
Show HN: HiddenVM – Use any desktop OS without leaving a trace - aforensics
https://github.com/aforensics/HiddenVM
======
Santosh83
Maybe good for hiding activity when you're already below the radar. If you're
a person of interest for a large enough state then they can and will use all
manner of dirty tactics to nail you and simply encrypting is not enough. You
will have to flee like Snowden did. And once they bring in legislation that
says a govt agent can ask for your decryption keys under reasonable doubt then
everyone is in soup since encrypted data is easy enough to detect as such. One
may have to shift to steganography of increasing sophistication. Basically
this fight has to be clinched politically. While technology can help it can't
ensure absolute privacy/security against an all-powerful state. The key
question is if a state should be all-powerful at all in the first place...

~~~
tuxxy
> everyone is in soup since encrypted data is easy enough to detect...

This is only half-true. Any secure encryption is going to result in ciphertext
that is indistinguishable from random data.

In cases where the ciphertext is designated by a header or file format, then
it's trivial to know that something is encrypted. Then there are cases where
we can try to forensically determine that there's encrypted data via the
existence of an encryption tool (e.g. VeraCrypt).

If you wipe a disk with random data, for example, then it would be relatively
difficult to determine whether or not the disk is encrypted (implying that
there are no headers on it). In fact, one method of wiping disks is to
generate a random encryption key and encrypt a stream from /dev/zero to fill
the disk ([https://wiki.archlinux.org/index.php/Dm-
crypt/Drive_preparat...](https://wiki.archlinux.org/index.php/Dm-
crypt/Drive_preparation#dm-crypt_specific_methods)).

This tool is making use of a VeraCrypt hidden volume which is a rather really
interesting application of plausible deniability in cryptography. Essentially,
this let's you have two volumes where both are encrypted, but each has a
different key. In this setup, you'd put some files on one of the volumes to
make it appear that it's your "used" volume. On the other "hidden" volume,
you'd place the real files you want to keep safe.

In a case where the government is demanding that you release your encryption
keys, you would give up the keys to the "fake" volume. Unless you divulge the
keys to the "real" volume, the attackers wouldn't necessarily know that it
exists.

Unless there's evidence of you using one (maybe chat logs or google searches
asking for help on using it, for example), there's no reason for anyone to
suspect you use it.

The VeraCrypt documentation explains the technical details
([https://www.veracrypt.fr/en/Hidden%20Volume.html](https://www.veracrypt.fr/en/Hidden%20Volume.html))
well enough.

~~~
ansible
> _This is only half-true. Any secure encryption is going to result in
> ciphertext that is indistinguishable from random data._

A new SSD with very little data in the filesystem isn't going to have many,
many sectors filled with random bytes. They're going to be blank instead.

A used drive will have free sectors (not used by the filesystem) containing
unencrypted contents of old files that have since been deleted or something.
This is also not random data. Chunks of movies, pictures, applications and
music will be identifiable, easily.

~~~
Piskvorrr
A previously-used disk, wiped to NIST standards, will be filled with random
data - that's exactly the point of the wipe.

~~~
ansible
> _A previously-used disk, wiped to NIST standards, will be filled with random
> data - that 's exactly the point of the wipe._

Yes, and that is suspicious. Random data is suspicious.

~~~
wpietri
Exactly. Something being suspicious is about small differences from what's
expected, differences that correlate with something bigger. Whether the disk
is full of random data because it's encrypted or because it was securely
wiped, either way it correlates with somebody having something they're working
to hide.

~~~
Piskvorrr
Or a second-hand computer: I do not wish to carry previous owner's use history
into my usage, and neither should anyone else. Do not conflate "unusual" with
"therefore hiding stuff", and don't even try "hiding stuff, therefore bad".

There are legitimate reasons for wiping data...can't believe we're having
_this_ discussion, _here_ of all places.

~~~
wpietri
I agree there are legitimate reasons for doing so. None of which will matter
to some official busybody rummaging through your drive. To them, a drive
filled with random noise (instead of, say, being zeroed out) is going to be
unusual in a way that correlates with bigger things they worry about. Or, in
short, suspicious.

------
6510
I forget where I hear it or if it was my own idea (the shame, I know, I know!)
but... cant you have an unknown number of username/password pairs that
decrypt/unpack the same chunk of data into different things? Say you have the
same OS 51 times, as clean installs the data shouldn't have to be all that
much larger than 1. You install some games on one, some office apps on the
next, put some downloaded movies on the 3rd. You could give them "all" 50
passwords and they could never find OS nr 51.

~~~
jetrink
It's not possible to encrypt 51GB of real-world data in 1GB space for the same
reason that compression algorithms can't achieve 51x compression ratios. Given
that, such a scheme presents some challenges if you want to maintain
plausibility. Either,

1\. Each filesystem lives within an allocated area and knows not to overwrite
its neighbors' data.

2\. Some filesystems (the real ones) are privileged and know their actual
allocated area. Others (the decoys) think they own areas of the storage volume
that contain hidden data and therefore have the potential to overwrite the
hidden filesystems if they are written to.

In the case of (1), you need to be able to explain why your computer has
unallocated areas filled with pseudorandom data. That is never going to pass
the plausibility test, imo.

In the case of (2), a lot of effort needs to be put into making the decoys
look normal while not letting them overwrite the hidden data. There are a
number of strategies you could use here that would work, but it will never be
as convenient or simple as dual-booting and the more convenient you try to
make it, the less innocent a hard drive will appear under close inspection.

~~~
cheztir
I think the original commenter was going for an encrypted copy-on-write setup,
not some magical compressed fs. Just a base image (eg 50GB) with various
encrypted delta images (1GB each) that are assigned to each user.

------
bluesign
Safest way is to hack the SSD/HDD firmware, make it report its size half.
Depending on some condition, make it use the selected half. (ex: some byte in
first sector, some ATA command)

~~~
threatofrain
Any entity big enough to seize your laptop for analysis is also going to be
able to look up the specification for any particular part in your laptop, and
eventually this portion of the cat and mouse game will end.

~~~
Someone1234
That's predicated on an all knowing adversary with unlimited time and budget.
In other words it is a largely fictional problem.

Most of the people we're talking about just run off the shelf forensics
software and have minimum actual expertise (the government doesn't pay well
enough for legitimate experts doing it by hand).

But then again, very few people are crazy enough to modify computer hardware
to protect their information. So both sides of this coin might be largely
fictional.

~~~
threatofrain
Are most people getting their laptops seized?

~~~
Someone1234
A international borders? It isn't at all uncommon. I've had my electronics
searched before.

~~~
jedieaston
Out of curiosity, if you’re comfortable saying, what country was it and were
you a citizen there?

I’m always curious what the breakdown is.

------
louwrentius
I wonder if it isn't easier to buy a laptop with two drives. Install a regular
OS on the first, hide the second in the BIOS and nobody will notice.

The people doing the cloning / data theft would have to know about your
particular model. Obviously, you encrypt the second drive, that in itself
contains a hidden partition in case they do discover it.

~~~
raxxorrax
The project here is quite neat. But I wonder if your idea would also work and
ask myself how competent the forensic teams of airport security really are. Or
even if they are, they certainly don't have a lot of time per device.

IT specialists are expensive and it would be shame if we waste that on
something benign as airport security which was mainly established by paranoia
and the wish to save face.

An what exactly are they targeting? Are they looking for
howToBlowUpAnAirplane.txt? Just some industrial espionage? Just some display
of authority? I don't really get what would prompt these measures.

Was there ever anything they found on a device someone took on a plane?

~~~
IanSanders
>An what exactly are they targeting?

journalists, I heard

~~~
raxxorrax
That doesn't seem it would increase airport security too much.

~~~
wpietri
But it definitely increases the security of the people who control airport
security.

------
lovetocode
So does Tails run as the root OS but displays a separate OS in a VM? For
example, does it look like your booting into Windows when really it’s just a
VM inside Linux? If so, does that Windows VM or whatever it is you choose act
like what is essentially a read only OS?

~~~
aforensics
Yes and yes. No, the VM is not read-only. (But you can run a VM as read-only.)

~~~
lovetocode
Interesting, thank you for sharing.

------
aforensics
Hello HN,

We're finally sharing our github with the world. This post is the first
announcement of our project apart from our thus-far non-populated subreddit.
No one's discovered us yet. We've only told one person in the world before
right now. We're new to developing and we're very humble and willing to learn,
so any suggestions and help is welcome.

What we aren't as humble about is the potential we think this application has.
HiddenVM allows full-scale anti-forensic use of any desktop OS. (No longer
just Tails.) If you place your installed files inside good deniable encryption
like VeraCrypt, it means that no digital trace of your chosen OS is left on
your hard drive or can be forensically proven to exist. That is significant.

There are many reasons why you may want to use HiddenVM. Some use cases
include:

\- You're a spy protecting national security and you need to leave no digital
trace on the hard drive of the computer you just used.

\- Law enforcement agents conducting sensitive investigations.

\- Diplomats, politicians, and military personnel.

\- Whistle-blowers needing to safely carry their information in any situation.

\- Activists, dissidents, political asylum seekers, and journalists in need of
stronger protection of their information from corrupt governments when their
equipment is forcibly seized. (We know that the risk of the rubber hose
remains a complex problem and limitation of encryption.) Now that you can use
Windows once you set it up inside Tails, keeping your data private could
become easier for you.

Border agents forcibly invade our privacy and potentially steal our secrets
with no respect to who we are or what our rights are. We need tech solutions
to protect our data. More use cases include:

\- Lawyers carrying sensitive client information.

\- People in business protecting their IP or trade secrets.

\- Tactics in fighting against corporate espionage. It could be expensive or
impossible to sue for someone's unlawful intrusion into your data. Easier to
technologically prevent them in the first place.

\- Protect your basic privacy and dignity for any of the one thousand other
reasons why privacy matters.

\- You travel a lot and you want to use Windows/macOS/Linux in a way that
prevents malware code from being forcibly installed inside your operating
system simply because you entered a country.

\- Digital currency: store a more private Bitcoin wallet. Secure your assets
against unwanted and unwarranted access. When data literally is money you have
a lot to lose.

\- Domestic violence victims, and people in other dangerous situations in
life.

Data privacy is a human right. If you don't want someone searching your naked
body and violating your dignity in that way, why should your data be any
different? Airport border agents not only perform a full digital strip search,
but they're also potentially stealing your data or implanting spyware and
malware without you knowing. It is a devastating act.

Using Tails should never be reason to suspect you are a criminal or a spy. It
also protects basic data privacy and democracy. Tails should become a standard
USB that anyone who values their digital safety carries around in their
briefcase, bag, purse or wallet. We hope our application increases the size of
the Tails user base.

Thank you for your interest. We invite you to rip apart our assertions and
code (but with courtesy), try out HiddenVM, and contribute to our project.

Sincerely, aforensics

~~~
jcahill
Copy notes:

1\. Pictures.

> What we aren't as humble about is the potential we think this application
> has.

So you're not humble? Ditch the marketing goofiness. You think it has major
potential. Be humble or don't. It's inessential to conveying what HiddenVM is.

> Like Tor, Tails, or Whonix, HiddenVM can be used for bad purposes

Unnecessary. You're already on the back foot.

> \- You're a spy

This isn't a normatively 'good' reason.

> Activists, dissidents, political asylum seekers, and journalists (like Laura
> Poitras)

Don't cite a specific person unless that person is endorsing the product.

> Using Tails should never be reason to suspect you are a criminal or a spy.
> It protects basic data privacy and democracy.

Don't lead with a user story that exactly matches the stereotype, then. You're
walking right into it.

~~~
aforensics
Thank you for the feedback. Some of it made sense and I've updated the parent
comment.

------
hleszek
It is kind of ridiculous to still use md5sum to check software for integrity.

~~~
aforensics
Thanks, we'll look into it.

~~~
aforensics
And now fixed, moved to SHA512.

------
ralphc
If you want to use Tor in another country then come through a border, what's
the advantage of HiddenVM over putting Tor on a bootable thumb drive, using
it, then throwing away the drive before crossing the border? Just the
persistence?

------
unnouinceput
Or, or..hear me out, swap your HDD with a gaming one so when a smart guy takes
a look at your HDD will find only benign games. You think customs agencies
does not have smart people who can look past a simple boot screen? Think again

~~~
incompatible
Or just wipe the HDD and install a fresh OS? I have to admit that I'm
uncertain exactly what the goal is.

~~~
saagarjha
A fresh OS is pretty suspicious.

~~~
Insanity
It takes almost no time to reinstall an OS, install a few games from steam.

If you want you don't even need to wipe your install and have a bit more time
to spend, you can dual boot and remove the other boot option temporarily from
GRUB / MBR or whatever the windows equivalent was.

Or fetch out a few github repos if you don't want to install steam games. :)

~~~
saagarjha
I'm not sure I understand your response. Am I missing something in my original
comment?

~~~
Insanity
My reply was to say that it's relatively easy to make a clean install not look
'fresh' :P

~~~
saagarjha
Fair.

------
jstanley
> The VM will even connect to full-speed pre-Tor Internet by default, while
> leaving the Tor connection in Tails undisturbed.

This doesn't strike me as a selling point? Surely the default should be to
have the VM traffic all go over Tor?

Cool project though.

~~~
norswap
I think the point is to make a decoy OS that you can boot into if forced to
unlock your laptop. Running on Tor would be highly suspicious.

The point of running this on Tails is to prevent the use of forensic tools
inside the decoy OS to unearth what's underneath.

~~~
joosters
If using Tor is suspicious, then having Tails on your computer is also going
to be suspicious. I'm certain that no border agent will be swayed by your "but
I don't actually use this Tor I have installed" arguments.

~~~
norswap
I assumed that tails is normally invisible and must be logged into using some
secret handshake at boot time. Otherwise it's pretty silly, even if the
partition is wholly encrypted.

------
kchr
Please consider an acronym other than "HVM", which already has meaning in
virtualization context (Hardware Virtualized Machine).

------
ThePowerOfFuet
> The VM will even connect to full-speed pre-Tor Internet by default

Snatching defeat from the jaws of victory.

------
paulcarroty
Will be interesting to also have macOS as guest with Vera Crypt & encrypted
volume etc.

------
a_imho
Isn't downloading additional software defeats the purpose of inspecting the
code?

------
haunter
How about running from RAMdisk? Feels like that would be the safest

~~~
GekkePrutser
It would be, but how do you go through the whole install every time you need
it?

------
walrus01
If your laptop is getting inspected at the border of an actual authoritarian
police state:

[https://en.wikipedia.org/wiki/Rubber-
hose_cryptanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis)

~~~
87zuhjkas
Are there any protection mechanism against that? Something like, even if you
are being tortured you cannot provide the access to anyone else?

~~~
ben_w
Yes, but:

1) they might not believe you, and

2) that’s still true even if the reason you don’t have a key is because you
don’t actually _have_ a secret encrypted partition — or whatever — to supply a
decryption key for

So the best thing to do is avoid being in a situation where someone is allowed
to do that in the first place.

~~~
aforensics
This is interesting. This also means that using encryption or anything that
can plausibly make someone even slightly suspect you're using encryption (even
if you are not) can make your situation worse, with certain classes of
enemies.

I'm sure advanced configurations with well-crafted decoys and steganography
can help combat that, but as we can see, encryption can only take you so far
and it's only one element of the picture.

------
jstewartmobile
if i had reason to be this paranoid about doing something on the computer, i
probably wouldn't do it on the computer... see what Ron Minnich amd Bunnie
Huang have to say about the state of modern hardware and bios.

that, and i believe AMT is still _a thing_

