A guide to install the BusKill dead man switch on Qubes OS : Qubes | Torhoo darknet markets

BusKill is an open-source dead man switch system that allows a specific command to be executed upon the disconnection of a USB device.

To follow this tutorial, you will only need a USB device. It doesn't matter which one, as long as your system recognizes it. You might want to consider purchasing a magnetic adapter to make it easier to remove the device.

We will assume that the qube handling the USB devices is sys-usb. However, if during the installation process you combined the management of USB devices and network devices, then you should replace the instructions with sys-net. If the qube handling your USB devices is a DisposableVM, you will need to work on its TemplateVM.

This implementation of BusKill in QubesOS necessarily grants the ‘sys-usb‘ Qube permission to execute scripts in dom0 with immense destructive power, such as the ability to make all of the data on your computer permanently inaccessible.

The ‘sys-usb‘ Qube is also a particularly exposed Qube that should not be trusted, as it could become infected by a malicious USB peripheral. Please take this into consideration when designing your BusKill triggers and granting permission to the ‘sys-usb‘ Qube to execute them on dom0 via your dom0:/etc/qubes-rpc/policy/ files.

We will also perform tasks on dom0 and another qube that we can work on, for example, temp-vm.

During this tutorial, we will assume that your USB device is named Micromax_A74. However it is likely that this is not the case for you, so you need to identify the model name of your device. To do this, plug your USB to the computer without attaching it to any cube. Then, execute this command in sys-usb:

sudo udevadm monitor --environment --udev | grep "ID_MODEL="

Next, unplug the USB, which should cause the command to print the model name.

In sys-usb, define the following udev rules to run the desired trigger when the USB is disconnected from the system. To do this, execute the following:

cat << EOF | sudo tee /rw/config/buskill.rules
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.lock"
#ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.softShutdown"
#ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.hardReboot"
#ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_MODEL}=="Micromax_A74", RUN+="/usr/bin/qrexec-client-vm dom0 buskill.selfDestruct+--yes"
EOF
sudo ln -s /rw/config/buskill.rules /etc/udev/rules.d/
sudo udevadm control --reload

You should have only one option uncommented, so choose the one that best suits your needs:

• buskill.lock locks the screen, which will also cause all USB devices to disconnect by default.
• buskill.softShutdown shuts down the system normally.
• buskill.hardReboot forces the system to restart as quickly as possible, risking data corruption.
• buskill.selfDestruct+--yes overwrites your LUKS header with random data.

Execute the following in sys-usb:

grep 'buskill' /rw/config/rc.local || cat << EOF | sudo tee --append /rw/config/rc.local
sudo ln -s /rw/config/buskill.rules /etc/udev/rules.d/
sudo udevadm control --reload
EOF
sync

We will use temp-vm to create the scripts for the triggers and then send them to dom0.

In temp-vm, create the buskill.lock trigger:

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/buskill.lock
DISPLAY=:0 xscreensaver-command -lock
EOF
sudo chmod 0755 /tmp/buskill/qubes-rpc/buskill.lock

buskill.softShutdown:

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/buskill.softShutdown
sudo shutdown -h now
EOF
sudo chmod 0755 /tmp/buskill/qubes-rpc/buskill.softShutdown

buskill.hardReboot:

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/buskill.hardReboot
sudo bash -c "echo b > /proc/sysrq-trigger"
EOF
sudo chmod 0755 /tmp/buskill/qubes-rpc/buskill.hardReboot

buskill.selfDestruct:

• https://torhoo.cc/go.php?u=YUhSMGNEb3ZMMlYwWlhKdVlXeGpZbko2Y0dsamVYUnFOSHA1WjNWNVozQnRhMnBzYTJSa2VHOWlOM1J3ZEd4eU1qVmpaR2x3WlRWemRubHhiM0ZrTG05dWFXOXVMMlJ2ZDI1c2IyRmtMemczTm1NMU5Ea3haV1l4TWpJMllqQTNaR000WTJVeE1EUXhaV1kwWm1JMU5XRmxNbVk0T1RoaU1ETTNZV1UzTVRKakwzQXRNemcyT0dRME5EVTVZbUZtTmpObVltUTNNV1F1ZEhoMA==#

Finally, we define policy files in dom0 that permit our ‘sys-usb‘ VM to be able to execute the above triggers. Note that ‘sys-usb‘ is necessarily a high-risk and untrusted VM that could easily be compromised. Therefore, it’s critically important that any buskill triggers defined on dom0 are self-contained and don’t accept any input telling them them what to execute on dom0.

Execute the following in temp-vm:

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/policy/buskill.lock
sys-usb dom0 allow
EOF
sudo chmod 0644 /tmp/buskill/qubes-rpc/policy/buskill.lock

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/policy/buskill.softShutdown
sys-usb dom0 allow
EOF
sudo chmod 0644 /tmp/buskill/qubes-rpc/policy/buskill.softShutdown

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/policy/buskill.hardReboot
sys-usb dom0 allow
EOF
sudo chmod 0644 /tmp/buskill/qubes-rpc/policy/buskill.hardReboot

cat << EOF | sudo tee /tmp/buskill/qubes-rpc/policy/buskill.selfDestruct
sys-usb dom0 allow
EOF
sudo chmod 0644 /tmp/buskill/qubes-rpc/policy/buskill.selfDestruct

pushd /tmp/buskill
tar -czvf buskill.qubes-rpc.tar.gz qubes-rpc/*
sync

This will allow the execution of scripts from sys-usb and create a tarfile to send to dom0.

Run this command in dom0 to extract the contents of the tarfile:

sudo su -
cd /etc
qvm-run --pass-io temp-vm 'cat /tmp/buskill/buskill.qubes-rpc.tar.gz' > buskill.qubes-rpc.tar.gz
tar -xzvf buskill.qubes-rpc.tar.gz
sync

At this point, BusKill has been installed. Enjoy your dead man switch!

Here is a tutorial for disarming BusKill on Qubes OS:

• https://torhoo.cc/go.php?u=YUhSMGNITTZMeTkzZDNjdVluVnphMmxzYkM1cGJpOXhkV0psY3kxa2FYTmhjbTB2#