2024-07-25 12:23:36 +02:00
<!DOCTYPE html>
< html lang = "en" >
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< meta name = "description" content = "" >
< meta name = "author" content = "" >
< link rel = "shortcut icon" href = "../../../../../../assets/img/favicon.png" >
< title > whonixqemuvms Setup< / title >
<!-- Bootstrap core CSS -->
< link href = "../../assets/css/bootstrap.css" rel = "stylesheet" >
< link href = "../../assets/css/xt256.css" rel = "stylesheet" >
<!-- Custom styles for this template -->
< link href = "../../assets/css/main.css" rel = "stylesheet" >
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- [if lt IE 9]>
< script src = "https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js" > < / script >
< script src = "https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js" > < / script >
<![endif]-->
< / head >
< body >
<!-- Static navbar -->
< div class = "navbar navbar-inverse-anon navbar-static-top" >
< div class = "container" >
< div class = "navbar-header" >
< button type = "button" class = "navbar-toggle" data-toggle = "collapse" data-target = ".navbar-collapse" >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< span class = "icon-bar" > < / span >
< / button >
< a class = "navbar-brand-anon" href = "\index.html" > nihilist`s Blog< / a >
< / div >
< div class = "navbar-collapse collapse" >
< ul class = "nav navbar-nav navbar-right" >
< li > < a href = "/about.html" > About< / a > < / li >
< li > < a href = "/blog.html" > Categories< / a > < / li >
< li > < a href = "https://blog.nihilism.network/donate.html" > Donate< / a > < / li >
< li > < a href = "/contact.html" > Contact< / a > < / li >
< / ul >
< / div > <!-- /.nav - collapse -->
< / div >
< / div >
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< a href = "../anon.html" > Previous Page< / a > < / br > < / br > < p > < img src = "../../assets/img/user.png" width = "50px" height = "50px" > < ba > nihilist@mainpc - 2024-03-10< / ba > < / p >
< h1 > Whonix QEMU Setup < / h1 >
< img src = "0.png" style = "width:250px" >
< p > Whonix is an open-source OS made specifically for general anonymous activities. In this tutorial we're going to set it up using the QEMU virtualization setup we installed previously.< / p >
2024-07-31 23:07:35 +02:00
< p > < h2 > < u > OPSEC Recommendations:< / u > < / h2 > < / p >
< ol >
< li > < p > Hardware : (Personal Computer / Laptop)< / p > < / li >
< li > < p > Host OS: < a href = "../linux/index.html" > Linux< / a > < / p > < / li >
< li > < p > Hypervisor: < a href = "../hypervisorsetup/index.html" > libvirtd QEMU/KVM< / a > < / p > < / li >
< li > < p > Application: < a href = "../anon.html" > Host-based VPN< / a > (if your ISP doesn't allow Tor traffic) < / p > < / li >
< / ol >
< p > I recommend using this setup into one of the above mentionned VMs, for < a href = "../anonymityexplained/index.html" > Anonymous use< / a > , as per the < a href = "../opsec4levels/index.html" > 4 basic OPSEC levels< / a > .< / p >
< p > TODO: force a VPN through Tor< / p >
2024-07-30 21:54:11 +02:00
2024-07-25 12:23:36 +02:00
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /grey -->
<!-- +++++ Second Post +++++ -->
< div id = "anon3" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Initial Setup < / b > < / h2 >
< p > Make sure that you have setup the QEMU / virt-viewer setup we described in < a href = "../antiforensics/index.html" > this< / a > earlier tutorial< / p >
< p > Then install download the whonix VMS as follows:< / p >
< p > First go < a href = "https://www.whonix.org/wiki/KVM" > here< / a > to download whonix for qemu, < / p >
< img src = "1.png" class = "imgRz" >
< p > Then extract the .xz file where you want the image to be at:< / p >
< pre > < code class = "nim" >
[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
→ mv Whonix-XFCE-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz /mnt/VAULT/VMs/
[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
→ cd /mnt/VAULT/VMs/
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ tar -xvf Whonix-XFCE-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
WHONIX_BINARY_LICENSE_AGREEMENT
WHONIX_DISCLAIMER
Whonix-Gateway-XFCE-17.0.3.0.xml
Whonix-Workstation-XFCE-17.0.3.0.xml
Whonix_external_network-17.0.3.0.xml
Whonix_internal_network-17.0.3.0.xml
Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ ls -lash
total 7.9G
4.0K drwxr-xr-x 2 nothing nothing 4.0K Dec 29 20:10 .
4.0K drwxr-xr-x 4 nothing nothing 4.0K Dec 29 20:09 ..
40K -rw-r--r-- 1 nothing nothing 39K Oct 21 2015 WHONIX_BINARY_LICENSE_AGREEMENT
0 -rw-r--r-- 1 nothing nothing 0 Dec 29 20:10 WHONIX_BINARY_LICENSE_AGREEMENT_accepted
8.0K -rw-r--r-- 1 nothing nothing 4.1K Oct 21 2015 WHONIX_DISCLAIMER
4.0K -rw-r--r-- 1 nothing nothing 172 Oct 21 2015 Whonix_external_network-17.0.3.0.xml
2.7G -rw-r--r-- 1 nothing nothing 101G Oct 21 2015 Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21 2015 Whonix-Gateway-XFCE-17.0.3.0.xml
4.0K -rw-r--r-- 1 nothing nothing 97 Oct 21 2015 Whonix_internal_network-17.0.3.0.xml
3.8G -rw-r--r-- 1 nothing nothing 101G Oct 21 2015 Whonix-Workstation-XFCE-17.0.3.0.Intel_AMD64.qcow2
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21 2015 Whonix-Workstation-XFCE-17.0.3.0.xml
1.4G -rw-r--r-- 1 nothing nothing 1.4G Dec 29 20:06 Whonix-XFCE-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
< / code > < / pre >
< p > So now we have the qcow2 files (take note that it can), so we can proceed following the instructions:< / p >
< pre > < code class = "nim" >
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
→ vim Whonix-Gateway-XFCE-17.0.3.0.xml
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
→ cat Whonix-Gateway-XFCE-17.0.3.0.xml | grep VAULT
< < b > < / b > source file='/mnt/VAULT/VMs/Whonix-Gateway-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
→ vim Whonix-Workstation-XFCE-17.0.3.0.xml
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/VMs]
→ cat Whonix-Workstation-XFCE-17.0.3.0.xml | grep VAULT
< < b > < / b > source file='/mnt/VAULT/VMs/Whonix-Workstation-XFCE-17.0.3.0.Intel_AMD64.qcow2'/>
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-define Whonix_external*.xml
[sudo] password for nothing:
Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-define Whonix_internal*.xml
Network Whonix-Internal defined from Whonix_internal_network-17.0.3.0.xml
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-autostart Whonix-External
Network Whonix-External marked as autostarted
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-start Whonix-External
Network Whonix-External started
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-autostart Whonix-Internal
Network Whonix-Internal marked as autostarted
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system net-start Whonix-Internal
Network Whonix-Internal started
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system define Whonix-Gateway*.xml
Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-17.0.3.0.xml
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/VMs]
→ sudo virsh -c qemu:///system define Whonix-Workstation*.xml
Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-17.0.3.0.xml
< / code > < / pre >
< p > make sure you give them 4gb of RAM before launching them, then launch them:< / p >
< pre > < code class = "nim" >
[nihilist@nowhere VMs]$ cat Whonix-Gateway.xml | grep KiB
< < b > < / b > memory dumpCore="off" unit="KiB">2097152< / memory >
< < b > < / b > currentMemory unit="KiB">2097152< / currentMemory >
[nihilist@nowhere VMs]$ cat Whonix-Workstation.xml | grep KiB
< < b > < / b > memory dumpCore="off" unit="KiB">4194304< / memory >
< < b > < / b > currentMemory unit="KiB">4194304< / currentMemory >
< / code > < / pre >
< p > we can automate the VM startup procedure with a simple bashscript like so :< / p >
< pre > < code class = "nim" >
[nihilist@nowhere VMs]$ cat refreshvms.sh
#!/bin/bash
#remove VMs
sudo virsh -c qemu:///system destroy Whonix-Gateway
sudo virsh -c qemu:///system destroy Whonix-Workstation
sudo virsh -c qemu:///system undefine Whonix-Gateway
sudo virsh -c qemu:///system undefine Whonix-Workstation
sudo virsh -c qemu:///system net-destroy Whonix-External
sudo virsh -c qemu:///system net-destroy Whonix-Internal
sudo virsh -c qemu:///system net-undefine Whonix-External
sudo virsh -c qemu:///system net-undefine Whonix-External
echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'
read
#install VMs
sudo virsh -c qemu:///system net-define Whonix_external*.xml
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
sudo virsh -c qemu:///system define Whonix-Gateway.xml
sudo virsh -c qemu:///system define Whonix-Workstation.xml
< / code > < / pre >
< p > You can run it like so:< / p >
< pre > < code class = "nim" >
[nihilist@nowhere VMs]$ chmod +x refreshvms.sh
[nihilist@nowhere VMs]$ ./refreshvms.sh
[sudo] password for nihilist:
Domain 'Whonix-Gateway' destroyed
Domain 'Whonix-Workstation' destroyed
Domain 'Whonix-Gateway' has been undefined
Domain 'Whonix-Workstation' has been undefined
Network Whonix-External destroyed
Network Whonix-Internal destroyed
Network Whonix-External has been undefined
error: failed to get network 'Whonix-External'
error: Network not found: no network with matching name 'Whonix-External'
[+] VMs removed, re-install them ? (ctrl+c to exit)
Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
error: Failed to define network from Whonix_internal_network-17.0.3.0.xml
error: operation failed: network 'Whonix-Internal' already exists with uuid 878828d6-fd1f-49ac-9d0c-9c829c414b80
Network Whonix-External marked as autostarted
Network Whonix-External started
Network Whonix-Internal marked as autostarted
Network Whonix-Internal started
Domain 'Whonix-Gateway' defined from Whonix-Gateway.xml
Domain 'Whonix-Workstation' defined from Whonix-Workstation.xml
< / code > < / pre >
< img src = "2.png" class = "imgRz" >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
< div id = "anon2" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-8 col-lg-offset-2" >
< h2 > < b > Basic Whonix Usage< / b > < / h2 > < / br > < / br >
< p > So now you can compatmentalize your anonymous usage in a separate VM by using the tor browser there, along with keepass and monero:< / p >
< p > You can open Onion Circuits on the gateway VM to view the tor connections being built up in real time like so :< / p >
< img src = "3.png" class = "imgRz" >
< p > And inside the Workstation VM you can browse Tor, and use Keepass just like in the < a href = "../torbrowsing/index.html" > previous tutorial< / a > :< / p >
< img src = "4.png" class = "imgRz" >
< p > you can also use monero (take note that the default sudo password in whonix is "changeme", so dont forget to change it):< / p >
< pre > < code class = "nim" >
[workstation user ~]% passwd
[workstation user ~]% sudo apt install monero -y
[workstation user ~]% monero-wallet-cli
< / code > < / pre >
< / div >
< / div > <!-- /row -->
< / div > <!-- /container -->
< / div > <!-- /white -->
<!-- +++++ Footer Section +++++ -->
< div id = "anonb" >
< div class = "container" >
< div class = "row" >
< div class = "col-lg-4" >
< h4 > Nihilism< / h4 >
< p >
Until there is Nothing left.
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > My Links< / h4 >
< p >
< a target = "_blank" rel = "noopener noreferrer" href = "http://blog.nihilism.network/rss/feed.xml" > RSS Feed< / a > < br / > < a target = "_blank" rel = "noopener noreferrer" href = "https://matrix.to/#/#nihilism:m.datura.network" > Matrix Chat< / a > < br / >
< / p >
< / div > <!-- /col - lg - 4 -->
< div class = "col-lg-4" >
< h4 > About nihilist< / h4 >
< p style = "word-wrap: break-word;" > < u > Donate XMR:< / u > 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8< / p > < / br > < p > < u > Contact:< / u > nihilist@nihilism.network (< a href = "https://nihilism.network/nihilist.pubkey" > PGP< / a > )< / p >
< / div > <!-- /col - lg - 4 -->
< / div >
< / div >
< / div >
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
< / body >
< / html >