oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
blog-contributions/opsec/veracrypt/index.html

236 lines
12 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>The main source of Plausible Deniability: Deniable Encryption</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Opsec Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-31 (updated by oxeo0 on the 2025-03-31)</ba></p>
<h1>The main source of Plausible Deniability: Deniable Encryption </h1>
<img src="0.png" style="width:250px">
<p><a href="https://mhogomchungu.github.io/zuluCrypt/">zuluCrypt</a> is a free and open-source tool for encrypting files and volumes in a secure way. We already used it for <a href="../anonzulucrypt/index.html">hiding data in video files</a> using steganography.<br>
Today, we'll use it as a replacement for VeraCrypt - a free open source disk encryption software for Windows, Mac OSX and Linux. Being based on TrueCrypt, VeraCrypt offers a unique feature called <b>Hidden Volumes</b> which can give us <b>Plausible Deniability</b>.
zuluCrypt supports both TrueCrypt and VeraCrypt volumes while being better integrated in Linux ecosystem. It also comes preinstalled with <a href="https://www.kicksecure.com/">kicksecure OS</a>.
</p>
<p>But why is Plausible Deniability important first of all?<br>
From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use zuluCrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
<img src="../deniability/5.png" class="imgRz">
<b>DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling</b>
<pre><code class="nim">
source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
regarding wear leveling:
"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
</pre></code>
<p><h2><u>OPSEC Recommendations:</u></h2></p>
<ol>
<li><p>Hardware : (Personal Computer / Laptop)</p></li>
<li><p>System Harddrive: not LUKS encrypted <a href="https://www.kicksecure.com/wiki/Ram-wipe">[1]</a></p></li>
<li><p>Non-System Harddrive: 500Gb (used to contain our VeraCrypt encrypted volumes)</p></li>
<li><p>Host OS: <a href="../linux/index.html">Linux</a> </p></li>
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">QEMU/KVM</a></p></li>
<li><p>Packages: <a href="../livemode/index.html">grub-live and ram-wipe</a></p></li>
</ol>
<p><img src="../logos/daturagit.png" style="width:100px"> <u>Sidenote:</u> Help us improve this tutorial by letting us know if there's anything missing or incorrect on this <a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/255">git issue</a> directly!</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Deniability Context </b></h2>
<p>⚠️ <u>Deniability Disclaimer:</u> <b>If the adversary cannot be told that you are using zuluCrypt, do not install zuluCrypt on the host OS outside of live mode, but rather install it manually each time you boot into live mode</b> That way everytime you reboot, there is no zuluCrypt program to be found at all. ⚠️</p>
<p>Let's install zuluCrypt (you can install it safely from non-live mode), so that the software is available whenever you want to use it while the host OS is in live mode:<br>
<pre><code class="nim">oxeo@milkyway:~$ sudo apt install zulucrypt-gui zulucrypt-cli
</code></pre></p>
<p>Open the GUI to see if it got installed correctly:<br>
<img src="1.png" class="imgRz"></p>
<p>So now you have zuluCrypt on your system. Before you start to use it, you need to be aware of the lack of deniability you have when using the Host OS in regular mode:</p>
<img src="../livemode/3.png" class="imgRz">
<p>By default, your host OS directly writes into the system drive all sorts of potential forensic evidence that an adversary may use against you, such as system logs, kernel logs, non-standard logs, etc, and unless if you remove each of those manually, you're never sure of wether or not the Host OS saved proof of the existence of the hidden volume onto the system drive. <b>That's why you need to use the Host OS in <a href="../livemode/index.html">live mode</a>, to be able to use zuluCrypt</b>, and <b>to install it aswell if you cannot tell the adversary that you are using zuluCrypt.</b></p>
<img src="../livemode/4.png" class="imgRz">
<p>That way, as you're loading the entire host OS in the RAM due to being in live mode, you are not writing anything on the system drive anymore, <b>but rather only writing all that potential forensic evidence of the zuluCrypt hidden volume <u>in RAM alone</u>, which can be easily erased with a simple shutdown</b>.</p>
<p>So now that we have installed zuluCrypt, let's reboot the Host OS into live mode:</p>
<img src="../deniability/7.png" class="imgRz">
<p><b>And only now once we are in live mode, we can use zuluCrypt to create hidden encrypted volumes and unlock them.</b> But be aware that everything you write into the system drive will be wiped upon shutting down, <b>if you want to store something persistent accross reboots from live mode, you need to save it in a non-system drive.</b></p>
<p> So now from there we can create the encrypted volumes (either as files or as entire drives). In this example we'll create an encrypted file:<br>
<img src="2.png"></p>
<p>Select the volume name, size and location.<br>
We want the location to be a simple file in my home directory for testing purposes (so be aware that <u>upon rebooting it will be erased due to being in the system drive</u>). If you want it to not be erased upon rebooting, you'll need to put it in a non-system drive like in <a href="../sensitivevm/index.html">this tutorial</a>:<br>
<img src="3.png"></p>
<p>Once you click <b>Create</b>, it will write random data to the file. This can take a while:<br>
<img src="4.png"></p>
<p>Here select the volume type <b>(Normal+Hidden VeraCrypt)</b>, password for <b>decoy</b> and <b>secret</b> part and the size of hidden volume (has to be smaller than the size of outer volume).<br>
We set the filesystem as <b>exfat</b>. This is recommended since journaling filesystems can leave data which reveals the existence of hidden volume:<br>
<img src="5.png"></p>
<p>Now just click <b>Create</b> and wait a bit:<br>
<img src="6.png">
<img src="7.png"></p>
<p>After that's done, you'll get a popup:<br>
<img src="8.png"></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Mounting the Volumes</b></h2> </br> </br>
<p>Now let's mount volume using both <b>decoy</b> and <b>secret</b> password to see the difference. To do that, click on <b>Open > Volume Hosted In A File</b>:<br>
<img src="9.png"></p>
<p>Select the volume file:<br>
<img src="10.png">
<img src="11.png"></p>
<p>We'll then type the <b>decoy</b> password and click <b>Open</b>:<br>
<img src="12.png"></p>
<p>After a while a file manager should open in the directory where the volume got mounted:<br>
<img src="13.png"></p>
<p>In the zuluCrypt GUI, we can see the mount path:<br>
<img src="14.png"></p>
<p>We can put some decoy files there so that it makes sense why you hide it:<br>
<img src="15.png"></p>
<p>Now let's unmount the volume using zuluCrypt GUI:<br>
<img src="16.png"></p>
<p>Unlock the same volume but this time using the <b>secret</b> password:<br>
<img src="17.png"></p>
<p>As you can see, it's empty and the free space is just around <b>1024 MB</b> as we set before:<br>
<img src="18.png"></p>
<p>You can put stuff that you actually care about in there:<br>
<img src="19.png"></p>
<p>And that's it! Now you have a fully working volume with hidden data inside achieving <b>Plausible Deniability</b>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FBD4qkVq8lJUgjHt0kUaxeQBYsKaxDejeecxm6-2vOwI%3D%40b6geeakpwskovltbesvy3b6ah3ewxfmnhnshojndmpp7wcv2df7bnead.onion%2FdXQ3FLM5ufTNQxgXU6jm07fRXSq9Ujkt%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAzABUDXe4g0bjXyPcNOU0QzWxMYMMGgR3kcOQacoEaQ0%253D&data=%7B%22groupLinkId%22%3A%22G3yklv9753AcNA7lGV3FBw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br>
<h4>About oxeo0</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 862Sp3N5Y8NByFmPVLTPrJYzwdiiVxkhQgAdt65mpYKJLdVDHyYQ8swLgnVr8D3jKphDUcWUCVK1vZv9u8cvtRJCUBFb8MQ</p></br>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>
Reference in a new issue View git blame Copy permalink