You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jahway603 6a766c77e8 added Rock64 and USB hard drive booting note 2 years ago
files Upload files to 'files' 2 years ago
LICENSE Initial commit 3 years ago
README.md added Rock64 and USB hard drive booting note 2 years ago

README.md

Hush to every home

The idea is to get rid of both hardware and software backdoors, install all necessary tools on a Pi 4 and sell it as a plug-and-play device. Including shipping cost the total estimated price is 200 USD, HUSH only. If you have your Raspberry Pi 4, Pine64 Rock64, or Pine64 ROCKPro64 already you can just follow the guide.

  • Raspberry Pi 4 model b with 4GB of RAM device will be used in order to avoid Intel ME and AMD PSP.
    • If you require AES hardware, which most users will not, then make sure you use a Pine64 board.
  • Devuan GNU+Linux will be installed, a fork of Debian without systemd, but sysvinit or openrc, runit, sinit and 66-devuan.
  • For private transaction and communication Hush cryptocurrency and HushChat were chosen to fulfill this task.
  • To start using HushChat right away a privkey for 0.5 HUSH will be provided.
  • To ensure that nobody is spying on us the Tor network will be utilized, KAX17 is 💩.
  • Operations Security (OPSEC) book will be provided to know the best practices on how to use the Internet safely. 😎
HushChat HushBox

Devuan GNU+Linux

Download the latest image and its hash from arm-files.devuan.org

curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip --output devuan.zip 
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip.sha256sum --output devuan.zip.sha256sum 

Verify the integrity of the file by comparing the hash value.

cat devuan.zip.sha256
sha256sum devuan.zip
unzip devuan.zip

MicroSD card is needed to image the file, change 5.10.82-v8-ext4-2021-12-05 and mmcblk1 to whatever you have, use ls and lsblk to check it.

sudo umount /dev/mmcblk1
sudo mkfs.vfat /dev/mmcblk1
sudo dd if=rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.img of=/dev/mmcblk1 

Once you powered up your device with devuan as your username and toor as your password we may want to change the password with passwd, then we want to install the desktop environment, XFCE in this case.

sudo apt-get install xfce4-panel xfdesktop4 xfwm4 xfce4-settings xfce4-session xfce4-terminal xfce4-appfinder xfce4-power-manager thunar ristretto cinnabar-icon-theme thunar-volman gvfs policykit-1 slim 

Run update-alternatives to set the x-session-manager to xfce4-session.

sudo update-alternatives --config x-session-manager

Start XFCE, you run it only once.

startxfce4

If you're using USB tethering or you don't have an easy access to the Ethernet you need to uncomment the following strings with sudo vim /etc/network/interfaces and add auto usb0 to enable Mobile tether:

### Mobile tether
auto usb0
allow-hotplug usb0
iface usb0 inet dhcp

Compile Qt 5.15.2 from source, based on compile-qt5.md

Remove & purge all Qt packages

sudo apt -y remove qt5* libqt5* qtcreator && sudo autoremove

Download Qt 5.15.2 Source to qt5-sources folder

mkdir qt5-sources && cd qt5-sources && mkdir build-shadow
wget https://download.qt.io/official_releases/qt/5.15/5.15.2/single/qt-everywhere-src-5.15.2.tar.xz

Verify MD5 hash, should be e1447db4f06c841d8947f0a6ce83a7b5

md5sum qt-everywhere-src-5.15.2.tar.xz

Un-tar Qt5 archive & move into build-shadow directory to configure your Qt 5.15.2

tar xf qt-everywhere-src-5.15.2.tar.xz
cd build-shadow

Install Qt5 Minimal Dependencies

sudo apt update
sudo apt install build-essential libfontconfig1-dev libdbus-1-dev libfreetype6-dev libicu-dev libinput-dev libxkbcommon-dev libsqlite3-dev libssl-dev libpng-dev libjpeg-dev libglib2.0-dev

(Optional) Install VC4 Drivers for RPi 4 type devices (i.e. cortex-a53 & cortex-a72)

sudo apt install libgles2-mesa-dev libgbm-dev libdrm-dev

Install X11 Support Dependencies

sudo apt install libx11-dev libxcb1-dev  libxext-dev libxi-dev libxcomposite-dev libxcursor-dev libxtst-dev libxrandr-dev libfontconfig1-dev libfreetype6-dev libx11-xcb-dev libxext-dev libxfixes-dev libxi-dev libxrender-dev libxcb1-dev  libxcb-glx0-dev  libxcb-keysyms1-dev libxcb-image0-dev  libxcb-shm0-dev libxcb-icccm4-dev libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev  libxcb-randr0-dev  libxcb-render-util0-dev  libxcb-util0-dev  libxcb-xinerama0-dev  libxcb-xkb-dev libxkbcommon-dev libxkbcommon-x11-dev

Configure Qt 5.15.2

../qt-everywhere-src-5.15.2/configure -v -bundled-xcb-xinput -opensource -confirm-license -release -ssl -glib -no-feature-geoservices_mapboxgl -qt-pcre -nomake examples -no-compile-examples -nomake tests -reduce-exports -system-freetype -fontconfig -qpa xcb

Make the configuration (-j 4 is number of cpus you want to use)

make -j 4

Install Qt5 into: (default) /usr/local/

sudo make install

Update profile to know where Qt5.15.2 bins are

nano ~/.bashrc

Add this at the bottom of your .bashrc file.

# set PATH for Qt 5.15.2
export PATH="/usr/local/Qt-5.15.2/bin:$PATH"

Reload your ~/.bashrc file & create a new shell window.

source ~/.bashrc
exit

Verify Qt 5.15.2 has been installed

qmake --version
QMake version 3.1
Using Qt version 5.15.2 in /usr/local/Qt-5.15.2/lib

HushChat

To use HushChat we need to install SilentDragonLite first.

git clone https://git.hush.is/hush/SilentDragonLite.git
cd SilentDragonLite/util
./install.sh

Tor

Install tor and enable it by default.

sudo apt install tor torsocks

Check if Tor is running, should be [ ok ] tor is running.

sudo service tor status

Use the Tor network by default for shell commands.
You will see Tor mode activated. Every command will be torified for this shell.

source torsocks on

To enable torsocks or all new shell sessions and after reboot, use the following command:

echo ". torsocks on" >> ~/.bashrc

Additional notes

Here is an additional note for any of the Extreme Hush Puppies out there.

  • Substitute the microSD for a real USB hard drive as the Raspberry Pi 4 8GB model supports booting directly off USB. If you're using a Pine64 Rock64 board, then it gets more complicated and requires you to flash some new firmware to enable USB boot.