oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added spaces between images so it is easier to read

Browse source
This commit is contained in:
prism_breaker 2025-02-23 11:17:47 +00:00
parent 840d673bee
commit 8ac513e602
1 changed files with 40 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

41
opsec/sensitivevm/index.html
View file

@ -89,6 +89,8 @@
<p>First of all as you have seen, the requirement is that we do this setup from the Host OS, in <a href="../livemode/index.html">live mode</a>. That is because we want to make sure that there is no forensic evidence to be saved on the system drive as we have explained <a href="../livemode/index.html">previously.</a> </p>
<img src="../livemode/4.png" class="imgRz">
<p></p>
<p>While in Live mode we can't write anything new on the system disk (such as the system logs, kernel logs, non-standard logs) <b>which can all be potential forensic evidence that the hidden volume exists</b>. Instead, everything is written into RAM, and we can easily erase all of those contents with a simple reboot. While in live mode however, we can write to non-system drives, which is where we will setup a big enough veracrypt volume to store the Whonix VMs that we will use for long-term sensitive use.</p>
</div>
</div><!-- /row -->
@ -104,6 +106,7 @@
<p>So before we start, make sure you reboot the Host OS to go into live mode</p>
<img src="../deniability/7.png" class="imgRz">
<p></p>
<p> <b>or boot from a usb stick that has a debian live image if you are in the usecase where the adversary can't be told you are using kicksecure packages</b>:</p>
<img src="../livemode/9.png" class="imgRz">
@ -135,29 +138,53 @@ nothing@debian:~$ veracrypt
<p>And now that we did the post-live-boot initial setup, we can start to setup our veracrypt volumes on our 500Gb harddrive:</p>
<img src="2.png" class="imgRz">
<p></p>
<img src="3.png" class="imgRz">
<p></p>
<p>Here we're using a non-system drive, as we want to be able to store our veracrypt hidden volume contents in a persistent manner, accross reboots. (if we were to have the veracrypt volume on the system drive, it would be wiped off upon rebooting since the Host OS is in live mode.)</p>
<p></p>
<img src="4.png" class="imgRz">
<p></p>
<img src="5.png" class="imgRz">
<p></p>
<img src="6.png" class="imgRz">
<p></p>
<img src="7.png" class="imgRz">
<p></p>
<img src="8.png" class="imgRz">
<p></p>
<img src="9.png" class="imgRz">
<p></p>
<img src="10.png" class="imgRz">
<p></p>
<img src="11.png" class="imgRz">
<p></p>
<p>And in our veracrypt outer (decoy) volume, we're going to setup the veracrypt inner (hidden) volume, and set it to be 250Gb big:</p>
<p></p>
<img src="12.png" class="imgRz">
<p></p>
<img src="13.png" class="imgRz">
<p></p>
<img src="14.png" class="imgRz">
<p></p>
<img src="15.png" class="imgRz">
<p></p>
<img src="16.png" class="imgRz">
<p></p>
<img src="17.png" class="imgRz">
<p></p>
<img src="18.png" class="imgRz">
<p></p>
<img src="19.png" class="imgRz">
<p></p>
<img src="20.png" class="imgRz">
<p></p>
<p>Now that the vercarypt volume has been setup, to highlight the mechanism, for the same harddrive, you have 2 passwords. Password A opens up the decoy volume, and Password B (which must remains secret, only to be known by you) opens up the hidden volume:</p>
<p></p>
<img src="21.png" class="imgRz">
<p></p>
<img src="22.png" class="imgRz">
<p></p>
<img src="23.png" class="imgRz">
</div>
@ -328,6 +355,7 @@ Domain 'Whonix-Workstation' defined from Whonix-Workstation.xml
</pre></code>
<p>From there you'll see that the Whonix VMs are imported:</p>
<img src="27.png" class="imgRz">
<p></p>
<p>And now to remove them you can just run the same script again:</p>
<pre><code class="nim">
[ nowhere ] [ /dev/pts/1 ] [/mnt/veracrypt1]
@ -376,8 +404,10 @@ Network Whonix-Internal has been undefined
</pre></code>
<p>Now first dismount the hidden volume:</p>
<img src="28.png" class="imgRz">
<p></p>
<p>And then mount the decoy volume:</p>
<img src="21.png" class="imgRz">
<p></p>
<p>In the decoy volume, we want content that makes sense to be kept hidden in an encrypted volume while still not being considered as sensitive (meaning nothing that can get you into trouble like adult content, or movies that you pirated):</p>
<pre><code class="nim">
[ nowhere ] [ /dev/pts/1 ] [/mnt]
@ -398,6 +428,7 @@ lost+found
</code></pre>
<img src="29.png" class="imgRz">
<p></p>
<p>So in this example we're going to pretend we have pirated some movies and got some adult content, that way we have an excuse as to why we have an encrypted veracrypt volume if ever forced by an adversary. We then create the script.sh which will basically be used to kill the media player window:</p>
<pre><code class="nim">
[ nowhere ] [ /dev/pts/1 ] [/mnt/veracrypt1]
@ -636,22 +667,29 @@ nihilist@mainpc:~$ scp shutdown.sh root@65.109.30.253:/root/sensitive_scripts/sh
<p>As stated before, this part is relevant only if you are in the usecase where veracrypt remains installed on the host OS outside of live mode. You can skip that part if you are keeping veracrypt installed only in live mode.</p>
<p>So first we open the veracrypt, and open the decoy volume:</p>
<img src="21.png" class="imgRz">
<p></p>
<img src="22.png" class="imgRz">
<p></p>
<p>Then we open VLC, and we hit "Open file" and browse to our non-sensitive files:</p>
<img src="33.png" class="imgRz">
<p></p>
<img src="34.png" class="imgRz">
<p></p>
<p>Then suddenly someone busts your front door, and you quickly press <b>"Super+R"</b> the VLC window immediately closes, followed by the closure of the veracrypt volume, and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).</p>
<img src="" class="imgRz">
<p>And that's it ! if the adversary didnt get to your desk by the time you pressed the shortcut, he didnt get to see the content you were playing on your monitor. </p>
<h2><b>Hidden Volume Scenario (using the sensitive VM)</b></h2>
<p>Now to test emergency shutdown on the hidden volume side, we first open the hidden volume:</p>
<img src="23.png" class="imgRz">
<p></p>
<img src="24.png" class="imgRz">
<p></p>
<p>Once the hidden volume is mounted, we hit <b>"Super+V"</b> to quickly setup the whonix VMs:</p>
<img src="38.png" class="imgRz">
<p></p>
<p>And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit <b>"Ctrl+Alt"</b> to focus out of the VM, and then you hit <b>"Super+R"</b> to trigger the emergency shutdown:</p>
<img src="42.png" class="imgRz">
<p></p>
<p>Here it also only takes approximately 4 seconds after pressing <b>"Super+R"</b> to have the VMs removed, the veracrypt volume closed, and your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM that it contains.</p>
<p>And that's it ! You now have a Sensitive VM ready to be used, and you have implemented the necessary measures to protect the deniability of it's existance, from an adversary.</p>
</div>
@ -669,6 +707,7 @@ nihilist@mainpc:~$ scp shutdown.sh root@65.109.30.253:/root/sensitive_scripts/sh
<p>With this setup, you have deniability the moment that the Host OS finishes shutting down, regarding the existance of the veracrypt hidden volume, and the whonix sensitive VMs that are in it. <b>Meaning that it is impossible for an adversary that seizes your computer to prove the existance of the Whonix Sensitive VMs after the Host OS finished shutting down.</b></p>
<p>If you leave veracrypt and shutdown.sh on the host OS, below is all an adversary will be able to see , if he were to seize your laptop after you manage to shut it down:</p>
<img src="40.png" class="imgRz">
<p></p>
<p>Of course, if you are ever forced to, <b>ONLY give your decoy password to the adversary.</b> The existance of the hidden volume, and of the secret password thats used to reveal it must remain a secret at all costs, it must remain known only by you.</p>
<p>If you are ever dragged into court, <b>the judge will appreciate much more if you actually hand over your laptop, and show that you are willing to cooperate with the authorities by providing your password to unlock it</b>, rather than starting to pretend you forgot your password (which can end badly like in <a href="https://lawblog.legalmatch.com/2018/07/23/florida-man-jailed-allegedly-forgetting-password-on-cell-phones/">this court case</a>, where the defendant was found to be in contempt of court, and thrown in jail for 6 months for it). </p>
<p>If ever asked by the authorities on why you used veracrypt in your laptop, you can simply claim that it was to put your stash of adult content in it. Nothing incriminating about it, and it is plausible given that you dont want that laying around on your desktop, due to being of a private matter.</p>