diff --git a/opsec/hide_monero/.$VM_setup.drawio.bkp b/opsec/hide_monero/.$VM_setup.drawio.bkp index fc59256..08c2ce8 100644 --- a/opsec/hide_monero/.$VM_setup.drawio.bkp +++ b/opsec/hide_monero/.$VM_setup.drawio.bkp @@ -19,7 +19,7 @@ - + @@ -42,14 +42,14 @@ - + - + diff --git a/opsec/hide_monero/6.png b/opsec/hide_monero/6.png new file mode 100644 index 0000000..c1fe42c Binary files /dev/null and b/opsec/hide_monero/6.png differ diff --git a/opsec/hide_monero/Donation.png b/opsec/hide_monero/Donation.png new file mode 100644 index 0000000..cbb99ad Binary files /dev/null and b/opsec/hide_monero/Donation.png differ diff --git a/opsec/hide_monero/VM_setup.drawio b/opsec/hide_monero/VM_setup.drawio index 08c2ce8..13e5a24 100644 --- a/opsec/hide_monero/VM_setup.drawio +++ b/opsec/hide_monero/VM_setup.drawio @@ -4,59 +4,58 @@ - - - - + - - + + - - + + - - + + - + + + + - + - - + + - - + + - + - + - - - - + + + - - + + - - - - - + + - - + + + + + diff --git a/opsec/hide_monero/VM_setup.png b/opsec/hide_monero/VM_setup.png index 6309d4c..561fa33 100644 Binary files a/opsec/hide_monero/VM_setup.png and b/opsec/hide_monero/VM_setup.png differ diff --git a/opsec/hide_monero/index.html b/opsec/hide_monero/index.html index 09e1038..db3efb9 100644 --- a/opsec/hide_monero/index.html +++ b/opsec/hide_monero/index.html @@ -95,6 +95,7 @@ $sudo virsh -c qemu:///system net-start default

Next create a veracrypt container on another storage device, with a big enough hidden volume according to the nihilism's tutorial

Reboot your host OS into live mode, live mode prevents any log or other traces be written to disk. This makes sure digital forensic cannot find out the existence of our private vm

In theory if you have done everything correctly according to previous tutorial, we should have a plausible deniability setup available. The private VM will store our decoy monero wallet. The sensitive VM will store our real monero wallet, which contains a lot of $$$ and might be legally questionable.

+

The veracrypt container allows you to deny the existence of sensitive VM

@@ -105,7 +106,7 @@ $sudo virsh -c qemu:///system net-start default
-

Sensitive VM setup



+

Sensitive VM and outer volume setup



First decrypt and mount your hidden veracrypt volume. Next setup Whonix gateway and workstation according to nihilism's tutorial.

You should have all the whonix VM files inside the container

@@ -151,6 +152,12 @@ fi

For how to acquire and use monero, consult the monero tutorial

The setup of sensitive VM is now done, use this VM only for sensitive monero transactions, if you want to have other darknet activities create another dedicated workstation.

+

+

Outer volume:

+

Next we will set up the outer volume, which will contains some decoys files that give you plausible deniability when someone forces you to open the veracrypt container

+

Mount the veracrypt outer volume, remember also to input the hidden volume password, since you do not want your hidden volume get destroyed!

+ +

Then download some pirate movies, celebrity leaked nudes and Biden's leaked email to it. Make your outer veracrypt volume spicy but not illegal.

@@ -163,16 +170,13 @@ fi

Private VM setup



-

Now we are going to set up our private VM, this part is going to differ from nihilism's tutorial. We are going to replicate another group of whonix workstation and gateway inside the outer veracrypt volume

-

We are going to have a decoy monero wallet, this wallet will have much less money in it, and all the transactions are charity related. If you have too much money in private VM, you can also pretend it is anonymous donation and move to your sensitive wallet.

- - -

Mount the veracrypt outer volume, remember also to input the hidden volume password, since you do not want your hidden volume get destroyed!

- - -

Repeat exactly what you have done in the previous section, import and setup the whonix VMs, and copy the management script to it.

-

Once done open up the workstation VM, download a monero wallet, and create a new wallet, save the seed to the local keepass database.

-

Occasionally open this private VM, and make some donations to open source project you like, so this VM is going to look like a legit active daily VM.

+

Then we are going to setup the decoy wallet, the decoy wallet is supposed to be in private VMs, if someone robs you at a gun point you are supposed to open this wallet

+

Architecturally it should look like this

+ +

Choose one of your private VM, download the monero wallet and generate a new wallet.

+ +

Buy something with it randomly, or donate some money to other open source projects.

+

Occasionally open this private VM and use this wallet, so this VM is going to look like a legit active daily VM.

@@ -184,8 +188,8 @@ fi

Emergency



Now we have come to the most important part, which is how to handle the situation when someone has raided your house

-

Situation one: Your computer is not power up, you can simply give adversary the outer volume password and deny the presence of hidden volume, and your sensitive activities will be safe

-

Situation two: Someone kicks the door when you are using the sensitive VM, you have to setup the emergency script and shortcut mentioned in nihilism's tutorial, test it multiple times to make sure it works!

+

Situation one: Your computer is not power up, you can simply give adversary the outer volume password and your decoy wallet, and deny the existence of sensitive VM.

+

Situation two: Someone kicks the door when you are using the sensitive VM, you have to setup the emergency script and shortcut mentioned in nihilism's tutorial, test it multiple times to make sure it works!

You have to make sure your computer can be shutdown properly. I personally prefer a PC than a laptop, since directly unplug the power is always more reliable than a software implementation.