In this tutorial I will show an setup how to hide your monero wealth, with plausible deniability provided by veracrypt
We need a environment very similar to Nihilism's private + sensitive vm setup, so be familiar with it before continuing. Some details mentioned in the previously tutorial will be omitted here.
According to the nihilism's tutorial, first install your kicksecure or debian host OS. Once you have done installing your host OS, start it in persistent mode first for setting up qemu/kvm
First install all the necessary software
$sudo apt-get update; sudo apt install --no-install-recommends qemu-kvm qemu-system-x86 libvirt-daemon-system libvirt-clients virt-manager gir1.2-spiceclientgtk-3.0 dnsmasq-base qemu-utils iptables safe-rm xz-utils
Next run some necessary configuration
$sudo adduser "$(whoami)" libvirt
$sudo adduser "$(whoami)" kvm
$sudo systemctl restart libvirtd
$sudo virsh -c qemu:///system net-autostart default
$sudo virsh -c qemu:///system net-start default
Next create a veracrypt container on another storage device, with a big enough hidden volume according to the nihilism's tutorial
Reboot your host OS into live mode, live mode prevents any log or other traces be written to disk. This makes sure digital forensic cannot find out the existence of our private vm
In theory if you have done everything correctly according to previous tutorial, we should have a plausible deniability setup available. The private VM will store our decoy monero wallet. The sensitive VM will store our real monero wallet, which contains a lot of $$$ and might be legally questionable.
First decrypt and mount your hidden veracrypt volume. Next setup Whonix gateway and workstation according to nihilism's tutorial.
Once you have done setup the Whonix vms inside the sensitive VM, copy this script so you do not need to manually define the VMs everytime rebooted.
#!/bin/bash
if [ $(virsh -c qemu:///system list --all | grep Whonix | wc -l) -ne 0 ];
then
# if the VMs are imported, remove them:
virsh -c qemu:///system destroy Whonix-Gateway
virsh -c qemu:///system destroy Whonix-Workstation
virsh -c qemu:///system undefine Whonix-Gateway
virsh -c qemu:///system undefine Whonix-Workstation
virsh -c qemu:///system net-destroy Whonix-External
virsh -c qemu:///system net-destroy Whonix-Internal
virsh -c qemu:///system net-undefine Whonix-External
virsh -c qemu:///system net-undefine Whonix-Internal
else
# if the VMs are not imported, import them:
virsh -c qemu:///system net-define /mnt/veracrypt1/Whonix-external.xml
virsh -c qemu:///system net-define /mnt/veracrypt1/Whonix-internal.xml
virsh -c qemu:///system net-autostart Whonix-External
virsh -c qemu:///system net-start Whonix-External
virsh -c qemu:///system net-autostart Whonix-Internal
virsh -c qemu:///system net-start Whonix-Internal
virsh -c qemu:///system define /mnt/veracrypt1/Whonix-Gateway.xml
virsh -c qemu:///system define /mnt/veracrypt1/Whonix-Workstation.xml
fi
Now we are supposed to have our sensitive whonix gateway and workstaiton ready, open them and upgrade the system
Next access monero website to get the official wallet, or use any wallet you like
Create a new wallet inside the sensitive workstation vm, and store the seed into the keepassx vault, remember to safely back up this VM.
The setup of sensitive VM is now done, use this VM only for sensitive monero transactions, if you want to have other darknet activities create another dedicated workstation.
Now we are going to set up our private VM, this part is going to differ from nihilism's tutorial. We are going to replicate another group of whonix workstation and gateway inside the outer veracrypt volume
We are going to have a decoy monero wallet, this wallet will have much less money in it, and all the transactions are charity related.
Mount the veracrypt outer volume, remember also to input the hidden volume password, since you do not want your hidden volume get destroyed!
Repeat exactly what you have done in the previous section, import and setup the whonix VMs, and copy the management script to it.
Once done open up the workstation VM, download a monero wallet, and create a new wallet, save the seed to the local keepass database.
Occasionally open this private VM, and make some donations to open source project you like, so this VM is going to look like a legit active daily VM.
Now we have come to the most important part, which is how to handle the situation when someone has raided your house
Situation one: Your computer is not power up, you can simply give adversary the outer volume password and deny the presence of hidden volume, and your sensitive activities will be safe
Situation two: Someone kicks the door when you are using the sensitive VM, you have to setup the emergency script and shortcut mentioned in nihilism's tutorial, test it multiple times to make sure it works!
You have to make sure your computer can be shutdown properly. I personally prefer a PC than a laptop, since directly unplug the power is always more reliable than a software implementation.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)
