hush-box/README.md

# HushBox

The idea is to get rid of both hardware and software backdoors, install all necessary tools on a Pi 4 and sell it as a plug-and-play device. Including shipping cost the total estimated price is 200 USD, we accept HUSH only. 
If you have your [Raspberry Pi 4](https://www.raspberrypi.com/products/raspberry-pi-4-model-b) or [Pine64 ROCKPro64](https://pine64.com/product/rockpro64-4gb-single-board-computer) already you can just follow the guide, if you require AES hardware, which most users will not, then make sure you use a Pine64 board.

* [Raspberry Pi 4 model b](https://www.raspberrypi.com/products/raspberry-pi-4-model-b) with 4GB of RAM will be used in order to avoid Intel ME and AMD PSP.
* [Devuan GNU+Linux](https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds) will be installed, a fork of Debian without [systemd](https://ebin.city/~werwolf/posts/systemd-sucks), but [sysvinit](https://www.devuan.org/os/init-freedom) or openrc, runit, sinit and 66-devuan.
* For private transaction and communication [Hush](https://hush.land) cryptocurrency and [HushChat](https://git.hush.is/hush/hushchat) were chosen to fulfill this task.
* Hush full node [software](https://git.hush.is/hush/hush3) will be installed along with SDL and HushChat. *(in progress)*
* HUSH coins will be provided to start using HushChat right away.
* To ensure that nobody is spying on us the Tor network will be utilized. *(in progress)*
* Operations Security (OPSEC) book will be provided to know the best practices on how to use the Internet safely. *(in progress)*

HushChat                      |  HushBox
:----------------------------:|:----------------------------:
![](files/HushBox_02.png)     |  ![](files/HushBox_01.jpg)

# Devuan GNU+Linux

Download the latest image and its hash from [arm-files.devuan.org](https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds)

```
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip --output devuan.zip 
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip.sha256sum --output devuan.zip.sha256sum 
```
Verify the integrity of the file by comparing the hash value.

```
cat devuan.zip.sha256
sha256sum devuan.zip
unzip devuan.zip
```
MicroSD card is needed to image the file, change `5.10.82-v8-ext4-2021-12-05` and `mmcblk1` to whatever you have, use `ls` and `lsblk` to check it. Unmount SD card and if it has more than one partition, you will need to unmount each partition.

  * *Substitute the microSD for a real USB hard drive as the Raspberry Pi 4 8GB model supports booting directly off USB. If you're using a Pine64 Rock64 board, then it gets more complicated and requires you to flash some new firmware to enable USB boot.*

```
sudo umount /dev/mmcblk1
sudo dd if=rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.img of=/dev/mmcblk1 
```

Once you powered up your device with `devuan` as your username and `devuan` as your password we may want to change the password for `devuan` and `root` with `passwd`, `toor` is a default pass for `root`, then [install](https://www.devuan.org/os/documentation/dev1fanboy/en/minimal-xfce-install.html) the desktop environment, [XFCE](https://www.xfce.org/about) in this case.

```
sudo apt-get install xfce4-panel xfdesktop4 xfwm4 xfce4-settings xfce4-session xfce4-terminal xfce4-appfinder xfce4-power-manager thunar ristretto blackbird-gtk-theme papirus-icon-theme slim xinit firefox-esr fonts-liberation webext-ublock-origin -y 
```

(Optional) Install the e-mail application, password manager and screenshot software. 

```
sudo apt install thunderbird keepassxc flameshot -y 
```

(Optional) Install the necessary packages to support auto-mounting of drives.

```
sudo apt-get install thunar-volman gvfs policykit-1 -y 
```

Run update-alternatives to set the x-session-manager to xfce4-session.

```
sudo update-alternatives --config x-session-manager
```

Start XFCE, you run it only once.

```
startxfce4
```

(Optional) If you're using USB tethering or you don't have an easy access to the Ethernet you need to uncomment the following strings with `sudo vim /etc/network/interfaces` to enable Mobile tether:

```
### Mobile tether
allow-hotplug usb0
iface usb0 inet dhcp
```

# [Compile Qt 5.15.2](https://git.hush.is/jahway603/hush-docs/src/branch/master/advanced/compile-qt5-from-source.md) from source

Remove & purge all Qt packages
```
sudo apt -y remove qt5* libqt5* qtcreator && sudo apt autoremove -y 
```
Download Qt 5.15.2 Source to qt5-sources folder

```
mkdir qt5-sources && cd qt5-sources && mkdir build-shadow
wget https://download.qt.io/official_releases/qt/5.15/5.15.2/single/qt-everywhere-src-5.15.2.tar.xz
```

Verify MD5 hash, should be e1447db4f06c841d8947f0a6ce83a7b5

```
md5sum qt-everywhere-src-5.15.2.tar.xz
```

Un-tar Qt5 archive & move into build-shadow directory to configure your Qt 5.15.2

```
tar xf qt-everywhere-src-5.15.2.tar.xz
cd build-shadow
```

Install Qt5 Minimal Dependencies

```
sudo apt update
sudo apt install build-essential libfontconfig1-dev libdbus-1-dev libfreetype6-dev libicu-dev libinput-dev libxkbcommon-dev libsqlite3-dev libssl-dev libpng-dev libjpeg-dev libglib2.0-dev -y 
```

(Optional) Install VC4 Drivers for RPi 4 type devices (i.e. cortex-a53 & cortex-a72)

```
sudo apt install libgles2-mesa-dev libgbm-dev libdrm-dev -y
```

Install X11 Support Dependencies

```
sudo apt install libx11-dev libxcb1-dev  libxext-dev libxi-dev libxcomposite-dev libxcursor-dev libxtst-dev libxrandr-dev libfontconfig1-dev libfreetype6-dev libx11-xcb-dev libxext-dev libxfixes-dev libxi-dev libxrender-dev libxcb1-dev  libxcb-glx0-dev  libxcb-keysyms1-dev libxcb-image0-dev  libxcb-shm0-dev libxcb-icccm4-dev libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev  libxcb-randr0-dev  libxcb-render-util0-dev  libxcb-util0-dev  libxcb-xinerama0-dev  libxcb-xkb-dev libxkbcommon-dev libxkbcommon-x11-dev -y 
```

Configure Qt 5.15.2

```
../qt-everywhere-src-5.15.2/configure -v -bundled-xcb-xinput -opensource -confirm-license -release -ssl -glib -no-feature-geoservices_mapboxgl -qt-pcre -nomake examples -no-compile-examples -nomake tests -reduce-exports -system-freetype -fontconfig -qpa xcb 
```

Make the configuration (`-j 4` is number of cpus you want to use)

```
make -j 4
```

Install Qt5 into: (default) /usr/local/

```
sudo make install
```

Update profile to know where Qt5.15.2 bins are

```
nano ~/.bashrc
```

Add this at the bottom of your .bashrc file.

```
# set PATH for Qt 5.15.2
export PATH="/usr/local/Qt-5.15.2/bin:$PATH"
```

Reload your ~/.bashrc file & create a new shell window.

```
source ~/.bashrc
exit
```

Verify Qt 5.15.2 has been installed

```
qmake --version
QMake version 3.1
Using Qt version 5.15.2 in /usr/local/Qt-5.15.2/lib
```

# HushChat

To use HushChat we need to install Rust first.

```
curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh -s -- -y && exit
```

Then SilentDragonLite and HushChat.

```
git clone https://git.hush.is/hush/SilentDragonLite.git
cd SilentDragonLite/
./build.sh linguist && ./build.sh
```

![](files/startupGIF_02.png)

# Tor

Install `tor` and enable it by default.

```
sudo apt install tor torsocks -y
```

Check if Tor is running, should be `[ ok ] tor is running.`

```
sudo service tor status
```

Use the Tor network by default for shell commands.<br>
You will see `Tor mode activated. Every command will be torified for this shell.`

```
source torsocks on
```

To enable `torsocks` or all new shell sessions and after reboot, use the following command:

```
echo ". torsocks on" >> ~/.bashrc
```