Category: Hardware

I recently explored setting up an OnionPi to be a dedicated device for browsing .onion sites and obfuscating the source IP address. Just to say it, you don’t have to be doing ‘criminal’ stuff to be using tor. I just wanted to get that out there and encourage more people to explore the ‘darknet’ / ‘deepweb’ / etc. I followed an Adafruit guide on setting up my OnionPi. I will describe more about the device, how it functions and some extra feedback, relating to the guide on installation.

Presuming you have a Raspberry Pi and supported Wireless adapter, you will be plugging in a wired internet cable to your Pi, that will share the onion-routed internet connection over wireless. Once you complete the configuration and install steps, your Pi will be ready to route your wireless traffic over TOR.
If you are more curious about tor and what it is about, checkout https://torproject.org/.

The guide I worked from is this link on AdaFruit. The kicker here, is that you really need your Wireless setup for the Tor install process to work and for the Tor service to work properly. So really, You want to start with installing WiFi and DHCP support.
Before you start, be sure to set a custom password for root and pi accounts on your Raspbian (or whatever you choose) OS.

I did not run the installation script, since I figured it would be easier to troubleshoot if I manually ran each step / configuration command. Besides I got to learn in the process of manually following along, so win bonus.

Once you setup your WiFi Access Point, go for the Tor install and configuration. Once done, fire up the service and check your internet-facing IP (WhatisMyIP or any similar site will do). You will also know you are on Tor, because CAPTCHA prompts will be more common in your browsing.
A fun little fact I noticed, is to browse .onion pages, you still want to have the Tor Browser installed. Any other browser will still benefit from an obfuscated IP Address, but you will get an error trying to browse to .onion sites.

One of the main benefits of setting up a hardware-based Tor device, is you can connect whatever wireless enabled device you wish to it. There have been many write-ups and conversations about the Tor Browser alone, being vulnerable to leaking data… especially if your connection is not fully-routed through an onion router. Not to say using an onion router is 100% untraceable, but every little bit helps.

Extra notes, that really apply to any web browsing, is to install add-blocking plugins. Advertising has been a known attack vector for years now and it only becomes more common. Visitors to this site may be aware of my lack of love for online advertising. Different strokes for different folks and all of that.

To conclude this post, I also want to mention Tails. This is a USB based operating system that is very handy in browsing tor, especially on the go. If you want to use your own OS and applications on the tor network, that is where the extra work of setting up an OnionPi (Raspberry Pi Device with Tor installed) is helpful to you.

This thread will be a collection of resources on how to use encryption, tool use suggestions and where possible, usage explanations.

I’m fine with reading technical documents, however I also value time and the ability to convey a point, without a huge time investment. The easier and more clearly encryption can be used, the better everyone will be.
Be it an individual or some sort of state agency / boogeyperson, more layers and protections are a good thing. Having protections does not make one a criminal, either.

CryptSetup LUKS guide. There are command syntax examples and console response dialogs.

Cryptsetup is nice, as it also handles mounting of drives and partitions. If you are unable to mount a drive, you will likely need to install cryptsetup. This should also work to mount any TAILS persistent volumes you have setup.
For more info on DM-Crypt (cryptsetup), the Arch wiki is a great resource.

Samples of flow (1st link)
01 step: install cryptsetup (dm-crypt)
02 step: confirm your drive target and valid partition (gparted or parted to get your /dev/(drive))
03 step: initialize your drive

# cryptsetup -y -v luksFormat /dev/xvdc

(This is setting up your passcode to access drive)
04 step:

# cryptsetup luksOpen /dev/xvdc backup2

(Mounts newly configured drive)
05 step: format the LUKS partiton (needless to say, you really want to have the correct drive or you have lost data on the drive you are using)

# dd if=/dev/zero of=/dev/mapper/backup2

(This will take quite some time. Let the cursor do it’s work, check your hdd led to confirm activity)

Howdy. My latest adventure is setting up a HP ProLiant ML150 Server with Windows Server 2012. I keep forgetting how I get workable USB install media, so I am making a guide to that effect.

Starting off, there used to be a MS ISO to USB Making Tool, however it fails to make the USB stick from the .iso with an nondescript message. So to make a working, UEFI compliant boot USB stick, we are going to format is as FAT32. This is very similar to setting up a Raspberry Pi SD card as well. However using a Windows Install CD and Win32DiskImager does not work, so to get it working:

• Open Command Prompt in elevated mode (Run as Administrator)
• Type diskpart and press Enter
• Type list disk and press Enter. Note the list of existing disks.
• Insert the USB Disk.
• Type list disk and press enter again. Note the new disk showed up which is our USB disk. I assume the new disk is 2 for example purpose.
• Type select disk X where X is your USB disk. E.g., select disk 2. Press Enter.
• Type clean and press enter.
• Type create partition primary and press enter to create primary partition 1.
• Type select partition 1 and press enter.
• Type active and press enter to make the partition 1 active
• Type format fs=fat32 quick (Or use the Right-Click step to quick format).
• Exit diskpart.
• (or instead of format in diskpart) Right-Click the drive in (My) Computer and do a Quick Format to FAT32.(Otherwise it will not UEFI Boot, only legacy boot)
• Extract the contents of the .iso and copy them to the root of the USB stick (Use 7zip or Winrar like archiver tools)

Re-written steps thanks to the following guide. I use quick format, as a full format on multiple GB drives, takes quite a long time for no real good reason.

Without over-complicating why you want UEFI for more recent device boot options, you will have a worse time trying to legacy boot an install on a UEFI BIOS enabled system. Thus installing from UEFI media works the best to avoid issues. Luckily Kali and Ubuntu work out the gate with UEFI, so long as you boot the CD Drive / USB as a UEFI target. This allowed me to remove Windows 8.1 from a 2 in 1 tablet and make a Kali / Ubuntu multi-boot instead.