In this tutorial I will show an setup how to hide your monero wealth, with plausible deniability provided by veracrypt
We need a environment very similar to Nihilism's private + sensitive vm setup, so be familiar with it before continuing. Some details mentioned in the previously tutorial will be omitted here.
According to the nihilism's tutorial, first install your kicksecure or debian host OS. Once you have done installing your host OS, start it in persistent mode first for setting up qemu/kvm
First install all the necessary software
$sudo apt-get update; sudo apt install --no-install-recommends qemu-kvm qemu-system-x86 libvirt-daemon-system libvirt-clients virt-manager gir1.2-spiceclientgtk-3.0 dnsmasq-base qemu-utils iptables safe-rm xz-utils
Next run some necessary configuration
$sudo adduser "$(whoami)" libvirt
$sudo adduser "$(whoami)" kvm
$sudo systemctl restart libvirtd
$sudo virsh -c qemu:///system net-autostart default
$sudo virsh -c qemu:///system net-start default
Next create a veracrypt container on another storage device, with a big enough hidden volume according to the nihilism's tutorial
Reboot your host OS into live mode, live mode prevents any log or other traces be written to disk. This makes sure digital forensic cannot find out the existence of our private vm
In theory if you have done everything correctly according to previous tutorial, we should have a plausible deniability setup available. The private VM will store our decoy monero wallet. The sensitive VM will store our real monero wallet, which contains a lot of $$$ and might be legally questionable.
The veracrypt container allows you to deny the existence of sensitive VM
First decrypt and mount your hidden veracrypt volume. Next setup Whonix gateway and workstation according to nihilism's tutorial.
You should have all the whonix VM files inside the container
Once you have done setup the Whonix vms inside the sensitive VM, copy this script so you do not need to manually define the VMs everytime rebooted. You just need to run this script everytime you mount the volume
#!/bin/bash
if [ $(virsh -c qemu:///system list --all | grep Whonix | wc -l) -ne 0 ];
then
# if the VMs are imported, remove them:
virsh -c qemu:///system destroy Whonix-Gateway
virsh -c qemu:///system destroy Whonix-Workstation
virsh -c qemu:///system undefine Whonix-Gateway
virsh -c qemu:///system undefine Whonix-Workstation
virsh -c qemu:///system net-destroy Whonix-External
virsh -c qemu:///system net-destroy Whonix-Internal
virsh -c qemu:///system net-undefine Whonix-External
virsh -c qemu:///system net-undefine Whonix-Internal
else
# if the VMs are not imported, import them:
virsh -c qemu:///system net-define /mnt/veracrypt1/Whonix-external.xml
virsh -c qemu:///system net-define /mnt/veracrypt1/Whonix-internal.xml
virsh -c qemu:///system net-autostart Whonix-External
virsh -c qemu:///system net-start Whonix-External
virsh -c qemu:///system net-autostart Whonix-Internal
virsh -c qemu:///system net-start Whonix-Internal
virsh -c qemu:///system define /mnt/veracrypt1/Whonix-Gateway.xml
virsh -c qemu:///system define /mnt/veracrypt1/Whonix-Workstation.xml
fi
Now we are supposed to have our sensitive whonix gateway and workstaiton ready, open them and upgrade the system
Next access monero website to get the official wallet, or use any wallet you like
Create a new wallet inside the sensitive workstation vm, and store the seed into the keepassx vault, remember to safely back up this VM.
For how to acquire and use monero, consult the monero tutorial
The setup of sensitive VM is now done, use this VM only for sensitive monero transactions, if you want to have other darknet activities create another dedicated workstation.
Outer volume:
Next we will set up the outer volume, which will contains some decoys files that give you plausible deniability when someone forces you to open the veracrypt container
Mount the veracrypt outer volume, remember also to input the hidden volume password, since you do not want your hidden volume get destroyed!
Then download some pirate movies, celebrity leaked nudes and Biden's leaked email to it. Make your outer veracrypt volume spicy but not illegal.
Then we are going to setup the decoy wallet, the decoy wallet is supposed to be in private VMs, if someone robs you at a gun point you are supposed to open this wallet
Architecturally it should look like this
Choose one of your private VM, download the monero wallet and generate a new wallet.
Buy something with it randomly, or donate some money to other open source projects.
Occasionally open this private VM and use this wallet, so this VM is going to look like a legit active daily VM.
Now we have come to the most important part, which is how to handle the situation when someone has raided your house
Situation one: Your computer is not power up, you can simply give adversary the outer volume password and your decoy wallet, and deny the existence of sensitive VM.
Situation two: Someone kicks the door when you are using the sensitive VM, you have to setup the emergency script and shortcut mentioned in nihilism's tutorial, test it multiple times to make sure it works!
You have to make sure your computer can be shutdown properly. I personally prefer a PC than a laptop, since directly unplug the power is always more reliable than a software implementation.
Shatter the big brother.
Creative Commons Zero: No Rights Reserved
Donate XMR: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh
Contact: prismbreaker@waifu.club (PGP)