44a0 Telecomix Ciphersystem MARK II - Telecomix Crypto Munitions Bureau

Telecomix Ciphersystem MARK II

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

Description: A mountable file system that contains an operating system (linux?) and all the programs needed for normal average day usage. It did not work out very well with the .ISO files that could run directly on computers, as most laptops have wireless cards that had no support in Linux.

Proposed roadmap

  1. Make iptables work with TOR, so that it is impossible (unless one is root) to communicate with the outside world without routing it through TOR. Tutorial available here.
  2. Test if we can find any hardware "emulator" that works nicely on most computers. Candidates are:
    • User Mode Linux (Linux guest on linux host)
    • QEMU (Works at most operating systems. Not sure how fast it runs.)
    • Virtualbox is quite fast, cross-platform and mostly free. It is very user-friendly and has a large userbase.
  3. Build a file system containing an operating system with iptables and TOR preconfigured, together will all the other programs needed.
  4. Fill the zip-file with random propaganda :)
  5. Make it provide X and some window manager, and make it easy for the user to use it.
  6. Provide everything as a zip or tar.gz with scripts for automatically booting it up. The user should just need to double-click on some icon.
  7. If one unpacks the files from the zip and puts them on a USB stick, gnutiken could sell them.

When new software comes, we just update the entire filesystem or rebuild it from scratch. This will eat some resources so it would be nice if a tutorial for doing everything also came with the zip- or tar.gz-file.

Project status: Started.

[edit] Tutorial

Everything below is a tutorial on how to build Telecomix Ciphersystem MARK II.

[edit] Get QEMU

Select one of the following:

  • Use your default package manager to install QEMU.
  • Download, compile and install. Source is here.

[edit] Install debian

If you do not wish to repeat these steps, you can download a debian lenny image for the amd64 architecture here. All passwords are "cipherdeck" (for the hard disc encryption, the root user and the anonymous user). You will need to change that before you do something else. Please also note that the cipherdeck has not been configured yet, its just a minimal debian install on it.

Create a file for containing the cipherdeck. 1GB is perhaps enough?

qemu-img create cipherdeck.img 1G

Get a debian ISO for network install. For performance reasons, you should select the same architecture as the one your real computer has. mini.iso is available for i386 and amd64. Just click one of the links and download it somewhere.

Then run the installation:

i386

qemu -cdrom mini.iso -hda cipherdeck.img -boot d

x86-64 (amd64)

qemu-system-x86-64 -cdrom mini.iso -hda cipherdeck.img -boot d

Connect to the qemu guest system by some means. If you have compiled qemu from source it will by default create a VNC server listening on 127.0.0.1:5900. Connect to it with gvncviewer or some other program. (# gvncviewer 127.0.0.1)

Follow the installation process. All network traffic from the guest will by default be NATed via qemu (so you do not have to change your iptables settings.)

Suggestions:

  • Lie to debian and tell it that you live in another country, default to Sweden if you can not decide.
  • Encrypt the partitions. If you do it yourself it will not default to erasing all data on the partitions and you will save a lot of space :)
    • One very small /boot partition, unencrypted. (It needs to be unencrypted as it is not possible to boot into encrypted randomness.)
    • One large encrypted partition, for /
Personal tools
0