forked from nihilist/blog-contributions
412 lines
16 KiB
HTML
412 lines
16 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>whonix + veracrypt plausible deniability Setup</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-cis navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-cis" href="\index.html">nihilist`s Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="cis2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 12 / 03 / 2023</ba></p>
|
|
<h1>whonix in a plausible deniability Setup </h1>
|
|
<img src="0.png" style="width:250px">
|
|
<p>In this tutorial we're going to look at how to use whonix in a plausible deniability environment using QEMU KVM and veracrypt. </p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="cis3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Initial Setup </b></h2>
|
|
<p>First go <a href="https://www.whonix.org/wiki/KVM">here</a> to download whonix for qemu, </p>
|
|
<img src="1.png" class="imgRz">
|
|
<p>Then extract the .xz file where you want the image to be at:</p>
|
|
<pre><code class="nim">
|
|
[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
|
|
→ mv Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz /mnt/VAULT/ISOs/whonix/
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [~/Downloads]
|
|
→ cd /mnt/VAULT/ISOs/whonix/
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ tar -xvf Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz
|
|
WHONIX_BINARY_LICENSE_AGREEMENT
|
|
WHONIX_DISCLAIMER
|
|
Whonix-Gateway-XFCE-16.0.9.0.xml
|
|
Whonix-Workstation-XFCE-16.0.9.0.xml
|
|
Whonix_external_network-16.0.9.0.xml
|
|
Whonix_internal_network-16.0.9.0.xml
|
|
Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ ls -lash
|
|
total 7.9G
|
|
4.0K drwxr-xr-x 2 nothing nothing 4.0K Dec 29 20:10 .
|
|
4.0K drwxr-xr-x 4 nothing nothing 4.0K Dec 29 20:09 ..
|
|
40K -rw-r--r-- 1 nothing nothing 39K Oct 21 2015 WHONIX_BINARY_LICENSE_AGREEMENT
|
|
0 -rw-r--r-- 1 nothing nothing 0 Dec 29 20:10 WHONIX_BINARY_LICENSE_AGREEMENT_accepted
|
|
8.0K -rw-r--r-- 1 nothing nothing 4.1K Oct 21 2015 WHONIX_DISCLAIMER
|
|
4.0K -rw-r--r-- 1 nothing nothing 172 Oct 21 2015 Whonix_external_network-16.0.9.0.xml
|
|
2.7G -rw-r--r-- 1 nothing nothing 101G Oct 21 2015 Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2
|
|
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21 2015 Whonix-Gateway-XFCE-16.0.9.0.xml
|
|
4.0K -rw-r--r-- 1 nothing nothing 97 Oct 21 2015 Whonix_internal_network-16.0.9.0.xml
|
|
3.8G -rw-r--r-- 1 nothing nothing 101G Oct 21 2015 Whonix-Workstation-XFCE-16.0.9.0.Intel_AMD64.qcow2
|
|
4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct 21 2015 Whonix-Workstation-XFCE-16.0.9.0.xml
|
|
1.4G -rw-r--r-- 1 nothing nothing 1.4G Dec 29 20:06 Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz
|
|
|
|
</code></pre>
|
|
|
|
<p>So now we have the qcow2 files, so we can proceed following the instructions:</p>
|
|
<pre><code class="nim">
|
|
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ vim Whonix-Gateway-XFCE-16.0.9.0.xml
|
|
|
|
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ cat Whonix-Gateway-XFCE-16.0.9.0.xml | grep VAULT
|
|
<<b></b>source file='/mnt/VAULT/ISOs/whonix/Whonix-Gateway-XFCE-16.0.9.0.Intel_AMD64.qcow2'/>
|
|
|
|
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ vim Whonix-Workstation-XFCE-16.0.9.0.xml
|
|
|
|
[ 10.0.2.2/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ cat Whonix-Workstation-XFCE-16.0.9.0.xml | grep VAULT
|
|
<<b></b>source file='/mnt/VAULT/ISOs/whonix/Whonix-Workstation-XFCE-16.0.9.0.Intel_AMD64.qcow2'/>
|
|
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-define Whonix_external*.xml
|
|
[sudo] password for nothing:
|
|
Network Whonix-External defined from Whonix_external_network-16.0.9.0.xml
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-define Whonix_internal*.xml
|
|
Network Whonix-Internal defined from Whonix_internal_network-16.0.9.0.xml
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-autostart Whonix-External
|
|
Network Whonix-External marked as autostarted
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-start Whonix-External
|
|
Network Whonix-External started
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-autostart Whonix-Internal
|
|
Network Whonix-Internal marked as autostarted
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system net-start Whonix-Internal
|
|
Network Whonix-Internal started
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system define Whonix-Gateway*.xml
|
|
Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-16.0.9.0.xml
|
|
|
|
|
|
[ 10.8.0.3/24 ] [ nowhere ] [VAULT/ISOs/whonix]
|
|
→ sudo virsh -c qemu:///system define Whonix-Workstation*.xml
|
|
Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-16.0.9.0.xml
|
|
|
|
</code></pre>
|
|
<p>make sure you give them 4gb of RAM before launching them, then launch them:</p>
|
|
<img src="13.png" class="imgRz">
|
|
<p>On the whonix gateway side:</p>
|
|
<img src="14.png" class="imgRz">
|
|
|
|
<p>Here if you want to specify a <a href="../tor/bridge/index.html">tor bridge node</a> to connect to you can, but if not then you can click Next:</p>
|
|
<img src="10.png" class="imgRz">
|
|
<img src="15.png" class="imgRz">
|
|
<p>Then we follow what the systemcheck suggests us to do, updating the packages:</p>
|
|
<img src="16.png" class="imgRz">
|
|
<p>Then just use the VM as intended:</p>
|
|
<img src="17.png" class="imgRz">
|
|
|
|
<p>And that's it! We have been able to install the Whonix Workspace and Whonix Gateway.</p>
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<div id="cis2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Plausible Deniability Setup</b></h2> </br> </br>
|
|
<p>There are times when you might be forced to reveal the contents of a hard drive. To combat this you can go for a "Plausible Deniability Setup" where you have a drive that can be split. In my case i use a hard drive for this purpose, so it is actually possible to completely wipe it's contents if needed unlike on a SSD.</p>
|
|
|
|
<img src="19.png" class="imgRz">
|
|
|
|
<p>First install veracrypt:</p>
|
|
<pre><code class="nim">
|
|
[ 10.0.2.2/24 ] [ /dev/pts/35 ] [/mnt]
|
|
→ sudo pacman -S veracrypt
|
|
|
|
</code></pre>
|
|
<p>Then just select the following:</p>
|
|
|
|
<img src="20.png" class="imgRz">
|
|
<img src="21.png" class="imgRz">
|
|
<img src="22.png" class="imgRz">
|
|
<img src="23.png" class="imgRz">
|
|
<img src="24.png" class="imgRz">
|
|
<img src="25.png" class="imgRz">
|
|
<img src="26.png" class="imgRz">
|
|
<img src="27.png" class="imgRz">
|
|
<img src="28.png" class="imgRz">
|
|
<img src="29.png" class="imgRz">
|
|
<img src="30.png" class="imgRz">
|
|
<p>Then setup the hidden inner volume:</p>
|
|
<img src="31.png" class="imgRz">
|
|
<img src="32.png" class="imgRz">
|
|
<img src="33.png" class="imgRz">
|
|
<img src="34.png" class="imgRz">
|
|
<img src="35.png" class="imgRz">
|
|
<img src="36.png" class="imgRz">
|
|
<img src="37.png" class="imgRz">
|
|
<img src="38.png" class="imgRz">
|
|
<img src="39.png" class="imgRz">
|
|
<img src="40.png" class="imgRz">
|
|
<p>Then you can just mount the volume you created like so:</p>
|
|
|
|
<img src="41.png" class="imgRz">
|
|
<img src="42.png" class="imgRz">
|
|
<img src="43.png" class="imgRz">
|
|
<p>Now we successfully mounted it in /mnt/veracrypt1 and as you can see it's type "Normal". This is the procedure to do if you want to are forced to give away your password. Now if you want to mount the real hidden volume instead you do the following:</p>
|
|
<img src="44.png" class="imgRz">
|
|
<img src="45.png" class="imgRz">
|
|
<p>And there you go ! You have plausible deniability setup on a drive connected to your computer. It is also being mounted in /mnt/veracrypt1, this time as the type "Hidden". Then you can put the whonix VMs in both partitions:</p>
|
|
<pre><code class="nim">
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt]
|
|
→ cd veracrypt1
|
|
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ wget https://download.whonix.org/libvirt/16.0.9.0/Whonix-XFCE-16.0.9.0.Intel_AMD64.qcow2.libvirt.xz
|
|
|
|
</pre></code>
|
|
|
|
<p>You can go through the above setup we saw in the first part to setup the whonix VMs on both partitions.</p>
|
|
|
|
<p>Keep in mind that there may be forensics clues on the Host OS (like command history) that may lead to the VMs so you have to replicate the VMs on both partitions. Such a setup will allow you to completely deny the existence of the whonix VMs B and their real usage. Instead when you are forced to reveal the password of your harddrive you can give the password of the Decoy outer volume with password A. NEVER mention password B anywhere, memorize it yourself. So go through the above process to setup the whonix VMs on both partitions after installing the veracrypt hidden volume (do not select "will mount only on linux" otherwise it will give you an error.) Then we will use 2 scripts to ensure a quick setup and trackscleaning:</p>
|
|
<pre><code class="nim">
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ cat cleantraces.sh
|
|
#!/bin/bash
|
|
sudo virsh -c qemu:///system destroy Whonix-Gateway
|
|
sudo virsh -c qemu:///system destroy Whonix-Workstation
|
|
sudo virsh -c qemu:///system undefine Whonix-Gateway
|
|
sudo virsh -c qemu:///system undefine Whonix-Workstation
|
|
sudo virsh -c qemu:///system net-destroy Whonix-External
|
|
sudo virsh -c qemu:///system net-destroy Whonix-Internal
|
|
sudo virsh -c qemu:///system net-undefine Whonix-External
|
|
sudo virsh -c qemu:///system net-undefine Whonix-External
|
|
|
|
sudo virsh undefine Whonix-Workstation
|
|
sudo virsh undefine Whonix-Gateway
|
|
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ cat getvms.sh
|
|
#!/bin/bash
|
|
|
|
sudo virsh -c qemu:///system net-define Whonix_external*.xml
|
|
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
|
|
sudo virsh -c qemu:///system net-autostart Whonix-External
|
|
sudo virsh -c qemu:///system net-start Whonix-External
|
|
sudo virsh -c qemu:///system net-autostart Whonix-Internal
|
|
sudo virsh -c qemu:///system net-start Whonix-Internal
|
|
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
|
|
sudo virsh -c qemu:///system define Whonix-Workstation*.xml
|
|
|
|
</code></pre>
|
|
|
|
<p>One is used to setup the VMs, the other is there to remove the VMs. I combine them into one script:</p>
|
|
<img src="" class="imgRz">
|
|
<pre><code class="nim">
|
|
|
|
|
|
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ cat refreshvms.sh
|
|
#!/bin/bash
|
|
|
|
#remove VMs
|
|
|
|
sudo virsh -c qemu:///system destroy Whonix-Gateway
|
|
sudo virsh -c qemu:///system destroy Whonix-Workstation
|
|
sudo virsh -c qemu:///system undefine Whonix-Gateway
|
|
sudo virsh -c qemu:///system undefine Whonix-Workstation
|
|
sudo virsh -c qemu:///system net-destroy Whonix-External
|
|
sudo virsh -c qemu:///system net-destroy Whonix-Internal
|
|
sudo virsh -c qemu:///system net-undefine Whonix-External
|
|
sudo virsh -c qemu:///system net-undefine Whonix-External
|
|
|
|
echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'
|
|
read
|
|
|
|
#install VMs
|
|
|
|
sudo virsh -c qemu:///system net-define Whonix_external*.xml
|
|
sudo virsh -c qemu:///system net-define Whonix_internal*.xml
|
|
sudo virsh -c qemu:///system net-autostart Whonix-External
|
|
sudo virsh -c qemu:///system net-start Whonix-External
|
|
sudo virsh -c qemu:///system net-autostart Whonix-Internal
|
|
sudo virsh -c qemu:///system net-start Whonix-Internal
|
|
sudo virsh -c qemu:///system define Whonix-Gateway*.xml
|
|
sudo virsh -c qemu:///system define Whonix-Workstation*.xml
|
|
|
|
</code></pre>
|
|
<p>That way you can have that script on both partitions, and simply refresh the VMs back to normal after you're done using it on the hidden volume. </p>
|
|
<pre><code class="nim">
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ chmod +x refreshvms.sh
|
|
|
|
[ 10.0.2.2/24 ] [ /dev/pts/34 ] [/mnt/veracrypt1]
|
|
→ ./refreshvms.sh
|
|
[sudo] password for nothing:
|
|
Domain 'Whonix-Gateway' destroyed
|
|
|
|
Domain 'Whonix-Workstation' destroyed
|
|
|
|
Domain 'Whonix-Gateway' has been undefined
|
|
|
|
Domain 'Whonix-Workstation' has been undefined
|
|
|
|
Network Whonix-External destroyed
|
|
|
|
Network Whonix-Internal destroyed
|
|
|
|
Network Whonix-External has been undefined
|
|
|
|
error: failed to get network 'Whonix-External'
|
|
error: Network not found: no network with matching name 'Whonix-External'
|
|
|
|
Network Whonix-External defined from Whonix_external_network-16.0.9.0.xml
|
|
|
|
error: Failed to define network from Whonix_internal_network-16.0.9.0.xml
|
|
|
|
Network Whonix-External marked as autostarted
|
|
|
|
Network Whonix-External started
|
|
|
|
Network Whonix-Internal marked as autostarted
|
|
|
|
Network Whonix-Internal started
|
|
|
|
Domain 'Whonix-Gateway' defined from Whonix-Gateway-XFCE-16.0.9.0.xml
|
|
|
|
Domain 'Whonix-Workstation' defined from Whonix-Workstation-XFCE-16.0.9.0.xml
|
|
|
|
</code></pre>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="cisb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|