jahway603
6a766c77e8
|
2 years ago | |
---|---|---|
files | 2 years ago | |
LICENSE | 3 years ago | |
README.md | 2 years ago |
README.md
Hush to every home
The idea is to get rid of both hardware and software backdoors, install all necessary tools on a Pi 4 and sell it as a plug-and-play device. Including shipping cost the total estimated price is 200 USD, HUSH only. If you have your Raspberry Pi 4, Pine64 Rock64, or Pine64 ROCKPro64 already you can just follow the guide.
- Raspberry Pi 4 model b with 4GB of RAM device will be used in order to avoid Intel ME and AMD PSP.
- If you require AES hardware, which most users will not, then make sure you use a Pine64 board.
- Devuan GNU+Linux will be installed, a fork of Debian without systemd, but sysvinit or openrc, runit, sinit and 66-devuan.
- For private transaction and communication Hush cryptocurrency and HushChat were chosen to fulfill this task.
- To start using HushChat right away a privkey for 0.5 HUSH will be provided.
- To ensure that nobody is spying on us the Tor network will be utilized, KAX17 is 💩.
- Operations Security (OPSEC) book will be provided to know the best practices on how to use the Internet safely. 😎
HushChat | HushBox |
---|---|
Devuan GNU+Linux
Download the latest image and its hash from arm-files.devuan.org
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip --output devuan.zip
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip.sha256sum --output devuan.zip.sha256sum
Verify the integrity of the file by comparing the hash value.
cat devuan.zip.sha256
sha256sum devuan.zip
unzip devuan.zip
MicroSD card is needed to image the file, change 5.10.82-v8-ext4-2021-12-05
and mmcblk1
to whatever you have, use ls
and lsblk
to check it.
sudo umount /dev/mmcblk1
sudo mkfs.vfat /dev/mmcblk1
sudo dd if=rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.img of=/dev/mmcblk1
Once you powered up your device with devuan
as your username and toor
as your password we may want to change the password with passwd
, then we want to install the desktop environment, XFCE in this case.
sudo apt-get install xfce4-panel xfdesktop4 xfwm4 xfce4-settings xfce4-session xfce4-terminal xfce4-appfinder xfce4-power-manager thunar ristretto cinnabar-icon-theme thunar-volman gvfs policykit-1 slim
Run update-alternatives to set the x-session-manager to xfce4-session.
sudo update-alternatives --config x-session-manager
Start XFCE, you run it only once.
startxfce4
If you're using USB tethering or you don't have an easy access to the Ethernet you need to uncomment the following strings with sudo vim /etc/network/interfaces
and add auto usb0
to enable Mobile tether:
### Mobile tether
auto usb0
allow-hotplug usb0
iface usb0 inet dhcp
Compile Qt 5.15.2 from source, based on compile-qt5.md
Remove & purge all Qt packages
sudo apt -y remove qt5* libqt5* qtcreator && sudo autoremove
Download Qt 5.15.2 Source to qt5-sources folder
mkdir qt5-sources && cd qt5-sources && mkdir build-shadow
wget https://download.qt.io/official_releases/qt/5.15/5.15.2/single/qt-everywhere-src-5.15.2.tar.xz
Verify MD5 hash, should be e1447db4f06c841d8947f0a6ce83a7b5
md5sum qt-everywhere-src-5.15.2.tar.xz
Un-tar Qt5 archive & move into build-shadow directory to configure your Qt 5.15.2
tar xf qt-everywhere-src-5.15.2.tar.xz
cd build-shadow
Install Qt5 Minimal Dependencies
sudo apt update
sudo apt install build-essential libfontconfig1-dev libdbus-1-dev libfreetype6-dev libicu-dev libinput-dev libxkbcommon-dev libsqlite3-dev libssl-dev libpng-dev libjpeg-dev libglib2.0-dev
(Optional) Install VC4 Drivers for RPi 4 type devices (i.e. cortex-a53 & cortex-a72)
sudo apt install libgles2-mesa-dev libgbm-dev libdrm-dev
Install X11 Support Dependencies
sudo apt install libx11-dev libxcb1-dev libxext-dev libxi-dev libxcomposite-dev libxcursor-dev libxtst-dev libxrandr-dev libfontconfig1-dev libfreetype6-dev libx11-xcb-dev libxext-dev libxfixes-dev libxi-dev libxrender-dev libxcb1-dev libxcb-glx0-dev libxcb-keysyms1-dev libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev libxcb-randr0-dev libxcb-render-util0-dev libxcb-util0-dev libxcb-xinerama0-dev libxcb-xkb-dev libxkbcommon-dev libxkbcommon-x11-dev
Configure Qt 5.15.2
../qt-everywhere-src-5.15.2/configure -v -bundled-xcb-xinput -opensource -confirm-license -release -ssl -glib -no-feature-geoservices_mapboxgl -qt-pcre -nomake examples -no-compile-examples -nomake tests -reduce-exports -system-freetype -fontconfig -qpa xcb
Make the configuration (-j 4
is number of cpus you want to use)
make -j 4
Install Qt5 into: (default) /usr/local/
sudo make install
Update profile to know where Qt5.15.2 bins are
nano ~/.bashrc
Add this at the bottom of your .bashrc file.
# set PATH for Qt 5.15.2
export PATH="/usr/local/Qt-5.15.2/bin:$PATH"
Reload your ~/.bashrc file & create a new shell window.
source ~/.bashrc
exit
Verify Qt 5.15.2 has been installed
qmake --version
QMake version 3.1
Using Qt version 5.15.2 in /usr/local/Qt-5.15.2/lib
HushChat
To use HushChat we need to install SilentDragonLite first.
git clone https://git.hush.is/hush/SilentDragonLite.git
cd SilentDragonLite/util
./install.sh
Tor
Install tor
and enable it by default.
sudo apt install tor torsocks
Check if Tor is running, should be [ ok ] tor is running.
sudo service tor status
Use the Tor network by default for shell commands.
You will see Tor mode activated. Every command will be torified for this shell.
source torsocks on
To enable torsocks
or all new shell sessions and after reboot, use the following command:
echo ". torsocks on" >> ~/.bashrc
Additional notes
Here is an additional note for any of the Extreme Hush Puppies out there.
- Substitute the microSD for a real USB hard drive as the Raspberry Pi 4 8GB model supports booting directly off USB. If you're using a Pine64 Rock64 board, then it gets more complicated and requires you to flash some new firmware to enable USB boot.