linux_airgaped Posted June 27, 2015 Share Posted June 27, 2015 I am looking for a portable pocket sized computer I can run Linux on. x86/64 preferred but ARM would do fine. Something like the old UMPC's would be cool basically what I am trying to do is build a portable and airgapped password manager and GPG workstation. The device should not have 3G or cellular. I would be fine if a there was even just a tablet smaller than 6inches. I need to carry this around all the time and be able to run debian. Any ideas? Quote Link to comment Share on other sites More sharing options...
i8igmac Posted June 28, 2015 Share Posted June 28, 2015 Nexus, I guess run kali out of the box... Quote Link to comment Share on other sites More sharing options...
digip Posted June 28, 2015 Share Posted June 28, 2015 smallest x86 is probably an intel nuc, but for linux and arm, a cubox, or beaglbone black would work. http://www.solid-run.com/ Quote Link to comment Share on other sites More sharing options...
cooper Posted June 28, 2015 Share Posted June 28, 2015 Actually, given what you want to do with it you should have a look at the USB Armory. Quote Link to comment Share on other sites More sharing options...
metatron Posted June 28, 2015 Share Posted June 28, 2015 You could buy an old Zipit z2 or Nokia N810, you also have the Panasonic Toughbook CF-U1 and Sony VGN UX50. Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted June 28, 2015 Author Share Posted June 28, 2015 Nexus, I guess run kali out of the box... Won't work. I want to turn it into an airgapped device - having a 3G Modem would be the opposite of that. smallest x86 is probably an intel nuc, but for linux and arm, a cubox, or beaglbone black would work. http://www.solid-run.com/ Looks interesting I will take a look. Would I be able to attach a display so I could us it on the go? Actually, given what you want to do with it you should have a look at the USB Armory. So let me make sure I am understanding this correctly. The USB Armory connects to the computer and presents itself as an ethernet device which allows me to SSH into it and go from there? So in theory I could run debian and store keepassx and GPG keys on it? Then without the SSH keys their is no way to access the data right? IF thats the case than that is awesome and would solve the problem. I could connect it to my laptop and be able to SSH to access my passwords while keeping the data secure. I wonder if it would be possible to install debian with Full Disk encryption. You could buy an old Zipit z2 or Nokia N810, you also have the Panasonic Toughbook CF-U1 and Sony VGN UX50. I have a zipit but it broke and there aren't really any recent distros for it, I mean it wouldn't be hard to get a new version of Arch or debian to work. Those UMPC always cost an arm and a leg these days or I would buy one. Thanks for the tips so far I will look into them :) Quote Link to comment Share on other sites More sharing options...
digip Posted June 28, 2015 Share Posted June 28, 2015 (edited) The cubox-i has an HDMI port on it, so yes, you can do video, if you have an HDMI screen. If you set it up ahead of time, you can go without a screen after booting one and remote into it. Here is one that someone used on a touchscreen with android(as well as a few other linux distros) - Edited June 28, 2015 by digip Quote Link to comment Share on other sites More sharing options...
overwraith Posted June 28, 2015 Share Posted June 28, 2015 Does the raspberry pi get no love at all? It actually has mini peripherals you can plug into GPIO, etc. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 28, 2015 Share Posted June 28, 2015 So let me make sure I am understanding this correctly. The USB Armory connects to the computer and presents itself as an ethernet device which allows me to SSH into it and go from there? So in theory I could run debian and store keepassx and GPG keys on it? Then without the SSH keys their is no way to access the data right? IF thats the case than that is awesome and would solve the problem. I could connect it to my laptop and be able to SSH to access my passwords while keeping the data secure. I wonder if it would be possible to install debian with Full Disk encryption. That and more. If you combine a USB hub with a USB display and a USB keyboard, the USB Armory becomes a standalone PC. The real magic of the USB Armory is ARM TrustZone. It's on there and waiting for you. Think of it as a secure virtual machine running on the USB Armory's Linux OS. I've got one myself and I haven't so much as scratched the surface on what this thing can do, but just looking at the stuff it provides you just can't help but be amazed. For example, since it's effectively a PC you're connecting to your PC that exposes itself to your PC via a USB ethernet adapter the USB Armory can run a scan on the machine you've inserted it to and, based on what it finds, can expose different services. Your USB Armory could SSH into your own PC and if that works kick in additional services for you to make use of, including running the command for mounting the encrypted partition on your harddrive and providing it with the key to do so. I haven't seen this done before and I'm sure there are many caveats to this scenario, but the bottom line is that the Armory is effectively a standalone PC that you plug into your PC to power it. After that there's a network connection between the two and you can have each approach the other in whatever way you see fit. Hell, you could have the Armory completely format itself if the host PC doesn't look like the device you expect (like SSHing into the host PC using certs fails). No officer, there's nothing on here. Really. Quote Link to comment Share on other sites More sharing options...
shamwow Posted June 29, 2015 Share Posted June 29, 2015 asus eeepc 900 Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted June 29, 2015 Author Share Posted June 29, 2015 The cubox-i has an HDMI port on it, so yes, you can do video, if you have an HDMI screen. If you set it up ahead of time, you can go without a screen after booting one and remote into it. Here is one that someone used on a touchscreen with android(as well as a few other linux distros) - Looks a little too big with the screen added on. Maybe if I setup so I don't need a screen. Does the raspberry pi get no love at all? It actually has mini peripherals you can plug into GPIO, etc. I have several Pis. When I tried this in the past I ran into issues (SDCards corrupted lost passwords). Also too big once you add a screen.. That and more. If you combine a USB hub with a USB display and a USB keyboard, the USB Armory becomes a standalone PC. The real magic of the USB Armory is ARM TrustZone. It's on there and waiting for you. Think of it as a secure virtual machine running on the USB Armory's Linux OS. I've got one myself and I haven't so much as scratched the surface on what this thing can do, but just looking at the stuff it provides you just can't help but be amazed. For example, since it's effectively a PC you're connecting to your PC that exposes itself to your PC via a USB ethernet adapter the USB Armory can run a scan on the machine you've inserted it to and, based on what it finds, can expose different services. Your USB Armory could SSH into your own PC and if that works kick in additional services for you to make use of, including running the command for mounting the encrypted partition on your harddrive and providing it with the key to do so. I haven't seen this done before and I'm sure there are many caveats to this scenario, but the bottom line is that the Armory is effectively a standalone PC that you plug into your PC to power it. After that there's a network connection between the two and you can have each approach the other in whatever way you see fit. Hell, you could have the Armory completely format itself if the host PC doesn't look like the device you expect (like SSHing into the host PC using certs fails). No officer, there's nothing on here. Really. That is awesome. Only question I have now is about SSH. So I really like the idea of detecting if its plugged into MY computer or not and to wipe if its not. But is there another way I can detect my laptop without have services running on it? I don't really want SSH running on my laptop - I know SSH is secure but just in the off chance plus I don't want to increase my attack surface. I suppose I could make it work in a way that if I don't ssh in within 'X' number of min after connecting it would wipe itself. I just watched the video on it and it looks amazing. asus eeepc 900 Too big. I need something that can fit in my pocket. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 29, 2015 Share Posted June 29, 2015 Just get one of those cheap ass Android tablets and disable WiFi and Bluetooth. You could also go with one of the old sharp zaurus c-3000's. They can run Debian. Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted June 30, 2015 Author Share Posted June 30, 2015 Just get one of those cheap ass Android tablets and disable WiFi and Bluetooth. You could also go with one of the old sharp zaurus c-3000's. They can run Debian. Binary blobs will still be there. No way to certain WiFi and Bluetooth don't get turned on by accident either. If they aren't there to start with they can't be enabled by accident or otherwise. Also android. I want Debian or another real linux distro. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 30, 2015 Share Posted June 30, 2015 You don't need SSH. It's a separate, autonomous computer that has network access to the machine you attached it to. You can script something on the Armory to identify by whatever means you're comfortable with your host machine. Hell, you could have it sit there passively but when you connect to a specific sequence of ports on the Armory it somehow exposes something that would otherwise remain invisible. It begs repeating: It's a separate, autonomous computer with ARM TrustZone capabilities. It will do anything you, the owner, tells it to. Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted June 30, 2015 Author Share Posted June 30, 2015 You don't need SSH. It's a separate, autonomous computer that has network access to the machine you attached it to. You can script something on the Armory to identify by whatever means you're comfortable with your host machine. Hell, you could have it sit there passively but when you connect to a specific sequence of ports on the Armory it somehow exposes something that would otherwise remain invisible. It begs repeating: It's a separate, autonomous computer with ARM TrustZone capabilities. It will do anything you, the owner, tells it to. Thanks! I ordered two of them. They look super cool and I think it solves my needs perfectly. :) I will figure out some cool way to have a "Self-destruct" as that would prevent my passwords and GPG keys from being compromised. Maybe just a simple dead-man's switch where if I don't log into it over SSH once every 15 days it wipes on next boot up. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 1, 2015 Share Posted July 1, 2015 Whatever you decide to make of it, please let me know either directly or via this forum. I'm quite interested to hear all about it. Quote Link to comment Share on other sites More sharing options...
Dec100 Posted July 1, 2015 Share Posted July 1, 2015 I'm interested to hear what you do with it too, though I think it's a lot of work just to hide your Justin Bieber music collection from your wife. Incidentally, is the storage on-board flash, or does it have to use a microSD card? I'm thinking about your comments on the Raspberry Pi cards getting corrupted. Quote Link to comment Share on other sites More sharing options...
Rkiver Posted July 1, 2015 Share Posted July 1, 2015 I've got a USB Armory thanks to Cooper, and while I am in the middle of moving I haven't had time to look into what to do with it much, but damn I am thinking all sort of fun things, especially if I can integrate it with a Pineapple. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 1, 2015 Share Posted July 1, 2015 (edited) I'm interested to hear what you do with it too, though I think it's a lot of work just to hide your Justin Bieber music collection from your wife. Incidentally, is the storage on-board flash, or does it have to use a microSD card? I'm thinking about your comments on the Raspberry Pi cards getting corrupted. I'm sure it's a major blow to how you picture me, but sadly I've never been married - kicked out the most recent serious girlie 18 months ago. It has both, sorta. You're expected to boot from an inserted microSD card, but there is some form or programmable ROM on there that you can use as a keystore to TrustZone so that when you insert the appropriately an SD card with an appropriately signed bootloader, things do what you expect them to... Or something. Secure booting isn't very well explained to me so far. Read this for some (but not very USB Armory-specific) nitty gritty on how the process works. From what I can tell right now there isn't any flash on board and you're required to insert a microSD card with an appropriate image on there to get it to do anything. And PS: It wasn't 'Raspberry Pi cards' getting corrupted, but microSD cards in general have a limited lifespan based on quality. And I bought a box of really low size and undoubtedly piss-poor quality microSD cards for my cluster project. For sure I can throw a couple away. Also, I had some issues with the Pineapple not handling certain microSD cards very well, specifically dealing with multiple concurrent accesses tends to be poorly handled by many cards as well as controllers. Once the data is on there and the thing still works, chances are it'll keep working for at least the foreseeable future. Edited July 1, 2015 by Cooper Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 1, 2015 Share Posted July 1, 2015 (edited) I think 32 GB is the max SD card a raspberry pi can handle, but make sure you check that stat. I do know that a 64 was too big. Also flash memory has some problems. There are wear leveling algorithms and stuff, but there is only a finite number of writes that the SD cards support. Also, I have bought some crappy SD cards before, you kinda get what you pay for in this situation. Edited July 1, 2015 by overwraith Quote Link to comment Share on other sites More sharing options...
Dec100 Posted July 2, 2015 Share Posted July 2, 2015 It does sound cool - I can see uses as a password/data manager or a portable pen-test/troubleshooting kit. Definitely interested to hear what people do with them. Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted July 3, 2015 Author Share Posted July 3, 2015 Whatever you decide to make of it, please let me know either directly or via this forum. I'm quite interested to hear all about it. I will for sure! :) I think 32 GB is the max SD card a raspberry pi can handle, but make sure you check that stat. I do know that a 64 was too big. Also flash memory has some problems. There are wear leveling algorithms and stuff, but there is only a finite number of writes that the SD cards support. Also, I have bought some crappy SD cards before, you kinda get what you pay for in this situation. 128GB works. At least in the Pi B and B+ that I have sitting here. Haven't tried it in the A+ I have though. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 3, 2015 Share Posted July 3, 2015 Heh. Kali has an image for it. https://www.offensive-security.com/kali-linux-vmware-arm-image-download/ Quote Link to comment Share on other sites More sharing options...
overwraith Posted July 3, 2015 Share Posted July 3, 2015 128GB works. At least in the Pi B and B+ that I have sitting here. Haven't tried it in the A+ I have though. Perhaps it's OS specific, which version are you using? Quote Link to comment Share on other sites More sharing options...
linux_airgaped Posted July 7, 2015 Author Share Posted July 7, 2015 Perhaps it's OS specific, which version are you using? I have used Rasbian and Ubuntu Mate. Arch wouldn't boot not sure why. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.