onryo
3ddb2cb342
|
2 years ago | |
---|---|---|
files | 2 years ago | |
LICENSE | 3 years ago | |
README.md | 2 years ago |
README.md
HushBox
The idea is to get rid of both hardware and software backdoors, install all necessary tools on a Pi 4 and sell it as a plug-and-play device. Including shipping cost the total estimated price is 200 USD, we accept HUSH only. If you have your Raspberry Pi 4 or Pine64 ROCKPro64 already you can just follow the guide, if you require AES hardware, which most users will not, then make sure you use a Pine64 board.
- Raspberry Pi 4 model b with 4GB of RAM will be used in order to avoid Intel ME and AMD PSP.
- Devuan GNU+Linux will be installed, a fork of Debian without systemd, but sysvinit or openrc, runit, sinit and 66-devuan.
- For private transaction and communication Hush cryptocurrency and HushChat were chosen to fulfill this task.
- Hush full node software will be installed along with SDL and HushChat. (in progress)
- HUSH coins will be provided to start using HushChat right away.
- To ensure that nobody is spying on us the Tor network will be utilized. (in progress)
- Operations Security (OPSEC) book will be provided to know the best practices on how to use the Internet safely. (in progress)
HushChat | HushBox |
---|---|
Devuan GNU+Linux
Download the latest image and its hash from arm-files.devuan.org
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip --output devuan.zip
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip.sha256sum --output devuan.zip.sha256sum
Verify the integrity of the file by comparing the hash value.
cat devuan.zip.sha256
sha256sum devuan.zip
unzip devuan.zip
MicroSD card is needed to image the file, change 5.10.82-v8-ext4-2021-12-05
and mmcblk1
to whatever you have, use ls
and lsblk
to check it. Unmount SD card and if it has more than one partition, you will need to unmount each partition.
- Substitute the microSD for a real USB hard drive as the Raspberry Pi 4 8GB model supports booting directly off USB. If you're using a Pine64 Rock64 board, then it gets more complicated and requires you to flash some new firmware to enable USB boot.
sudo umount /dev/mmcblk1
sudo dd if=rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.img of=/dev/mmcblk1
Once you powered up your device with devuan
as your username and devuan
as your password we may want to change the password for devuan
and root
with passwd
, toor
is a default pass for root
, then install the desktop environment, XFCE in this case.
sudo apt-get install xfce4-panel xfdesktop4 xfwm4 xfce4-settings xfce4-session xfce4-terminal xfce4-appfinder xfce4-power-manager thunar ristretto blackbird-gtk-theme papirus-icon-theme slim xinit firefox-esr fonts-liberation webext-ublock-origin -y
(Optional) Install the e-mail application, password manager and screenshot software.
sudo apt install thunderbird keepassxc flameshot -y
(Optional) Install the necessary packages to support auto-mounting of drives.
sudo apt-get install thunar-volman gvfs policykit-1 -y
Run update-alternatives to set the x-session-manager to xfce4-session.
sudo update-alternatives --config x-session-manager
Start XFCE, you run it only once.
startxfce4
(Optional) If you're using USB tethering or you don't have an easy access to the Ethernet you need to uncomment the following strings with sudo vim /etc/network/interfaces
to enable Mobile tether:
### Mobile tether
allow-hotplug usb0
iface usb0 inet dhcp
Compile Qt 5.15.2 from source
Remove & purge all Qt packages
sudo apt -y remove qt5* libqt5* qtcreator && sudo apt autoremove -y
Download Qt 5.15.2 Source to qt5-sources folder
mkdir qt5-sources && cd qt5-sources && mkdir build-shadow
wget https://download.qt.io/official_releases/qt/5.15/5.15.2/single/qt-everywhere-src-5.15.2.tar.xz
Verify MD5 hash, should be e1447db4f06c841d8947f0a6ce83a7b5
md5sum qt-everywhere-src-5.15.2.tar.xz
Un-tar Qt5 archive & move into build-shadow directory to configure your Qt 5.15.2
tar xf qt-everywhere-src-5.15.2.tar.xz
cd build-shadow
Install Qt5 Minimal Dependencies
sudo apt update
sudo apt install build-essential libfontconfig1-dev libdbus-1-dev libfreetype6-dev libicu-dev libinput-dev libxkbcommon-dev libsqlite3-dev libssl-dev libpng-dev libjpeg-dev libglib2.0-dev -y
(Optional) Install VC4 Drivers for RPi 4 type devices (i.e. cortex-a53 & cortex-a72)
sudo apt install libgles2-mesa-dev libgbm-dev libdrm-dev -y
Install X11 Support Dependencies
sudo apt install libx11-dev libxcb1-dev libxext-dev libxi-dev libxcomposite-dev libxcursor-dev libxtst-dev libxrandr-dev libfontconfig1-dev libfreetype6-dev libx11-xcb-dev libxext-dev libxfixes-dev libxi-dev libxrender-dev libxcb1-dev libxcb-glx0-dev libxcb-keysyms1-dev libxcb-image0-dev libxcb-shm0-dev libxcb-icccm4-dev libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev libxcb-randr0-dev libxcb-render-util0-dev libxcb-util0-dev libxcb-xinerama0-dev libxcb-xkb-dev libxkbcommon-dev libxkbcommon-x11-dev -y
Configure Qt 5.15.2
../qt-everywhere-src-5.15.2/configure -v -bundled-xcb-xinput -opensource -confirm-license -release -ssl -glib -no-feature-geoservices_mapboxgl -qt-pcre -nomake examples -no-compile-examples -nomake tests -reduce-exports -system-freetype -fontconfig -qpa xcb
Make the configuration (-j 4
is number of cpus you want to use)
make -j 4
Install Qt5 into: (default) /usr/local/
sudo make install
Update profile to know where Qt5.15.2 bins are
nano ~/.bashrc
Add this at the bottom of your .bashrc file.
# set PATH for Qt 5.15.2
export PATH="/usr/local/Qt-5.15.2/bin:$PATH"
Reload your ~/.bashrc file & create a new shell window.
source ~/.bashrc
exit
Verify Qt 5.15.2 has been installed
qmake --version
QMake version 3.1
Using Qt version 5.15.2 in /usr/local/Qt-5.15.2/lib
HushChat
To use HushChat we need to install Rust first.
curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh -s -- -y && exit
Then SilentDragonLite and HushChat.
git clone https://git.hush.is/hush/SilentDragonLite.git
cd SilentDragonLite/
./build.sh linguist && ./build.sh
Tor
Install tor
and enable it by default.
sudo apt install tor torsocks -y
Check if Tor is running, should be [ ok ] tor is running.
sudo service tor status
Use the Tor network by default for shell commands.
You will see Tor mode activated. Every command will be torified for this shell.
source torsocks on
To enable torsocks
or all new shell sessions and after reboot, use the following command:
echo ". torsocks on" >> ~/.bashrc