Jump to content

Recommended Posts

Posted (edited)

I have used Rasbian and Ubuntu Mate. Arch wouldn't boot not sure why.

Was it the ARM based version, or x86 build? Try http://archlinuxarm.org/

Edited by digip
Posted

It was the Raspberry Pi image. It boots fine on a smaller sdcard, just won't boot on my 128GB

What kind of drive is it? Is it an external USB hdd? Best bet would be boot off the smaller media with the larger drive as persistent storage. I know windows doesn't like removable media for native installs but Linux shouldn't have any issues unless it cant be seen as a boot device.
  • 6 months later...
Posted

I just got a usb armory yesterday. I was intending on using it for bitcoin wallet and possibly the tor router. I've seen some other interesting projects I could use it for and found this thread when I tried searching here to see what had been done with it in the hak5 space. Do y'all have any updates on what you are using yours for or ended up using yours for or if you don't use it anymore?

Posted

Im also very interested in the USB Armory, I dont want to pull the trigger on getting one as im still messing around with the raspberry pi zero and still learning everything about the NANO.

I just got a usb armory yesterday. I was intending on using it for bitcoin wallet and possibly the tor router. I've seen some other interesting projects I could use it for and found this thread when I tried searching here to see what had been done with it in the hak5 space. Do y'all have any updates on what you are using yours for or ended up using yours for or if you don't use it anymore?

The Tor Router is what im interested in. Something smaller than the Raspberry pi zero that can do the same thing would be great.

Posted

Something smaller than the Raspberry pi zero that can do the same thing would be great.

This is basically exactly what it is, with additional security features like the TrustZone.

I can think of a ton of useful scenarios for it's usage. I just need to expand my knowledge base to be able to do or even test any of them :)

Posted

Mine's been collecting dust, sadly, because I'm too busy with other projects. Specifically, I've been really busy putting together video rigs and taking them to security conferences to record them, then see what I can improve in the workflow to make things less time-consuming.

Posted

Patrick and Shannon were talking about this earlier on twitter, seems the best way to go for a tor router for size and price

https://www.anonabox.com/

Posted

Mine's been collecting dust, sadly, because I'm too busy with other projects

No worries, I'll post what I come up with for mine once I really get into it.

That looks interesting, a nice turn key solution. The usbarmory is smaller, but would be for one system at a time unless you set it up in the stand alone setup. Still nice find thanks for posting it!

Posted

Start reading here for a 2014 discussion on the anonabox.

Basically, if you want all your traffic to flow through tor, feel free to go this route. If you want to be anonymous while on the internet, you've got another thing coming.

Posted

Start reading here for a 2014 discussion on the anonabox.

Basically, if you want all your traffic to flow through tor, feel free to go this route. If you want to be anonymous while on the internet, you've got another thing coming.

Nice, i was a little concerned by it's heavy use of popular phrases on it's site and no real info about how it all actually worked and what was going on with the actual connection and data. Looking through google results more now (like the second page results) they took a lot of heat for their kickstarter (which got suspended) and their parts being cheap chinese junk.

Posted

we are all creatures of habit.

I check my facebook

I check hak5

I check thehacker news

I check kickasstorrent

I check my email

These kinds of patterns are identifiable, every search i made on amazon, youtube, google are all identifiable...

I guess I'm just agreeing with Cooper but pointing out the ability to identify the habit of the creature

Posted

we are all creatures of habit.

I check my facebook

I check hak5

I check thehacker news

I check kickasstorrent

I check my email

These kinds of patterns are identifiable, every search i made on amazon, youtube, google are all identifiable...

I guess I'm just agreeing with Cooper but pointing out the ability to identify the habit of the creature

It just takes practice, dedication and imagination to maintain privacy. It's by no means a simple task but it can be done and you normally only want to stay private for specific scenarios. The nice thing about pushing your stuff through tor in general is it gives you a encrypted tunnel to use, but you can always layer that to increase your anonymity.

That's one of the reasons I was going to setup the usb armory with the tor routing option because i could get an encrypted line of traffic going out from my system over a public wifi or something of the like. I was also hoping on getting the x window push to be able to open a chrome window with everything already synced/stored so I don't have to enter passwords if I'm using a non-maintained computer host. I'm not sure how well that will work out but I'm thinking it will be cool. My biggest concern with it will be the administration permissions I think i'll need to do the ICS, but we'll see how testing goes with it once i get to that point.

I also like their encrypted vault accessed over http which wouldn't need the ICS but i'm not sure about the functions i would use that for yet. Sure i'll be able to come up with something if nothing else learning more about linux encrypted partion setup will be fun :)

Posted

because i could get an encrypted line of traffic going out from my system over a public wifi or something of the like.

You should simply install VPN service like libreswan on your home router and connect home over that if this is all you need. It'll be faster, at least as secure and you'll be in full control.

I was also hoping on getting the x window push to be able to open a chrome window with everything already synced/stored so I don't have to enter passwords if I'm using a non-maintained computer host.

I hope you realize the irony here. With this you're now already saying you want to sacrifice security for convenience. Security is a layering process, and you're asking for the removal of a layer. That didn't take long, did it?

Posted

Let me preface this by saying 1. the usb armory is just a fun toy to play around, learn with, and eventually store my bitcoin wallet securely on 2. i have no real need for the type privacy or security which we're talking about here, so I'm really only trying to learn and have discussions about these topics because they are a hobbyist level interests of mine

You should simply install VPN service like libreswan on your home router and connect home over that if this is all you need. It'll be faster, at least as secure and you'll be in full control.

I know I'm just theorizing interesting uses I can come up with for the usb armory, if I was concerned about concealment of my identify I'd be fine with going slower. I haven't heard of libreswan before, it looks interesting and could be nice for such a case though so thanks for pointing it out.

I hope you realize the irony here. With this you're now already saying you want to sacrifice security for convenience. Security is a layering process, and you're asking for the removal of a layer. That didn't take long, did it?

For this one my intention was mainly being able to get around possible key loggers on suspect computers I may use the armory with. With a keylogger getting keystrokes, screenshots and the clipboard this was the only route I could think to avoid those items while still being able to access the accounts and information I would need. The connection from the armory out to the internet would be using encryption (possibly a vpn from the armory as well as ssl on the sites themselves). The only information the keylogger could get would be the password to get into the armory, my user names and any information I viewed at during those times. I'd change the password on the armory after using it in such a situation. My usernames would have strong passwords which I wouldn't have to type in because they would be synced. The information i viewed would be kept limited as possible to accomplish the task at hand keeping in mind that any information visible has the possibility of being leaked. Is that not a possibly good use for the usb armory? Are there weaknesses to having the passwords synced via google if the database files are not accessible to the host computer and encrypted in transit over the shared internet connection? Or is pushing an x window from the armory not like what I'm thinking where it would be kinda like a specific vnc style single window connection? I haven't done any of it yet so I'm really not sure how that works out, I just saw it was an option for the bitcoin wallet suggested on the armory page.

Since we've also hijacked this thread for security/privacy discussion as well, do you mind giving your opinion on any holes that may be in these two methods of trying to be anonymous? I feel that they would both be possible and provide a high level of anonymity and security.

1. Using one VPN service with a tor enabled ssh tunnel into my VPS then using a second VPN service from the VPS to go out through Tor and then using my, purely created on that last out connection, imaginary persona which has no types, references, similar colloquialism or even language to my actual persona. All having been paid for with bitcoin wallets created by other other imaginary personas on a different but similar out connection which are funded by mining done through a 3rd VPN service which my actual persona paid for but the location of which has been researched and verified that laws are in place so that my identify won't be revealed to the countries which are of consequence to me if the mining activities are traced back to that IP (all research for that having been done under a separate out and imaginary persona)

2. Driving a few hours away to park a fair distance away from a random library and then using a yagi directional antenna to connect to the public wifi with a tails non-persistent boot session. Again using an identity that is imaginary and no ties to your actual identity. Also keeping in mind you don't have your cell phone (or any other electronic tracking item) on you or only having a burner that was purchased through a trusted third party or with prepaid CC several months in advance in a location where you are sure there is as little security surveillance as possible. Don't use gps to get there or use a disposable one like the on the burner phone. Using an older model vehicle that has been swept for tracking devices. And being sure to pick a library in a small town where security surveillance would be at a minimal at best.

Again I have no actual need for this nor can I imagine having to need to go to such lengths. I'm just interested in the topic and discussion/learning from it.

Posted

Imagine the following:

1 USB Armory

1 USB monitor

1 USB mouse

1 USB keyboard

1 USB network adapter (wifi/ethernet/whatever)

1 5-port powered USB hub

If you plug all the USB devices into the hub, you now have a working pc. And since you brought all the hardware, there's nothing to install a keylogger on.

The problem is you seem to think that so long as the window of opportunity is small (between fist login and moment you're home to reset the password) you'll be golden. You're not. This time must be 0 or you're insecure. It's as simple as that. People can trace your credentials, log in in tandem with you to your system and your account on the server you log in to has now been compromised until you a) reset the password and b) kill any pre-existing and authenticated network connections (and that's assuming the machine itself wasn't rooted during this time frame.

Basically, if you don't trust the machine, you don't use it.

On to your methods.

1. VPNs have 2 possible purposes - to hide your real IP from the server you're connecting to and to encrypt your traffic such that your own ISP can't listen in but can still see the traffic and know when you communicated with the VPN server. The ISP knows who you are so if the VPS is discovered, a quick subpoena for a traffic log is all the government needs to find you. For normal people, it would require a hack of the VPN server to uncover your IP so in most scenarios just VPN-ing to your VPS suffices. TOR is slightly different in that it has a large, international network of machines via which you get into the network so the whole government subpoena thing becomes much, much harder. TOR itself can be quite easily seen as a variation of a VPN, with the main difference being that no one system can see who's connecting to who. I suppose the rest should work.

2. The problem with a low-traffic source like a library out in the sticks is that there's so little traffic on it your use of it is going to be incredibly noticeable. True, there might not be much in typical surveillance going on (logfile inspection and the like) but if there is it will flag you disgustingly quickly.

For some tips on staying hidden, with a base scenario of "I want to plant an exfiltration device, grab the data and disappear without leaving a trace", check out this topic.

Posted

If you plug all the USB devices into the hub, you now have a working pc. And since you brought all the hardware, there's nothing to install a keylogger on.

This is true, but I was hoping to be able to use it in some fashion as secure option that just fit in the 5th pocket of a pair of jeans. I guess that's not really what it's designed for in usage. I'm not really sure I understand the whole concept with the Trusted zone stuff honestly.

The problem is you seem to think that so long as the window of opportunity is small (between fist login and moment you're home to reset the password) you'll be golden. You're not. This time must be 0 or you're insecure. It's as simple as that. People can trace your credentials, log in in tandem with you to your system and your account on the server you log in to has now been compromised until you a) reset the password and b) kill any pre-existing and authenticated network connections (and that's assuming the machine itself wasn't rooted during this time frame.

Excellent point I wasn't considering the logger or the system being monitored in real time while I use the device in that scenario. Assuming they also have remote connection to the system they could just log in while I'm on I suppose. Is there possibly ways to limit the connection of the device to only a single instance? For ssh is really my question. I believe you can do that for VNC style connections, but even so I guess the OS/apps in use would need to be hardened and verified to prevent attacks while it's connected. The window I was thinking would be limited to just the time it was plugged into that specific machine, between the time I unplug it and connect it again somewhere I know to be secure wouldn't count. But realistically I wouldn't think it has to be necessarily 0 for the time frame window, it does take time to recon and perform attacks (maybe I'm wrong in this?)

1. VPNs have 2 possible purposes - to hide your real IP from the server you're connecting to and to encrypt your traffic such that your own ISP can't listen in but can still see the traffic and know when you communicated with the VPN server. The ISP knows who you are so if the VPS is discovered, a quick subpoena for a traffic log is all the government needs to find you. For normal people, it would require a hack of the VPN server to uncover your IP so in most scenarios just VPN-ing to your VPS suffices. TOR is slightly different in that it has a large, international network of machines via which you get into the network so the whole government subpoena thing becomes much, much harder. TOR itself can be quite easily seen as a variation of a VPN, with the main difference being that no one system can see who's connecting to who. I suppose the rest should work.

Traffic log from the VPS would be coming through a Tor address the connection to Tor would be going to the VPN. I was leaning on the fact that you want to make it difficult to track back to yourself as the source so the more jumps between and subpoenas (possibly in multiple countries) that would have to be filled would deter it if the VPS was discovered which again would have it's own VPN connection also going out through Tor. So from the end point where true activity source may want to be determined it would be about 10 hops (assuming Tor is routing through 3 different systems) on it's connection back to me.

2. The problem with a low-traffic source like a library out in the sticks is that there's so little traffic on it your use of it is going to be incredibly noticeable. True, there might not be much in typical surveillance going on (logfile inspection and the like) but if there is it will flag you disgustingly quickly.

Very true, maybe a slightly larger town would be worth the extra trouble avoiding outside surveillance (thinking like traffic, atm, store cameras and such that could identify you being in the area). Being targeted on the network I wouldn't think would be that big of an issue if you are at a location that is a good distance from the actual wifi point in use. I suppose using another venue like starbucks/mcD's or something of the like would be an option as well as possibly there are still open wifi points in apartment complexes at times still too. My key point on that one was being far enough away from the access point by using a directional antenna that you wouldn't be suspected as being the one in question of those activities.

For some tips on staying hidden, with a base scenario of "I want to plant an exfiltration device, grab the data and disappear without leaving a trace", check out this topic.

I've remember reading that one back when I first joined this forum. You probably noted that "prepaid CC several months in advance" was something you mentioned in that topic.:) You have great responses and very well thought out points. That's partly why I'm interested in hearing your responses on these topics and especially about any other uses for the usb armory you may be able to recommend trying.

Posted

Let's start with showing this because I think it's really awesome.

Restricting access to a single session can probably be achieved with settings like these but I would say this is not the answer. What you want is either one time passwords or 2FA. That way a keylogger can discover something but that something would be completely useless the second the system accepts the answer.

The amount of hops makes it next to impossible to trace you through the TOR network so to the best of my knowledge it simply isn't even attempted. Instead, they somehow discover it might be you and do a correlation attack - when our intel puts you behind the PC we see activity from user 'YOLOMoFo' and pretty much the second you disconnect the activity also stops. We see this pattern over the course of several days, making it very likely you and 'YOLOMoFo' are the same person. They'd have to find you before they can do this, though. This is done via old-fashioned doxing. The problem is that eventually you're going to slip up and the internet never forgets. So once it's out there your only recourse is to start over from absolute scratch. Since the subpoena thing isn't being done, there's no difference between 3 and 10 hops, other than things being even slower than they already are.

Having distance between you and the AP can prevent you from being discovered at the location of the AP, but generally speaking the further away you are, the bigger the antenna and the more likely it'll be that you'll stay put as you're doing your thing. If you look out of place where you are when you're doing your thing you will get noticed and possibly even remembered. I mean, how often do you go for a walk in the park and see someone sitting on a bench with his laptop connected to a 4ft black plastic pipe on a tripod? In our modern society people will instantly call the cops on you since that pipe is obviously the barrel to a gun aimed at the local library, YOU MUSSIE TERRORIST SCUMBAG!

Posted

That wifi adapter does look pretty sweet! Wonder how long until they have it in production.

I remember a hak.5 episode where they did 2-factor auth for ssh, I was thinking that would be a good option to implement.

Yup, correlation attacks is what I was thinking would be helped by having the separate vpns on either side of the vps. The vpns and the vps wouldn't have any traceable connection back to me as far as purchases and signup information. I would probably also make the connect to the vps at a public wifi to further distance myself from it. Understandable on the making a slip up at some point but I would hope that if I am going through all of this trouble I would be very meticulous about my actions getting to the connection and while I'm using it.

Of course I would be dressed in a business suit attire with a briefcase, a bag lunch and my antenna discreetly hidden in a large bouquet of roses. If I was approached by anyone I would casually mention that I'm trying to finish up a presentation for my boss on my lunch break because it's my 10 year anniversary tonight and I want to be able to focus completely on my loving wife. :)

Posted

While plausible it's also uncommon meaning you're now memorable. What could work is if you were able to hide your antenna inside the briefcase which is either directly next to you on the bench or on your lap on top of which you've placed the laptop. Makes for a better posture, allows better ventilation of the laptop (since the feet keep it off the surface below), is more comfortable since you don't have an appliance trying to scorch your pants and makes sense as an anti-theft measure. Having a wire run from the laptop into the briefcase can be hidden, but it's probably better to just put a small router (Pineapple Nano) inside the briefcase and then have your laptop connect to it to via its weak internal wifi - the very short difference should ensure excellent signal strength, and people around you won't be able to tell you have a massive biquad yagi attached as the second antenna on the router inside the briefcase, aimed at the local library.

Your next worry is shoulder surfing so you'll want one of those polarized screen sheets that only allow the image on the screen to be seen when you're pretty much directly in front of it. This should be fairly cheap.

The problem with a VPS to thwart a correlation attack is that it doesn't work. The delay between your actions and the actions seen on the outside is higher, but it's still there. What would work is if you somehow program something within the VPS to do something on your behalf long after you've disconnected. That's trivial for non-interactive stuff (git commits, database edits, etc) but mostly impossible for interactive stuff (website interaction).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...