blog-contributions/opsec/whonix/index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">

    <title>whonix + veracrypt plausible deniability Setup</title>

    <!-- Bootstrap core CSS -->
    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
	<link href="../../assets/css/xt256.css" rel="stylesheet">
    
    

    <!-- Custom styles for this template -->
    <link href="../../assets/css/main.css" rel="stylesheet">

    

    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
  </head>

  <body>

    <!-- Static navbar -->
    <div class="navbar navbar-inverse-cis navbar-static-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand-cis" href="\index.html">nihilist`s Blog</a>
        </div>
        <div class="navbar-collapse collapse">
          <ul class="nav navbar-nav navbar-right">

            <li><a  href="/about.html">About</a></li>
            <li><a  href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
            <li><a  href="/contact.html">Contact</a></li>
          </ul>
        </div><!--/.nav-collapse -->
        
      </div>
    </div>

	<!-- +++++ Posts Lists +++++ -->
	<!-- +++++ First Post +++++ -->
	<div id="cis2">
	    <div class="container">
			<div class="row">
				<div class="col-lg-8 col-lg-offset-2">
  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 12 / 03 / 2023</ba></p>
<h1>whonix in a plausible deniability Setup </h1>
<img src="0.png" style="width:250px">
<p>In this tutorial we're going to look at how to use whonix in a plausible deniability environment using QEMU KVM and veracrypt. </p>
          
	       </div>
			</div><!-- /row -->
	    </div> <!-- /container -->
	</div><!-- /grey -->

	<!-- +++++ Second Post +++++ -->
	<div id="cis3">
	    <div class="container">
			<div class="row">
				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Initial Setup </b></h2>
<p>First go <a href="https://www.whonix.org/wiki/KVM">here</a> to download whonix for qemu, </p>
<img src="1.png" class="imgRz">
<p>Then extract the .xz file where you want the image to be at:</p>
<pre><code class="nim">
[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
→ mv Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz /mnt/VAULT/ISOs/whonix/

[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
→ cd /mnt/VAULT/ISOs/whonix/

[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ tar -xvf Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz
WHONIX_BINARY_LICENSE_AGREEMENT
WHONIX_DISCLAIMER
Whonix-Gateway-XFCE-16.0.9.0.xml
Whonix-Workstation-XFCE-16.0.9.0.xml
Whonix_external_network-16.0.9.0.xml
Whonix_internal_network-16.0.9.0.xml
Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2
	
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted

[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ ls -lash
total 7.9G
4.0K drwxr-xr-x 2 nothing nothing 4.0K Dec 29 20:10 .
4.0K drwxr-xr-x 4 nothing nothing 4.0K Dec 29 20:09 ..
 40K -rw-r--r-- 1 nothing nothing  39K Oct 21  2015 WHONIX_BINARY_LICENSE_AGREEMENT
   0 -rw-r--r-- 1 nothing nothing    0 Dec 29 20:10 WHONIX_BINARY_LICENSE_AGREEMENT_accepted
8.0K -rw-r--r-- 1 nothing nothing 4.1K Oct 21  2015 WHONIX_DISCLAIMER
4.0K -rw-r--r-- 1 nothing nothing  172 Oct 21  2015 Whonix_external_network-16.0.9.0.xml
2.7G -rw-r--r-- 1 nothing nothing 101G Oct 21  2015 Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21  2015 Whonix-Gateway-XFCE-16.0.9.0.xml
4.0K -rw-r--r-- 1 nothing nothing   97 Oct 21  2015 Whonix_internal_network-16.0.9.0.xml
3.8G -rw-r--r-- 1 nothing nothing 101G Oct 21  2015 Whonix-Workstation-XFCE-16.0.9.0.Intel_AMD64.qcow2
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21  2015 Whonix-Workstation-XFCE-16.0.9.0.xml
1.4G -rw-r--r-- 1 nothing nothing 1.4G Dec 29 20:06 Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz

</code></pre>

<p>So now we have the qcow2 files, so we can proceed following the instructions:</p>
<pre><code class="nim">
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ vim Whonix-Gateway-XFCE-16.0.9.0.xml                                                                                         

[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ cat Whonix-Gateway-XFCE-16.0.9.0.xml | grep VAULT
      <<b></b>source file='/mnt/VAULT/ISOs/whonix/Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2'/>

[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ vim Whonix-Workstation-XFCE-16.0.9.0.xml

[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ cat Whonix-Workstation-XFCE-16.0.9.0.xml | grep VAULT
      <<b></b>source file='/mnt/VAULT/ISOs/whonix/Whonix-Workstation-XFCE-16.0.9.0.Intel_AMD64.qcow2'/>



[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system net-define Whonix_external*.xml
[sudo] password for nothing:
Network Whonix-External defined from Whonix_external_network-16.0.9.0.xml


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system net-define Whonix_internal*.xml
Network Whonix-Internal defined from Whonix_internal_network-16.0.9.0.xml


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→  sudo virsh -c qemu:///system net-autostart Whonix-External
Network Whonix-External marked as autostarted


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system net-start Whonix-External
Network Whonix-External started


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system net-autostart Whonix-Internal
Network Whonix-Internal marked as autostarted


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system net-start Whonix-Internal
Network Whonix-Internal started


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system define Whonix-Gateway*.xml
Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-16.0.9.0.xml


[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
→ sudo virsh -c qemu:///system define Whonix-Workstation*.xml
Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-16.0.9.0.xml

</code></pre>
<p>make sure you give them 4gb of RAM before launching them, then launch them:</p>
<img src="13.png" class="imgRz">
<p>On the whonix gateway side:</p>
<img src="14.png" class="imgRz">

<p>Here if you want to specify a <a href="../tor/bridge/index.html">tor bridge node</a> to connect to you can, but if not then you can click Next:</p>
<img src="10.png" class="imgRz">
<img src="15.png" class="imgRz">
<p>Then we follow what the systemcheck suggests us to do, updating the packages:</p>
<img src="16.png" class="imgRz">
<p>Then just use the VM as intended:</p>
<img src="17.png" class="imgRz">

<p>And that's it! We have been able to install the Whonix Workspace and Whonix Gateway.</p>
				</div>
			</div><!-- /row -->
	    </div> <!-- /container -->
	</div><!-- /white -->

  <div id="cis2">
	    <div class="container">
			<div class="row">
				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Plausible Deniability Setup</b></h2> </br> </br>
<p>There are times when you might be forced to reveal the contents of a harddrive. To combat this you can go for a "Plausible Deniability Setup" where you have a drive that can be split. In my case i use a harddrive for this purpose, so it is actually possible to completely wipe it's contents if needed unlike on a SSD.</p>

<img src="19.png" class="imgRz">

<p>First install veracrypt:</p>
<pre><code class="nim">
[ 10.0.2.2/24 ] [ /dev/pts/35 ] [/mnt]
→ sudo pacman -S veracrypt

</code></pre>
<p>Then just select the following:</p>

<img src="20.png" class="imgRz">
<img src="21.png" class="imgRz">
<img src="22.png" class="imgRz">
<img src="23.png" class="imgRz">
<img src="24.png" class="imgRz">
<img src="25.png" class="imgRz">
<img src="26.png" class="imgRz">
<img src="27.png" class="imgRz">
<img src="28.png" class="imgRz">
<img src="29.png" class="imgRz">
<img src="30.png" class="imgRz">
<p>Then setup the hidden inner volume:</p>
<img src="31.png" class="imgRz">
<img src="32.png" class="imgRz">
<img src="33.png" class="imgRz">
<img src="34.png" class="imgRz">
<img src="35.png" class="imgRz">
<img src="36.png" class="imgRz">
<img src="37.png" class="imgRz">
<img src="38.png" class="imgRz">
<img src="39.png" class="imgRz">
<img src="40.png" class="imgRz">
<p>Then you can just mount the volume you created like so:</p>

<img src="41.png" class="imgRz">
<img src="42.png" class="imgRz">
<img src="43.png" class="imgRz">
<p>Now we successfully mounted it in /mnt/veracrypt1 and as you can see it's type "Normal". This is the procedure to do if you want to are forced to give away your password. Now if you want to mount the real hidden volume instead you do the following:</p>
<img src="44.png" class="imgRz">
<img src="45.png" class="imgRz">
<p>And there you go ! You have plausible deniability setup on a drive connected to your computer. It is also being mounted in /mnt/veracrypt1, this time as the type "Hidden". Then you can put the whonix VMs in both partitions:</p>
<pre><code class="nim">
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt]
→ cd veracrypt1

[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ wget https://download.whonix.org/libvirt/16.0.9.0/Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz

</pre></code>

<p>You can go through the above setup we saw in the first part to setup the whonix VMs on both partitions.</p>

<p>Keep in mind that there may be forensics clues on the Host OS (like command history) that may lead to the VMs so you have to replicate the VMs on both partitions. Such a setup will allow you to completely deny the existance of the whonix VMs B and their real usage. Instead when you are forced to reveal the password of your harddrive you can give the password of the Decoy outer volume with password A. NEVER mention password B anywhere, memorize it yourself. So go through the above process to setup the whonix VMs on both partitions after installing the veracrypt hidden volume (do not select "will mount only on linux" otherwise it will give you an error.) Then we will use 2 scripts to ensure a quick setup and trackscleaning:</p>
<pre><code class="nim">
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ cat cleantraces.sh
#!/bin/bash
sudo virsh -c qemu:///system destroy Whonix-Gateway
sudo virsh -c qemu:///system destroy Whonix-Workstation
sudo virsh -c qemu:///system undefine Whonix-Gateway
sudo virsh -c qemu:///system undefine Whonix-Workstation
sudo virsh -c qemu:///system net-destroy Whonix-External
sudo virsh -c qemu:///system net-destroy Whonix-Internal
sudo virsh -c qemu:///system net-undefine Whonix-External
sudo virsh -c qemu:///system net-undefine Whonix-External

sudo virsh undefine Whonix-Workstation
sudo virsh undefine Whonix-Gateway

[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ cat getvms.sh
#!/bin/bash

sudo virsh -c qemu:///system net-define Whonix_external*.xml
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
sudo virsh -c qemu:///system define Whonix-Workstation*.xml
	
</code></pre>

<p>One is used to setup the VMs, the other is there to remove the VMs. I combine them into one script:</p>
<img src="" class="imgRz">
<pre><code class="nim">



[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ cat refreshvms.sh
#!/bin/bash

#remove VMs

sudo virsh -c qemu:///system destroy Whonix-Gateway
sudo virsh -c qemu:///system destroy Whonix-Workstation
sudo virsh -c qemu:///system undefine Whonix-Gateway
sudo virsh -c qemu:///system undefine Whonix-Workstation
sudo virsh -c qemu:///system net-destroy Whonix-External
sudo virsh -c qemu:///system net-destroy Whonix-Internal
sudo virsh -c qemu:///system net-undefine Whonix-External
sudo virsh -c qemu:///system net-undefine Whonix-External

echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'
read

#install VMs

sudo virsh -c qemu:///system net-define Whonix_external*.xml
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
sudo virsh -c qemu:///system define Whonix-Workstation*.xml

</code></pre>
<p>That way you can have that script on both partitions, and simply refresh the VMs back to normal after you're done using it on the hidden volume. </p>
<pre><code class="nim">
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ chmod +x refreshvms.sh

[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
→ ./refreshvms.sh
[sudo] password for nothing:
Domain 'Whonix-Gateway' destroyed

Domain 'Whonix-Workstation' destroyed

Domain 'Whonix-Gateway' has been undefined

Domain 'Whonix-Workstation' has been undefined

Network Whonix-External destroyed

Network Whonix-Internal destroyed

Network Whonix-External has been undefined

error: failed to get network 'Whonix-External'
error: Network not found: no network with matching name 'Whonix-External'

Network Whonix-External defined from Whonix_external_network-16.0.9.0.xml

error: Failed to define network from Whonix_internal_network-16.0.9.0.xml

Network Whonix-External marked as autostarted

Network Whonix-External started

Network Whonix-Internal marked as autostarted

Network Whonix-Internal started

Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-16.0.9.0.xml

Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-16.0.9.0.xml
	
</code></pre>

				</div>
			</div><!-- /row -->
	    </div> <!-- /container -->
	</div><!-- /white -->

	<!-- +++++ Footer Section +++++ -->

	<div id="cisb">
		<div class="container">
			<div class="row">
				<div class="col-lg-4">
					<h4>Nihilism</h4>
          <p>
						Until there is Nothing left.
						
					</p>
				</div><!-- /col-lg-4 -->

				<div class="col-lg-4">
					<h4>My Links</h4>
					<p>

						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>

					</p>
				</div><!-- /col-lg-4 -->

				<div class="col-lg-4">
					<h4>About nihilist</h4>
					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
				</div><!-- /col-lg-4 -->

			</div>

		</div>
	</div>


    <!-- Bootstrap core JavaScript
    ================================================== -->
    <!-- Placed at the end of the document so the pages load faster -->
    
  </body>
</html>