37.png" class="imgRz">
<p>Now we're setting up the shortcut <b>"Super+V"</b> to run the <b>/mnt/veracrypt1/script.sh</b> script just so it is quicker to setup the whonix VMs when inside the veracrypt hidden volume. Now to shut down the Host OS, there is already a default cinnamon shortcut which is <b>"Ctrl+Alt+End"</b>.</p>
<p>Now we're setting up the shortcut <b>"Super+V"</b> to run the <b>/mnt/veracrypt1/script.sh</b> script just so it is quicker to setup the whonix VMs when inside the veracrypt hidden volume.</p>
<img src="36.png" class="imgRz">
<p> Now in order to shut down the Host OS, as we have explained <a href="../livemode/index.html">previously</a>, we need to have the emergency shutdown bashscript script:</p>
<pre><code class="nim">
nihilist@mainpc:~$ su -
Password:
root@mainpc:~# visudo
[...]
nihilist ALL=NOPASSWD:/sbin/shutdown
[...]
nihilist@mainpc:~$ vim shutdown.sh
nihilist@mainpc:~$ cat shutdown.sh
#!/bin/bash
/sbin/shutdown -h now
nihilist@mainpc:~$ chmod +x shutdown.sh
</pre></code>
<p>However we're going to edit it a bit to run the script.sh, along with closing down the veracrypt volumes before shutting down the Host OS, so we need to edit the shutdown.sh script as follows:</p>
<pre><code class="nim">
nihilist@mainpc:~$ cat shutdown.sh
#!/bin/bash
# run script.sh
/mnt/veracrypt1/script.sh
# unmount veracrypt volumes
/usr/bin/veracrypt -d -f
# kill veracrypt after unmounting
kill $(pidof veracrypt)
# shutdown the host OS
/sbin/shutdown -h now
</pre></code>
<p>Then, we need to make sure that the shutdown.sh script can be ran with the <b>"Super+R"</b> shortcut:</p>
<img src="41.png" class="imgRz">
<p>And we're now all setup! So let's try it out in both scenarios (from the decoy volume, and from the hidden volume):</p>
</div>
</div><!-- /row -->
@ -560,7 +602,7 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<p>Then we open VLC, and we hit "Open file" and browse to our non-sensitive files:</p>
<img src="33.png" class="imgRz">
<img src="34.png" class="imgRz">
<p>Then suddenly someone busts your front door, and you quickly press <b>"Super+V"</b> the VLC window immediately closes, and then <b>"Ctrl+Alt+End"</b> and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).</p>
<p>Then suddenly someone busts your front door, and you quickly press <b>"Super+R"</b> the VLC window immediately closes, followed by the closure of the veracrypt volume, and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).</p>
<img src="" class="imgRz">
<p>And that's it ! if the adversary didnt get to your desk by the time you pressed the shortcut, he didnt get to see the content you were playing on your monitor. </p>
@ -570,9 +612,9 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<img src="24.png" class="imgRz">
<p>Once the hidden volume is mounted, we hit <b>"Super+V"</b> to quickly setup the whonix VMs:</p>
<img src="38.png" class="imgRz">
<p>And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit <b>"Ctrl+Alt"</b> to focus out of the VM, and then you hit <b>"Ctrl+Alt+End"</b> to trigger the emergency shutdown:</p>
<img src="39.png" class="imgRz">
<p>Here it also only takes approximately 4 seconds after pressing <b>"Ctrl+Alt+End"</b> to have your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM it contains.</p>
<p>And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit <b>"Ctrl+Alt"</b> to focus out of the VM, and then you hit <b>"Super+R"</b> to trigger the emergency shutdown:</p>
<img src="42.png" class="imgRz">
<p>Here it also only takes approximately 4 seconds after pressing <b>"Super+R"</b> to have the VMs removed, the veracrypt volume closed, and your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM that it contains.</p>
<p>And that's it ! You now have a Sensitive VM ready to be used, and you have implemented the necessary measures to protect the deniability of it's existance, from an adversary.</p>
</div>
</div><!-- /row -->

1
opsec/veracrypt/index.html
View file

@ -65,6 +65,7 @@
<img src="0.png" style="width:250px">
<p>VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. It is based on Truecrypt, This tool will be used for Plausible Deniability. </p>
<p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
<img src="../deniability/5.png" class="imgRz">
<b>DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling</b>
<pre><code class="nim">