onryo
/
hush-box
1
0
Fork 1
Code Issues 3 Pull Requests Projects Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 Commits
1 Branch
3 Tags
7.1 MiB
 
Tag: v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v1.0'
${ noResults }
onryo 443884e0ed
Update 'README.md' 		2 years ago
files Delete 'files/HushBox_03.jpg' 2 years ago
LICENSE Initial commit 3 years ago
README.md Update 'README.md' 2 years ago

README.md

HushBox

The idea is to get rid of both hardware and software backdoors, install all necessary tools on a Pi 4 and sell it as a plug-and-play device. Including shipping cost the total estimated price is 200 USD, we accept HUSH only. If you have your Raspberry Pi 4 or Pine64 ROCKPro64 already you can just follow the guide, if you require AES hardware, which most users will not, then make sure you use a Pine64 board.

  • Raspberry Pi 4 model b with 4GB of RAM will be used in order to avoid Intel ME and AMD PSP.
  • Devuan GNU+Linux will be installed, a fork of Debian without systemd, but sysvinit or openrc, runit, sinit and 66-devuan.
  • For private transaction and communication Hush cryptocurrency and HushChat were chosen to fulfill this task.
  • Hush full node software will be installed along with SDL and HushChat. (in progress)
  • HUSH coins will be provided to start using HushChat right away.
  • To ensure that nobody is spying on us the Tor network will be utilized. (in progress)
  • Operations Security (OPSEC) book will be provided to know the best practices on how to use the Internet safely. (in progress)
HushBox v1.0 SDL v1.5.2 with HushChat

Devuan GNU+Linux

Download the latest image and its hash from arm-files.devuan.org

curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip --output devuan.zip 
curl https://arm-files.devuan.org/RaspberryPi%20Latest%20Builds/rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.zip.sha256sum --output devuan.zip.sha256sum

Verify the integrity of the file by comparing the hash value.

cat devuan.zip.sha256
sha256sum devuan.zip
unzip devuan.zip

MicroSD card is needed to image the file, change 5.10.82-v8-ext4-2021-12-05 and mmcblk1 to whatever you have, use ls and lsblk to check it. Unmount SD card and if it has more than one partition, you will need to unmount each partition.

  • Substitute the microSD for a real USB hard drive as the Raspberry Pi 4 8GB model supports booting directly off USB. If you're using a Pine64 Rock64 board, then it gets more complicated and requires you to flash some new firmware to enable USB boot.
sudo umount /dev/mmcblk1
sudo dd if=rpi-4-devuan-beowulf-5.10.82-v8-ext4-2021-12-05.img of=/dev/mmcblk1

Once you powered up your device with devuan as your username and devuan as your password we may want to change the password for devuan and root with passwd, toor is a default pass for root, then install the desktop environment, XFCE in this case.

sudo apt-get install xfce4-panel xfdesktop4 xfwm4 xfce4-settings xfce4-session xfce4-terminal xfce4-appfinder xfce4-power-manager thunar ristretto blackbird-gtk-theme papirus-icon-theme slim xinit firefox-esr fonts-liberation webext-ublock-origin -y

(Optional) Install the e-mail application, password manager and screenshot software.

sudo apt install thunderbird keepassxc flameshot -y

(Optional) Install the necessary packages to support auto-mounting of drives.

sudo apt-get install thunar-volman gvfs policykit-1 -y

Run update-alternatives to set the x-session-manager to xfce4-session.

sudo update-alternatives --config x-session-manager

Start XFCE, you run it only once.

startxfce4

(Optional) If you're using USB tethering or you don't have an easy access to the Ethernet you need to uncomment the following strings with sudo vim /etc/network/interfaces to enable Mobile tether:

### Mobile tether
allow-hotplug usb0
iface usb0 inet dhcp

Notes

xfce4-terminal --hide-menubar --hide-scrollbar --hide-toolbar

Compile Qt 5.15.2 from source

Remove & purge all Qt packages

sudo apt -y remove qt5* libqt5* qtcreator && sudo apt autoremove -y

Download Qt 5.15.2 Source to qt5-sources folder

mkdir qt5-sources && cd qt5-sources && mkdir build-shadow
wget https://download.qt.io/official_releases/qt/5.15/5.15.2/single/qt-everywhere-src-5.15.2.tar.xz

Verify MD5 hash, should be e1447db4f06c841d8947f0a6ce83a7b5

md5sum qt-everywhere-src-5.15.2.tar.xz

Un-tar Qt5 archive & move into build-shadow directory to configure your Qt 5.15.2

tar xf qt-everywhere-src-5.15.2.tar.xz
cd build-shadow

Install Qt5 Minimal Dependencies

sudo apt update
sudo apt install build-essential libfontconfig1-dev libdbus-1-dev libfreetype6-dev libicu-dev libinput-dev libxkbcommon-dev libsqlite3-dev libssl-dev libpng-dev libjpeg-dev libglib2.0-dev -y

(Optional) Install VC4 Drivers for RPi 4 type devices (i.e. cortex-a53 & cortex-a72)

sudo apt install libgles2-mesa-dev libgbm-dev libdrm-dev -y

Install X11 Support Dependencies

sudo apt install libx11-dev libxcb1-dev  libxext-dev libxi-dev libxcomposite-dev libxcursor-dev libxtst-dev libxrandr-dev libfontconfig1-dev libfreetype6-dev libx11-xcb-dev libxext-dev libxfixes-dev libxi-dev libxrender-dev libxcb1-dev  libxcb-glx0-dev  libxcb-keysyms1-dev libxcb-image0-dev  libxcb-shm0-dev libxcb-icccm4-dev libxcb-sync-dev libxcb-xfixes0-dev libxcb-shape0-dev  libxcb-randr0-dev  libxcb-render-util0-dev  libxcb-util0-dev  libxcb-xinerama0-dev  libxcb-xkb-dev libxkbcommon-dev libxkbcommon-x11-dev -y

Configure Qt 5.15.2

../qt-everywhere-src-5.15.2/configure -v -bundled-xcb-xinput -opensource -confirm-license -release -ssl -glib -no-feature-geoservices_mapboxgl -qt-pcre -nomake examples -no-compile-examples -nomake tests -reduce-exports -system-freetype -fontconfig -qpa xcb

Make the configuration (-j 4 is number of cpus you want to use)

make -j 4

Install Qt5 into: (default) /usr/local/

sudo make install

Update profile to know where Qt5.15.2 bins are

nano ~/.bashrc

Add this at the bottom of your .bashrc file.

# set PATH for Qt 5.15.2
export PATH="/usr/local/Qt-5.15.2/bin:$PATH"

Reload your ~/.bashrc file & create a new shell window.

source ~/.bashrc
exit

Verify Qt 5.15.2 has been installed

qmake --version
QMake version 3.1
Using Qt version 5.15.2 in /usr/local/Qt-5.15.2/lib

HushChat

To use HushChat we need to install Rust first.

curl --proto '=https' --tlsv1.3 -sSf https://sh.rustup.rs | sh -s -- -y && exit

Then SilentDragonLite and HushChat.

git clone https://git.hush.is/hush/SilentDragonLite.git
cd SilentDragonLite/
./build.sh linguist && ./build.sh

Tor

Install tor and enable it by default.

sudo apt install tor torsocks -y

Check if Tor is running, should be [ ok ] tor is running.

sudo service tor status

Use the Tor network by default for shell commands.
You will see Tor mode activated. Every command will be torified for this shell.

source torsocks on

To enable torsocks or all new shell sessions and after reboot, use the following command:

echo ". torsocks on" >> ~/.bashrc