Conversation

Notices

1. Embed this notice
   Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:36:27 JST Sick Sun
   I woke up rejuvenated to try messing with the onion hidden service again.
   
   Instead of link-local addressing, I set up a dhcp server on the tor host for only the hidden service interface, serving a fixed ipv4 address.
   
   Switching to DHCP and IPv4 fixed 90% of the problems.
   
   I now have only one problem left, that the host machine still needs a static address. It won't autoconfigure, still.
   • Linux Walt (@lnxw37j1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:38:40 JST Sick Sun

     in reply to

     • тняэдт™
     @threat the dhcp thing is a workaround but I can write up what I did when I get it all working yeah
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Tuesday, 20-Aug-2024 21:38:41 JST тняэдт™

     in reply to
     @sun id like to see this writeup if you are doing a writeup.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:41:06 JST Sick Sun

     in reply to

     • тняэдт™
     @threat The big problem, if this were a serious project, is all my devices the hidden services will run on have onboard wifi. Obviously if someone got root on the device, they could sniff nearby SSIDs and possibly locate me. Nobody's devices seem to be able to disable the wifi.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:48:11 JST Sick Sun

     in reply to

     • тняэдт™
     • Reitoei
     @Idoru @threat the issue is if someone got root on the box they can just reload the module. It needs to be a hardware (or secured bios) option.
   • Embed this notice
     Reitoei (idoru@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:48:14 JST Reitoei

     in reply to

     • тняэдт™
     @sun @threat what OS you running on them? I disconnected my laptop webcam by blacklisting the kernel modules from being loaded. I still put tape over it though.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:48:59 JST Sick Sun

     in reply to

     • тняэдт™
     @threat one device is a raspberry pi and the other two (coming soon) are risc-v banana pis. none of them seem to have a secure way to disable the wifi. you can in software but of course that can be undone.
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Tuesday, 20-Aug-2024 21:49:00 JST тняэдт™

     in reply to
     @sun most devices have the ability to shut the radio down via bios. still though im interested to see what the project goal is. but im glad you are making something on tor
   • Embed this notice
     Reitoei (idoru@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:49:44 JST Reitoei

     in reply to

     • тняэдт™
     @sun @threat you have a point there certainly. You could only compile the bits you need. But how long is a piece of string?
     Sick Sun likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:50:53 JST Sick Sun

     in reply to

     • тняэдт™
     • Reitoei
     @Idoru @threat Compiling a custom kernel and not putting compiler on the box would make it very difficult (although not impossible) yeah. I might try to do that, thanks for the suggestion.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:51:41 JST Sick Sun

     in reply to

     • тняэдт™
     @threat custom kernel with wifi disabled is safest, then an attacker with root can't just reload the module.
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Tuesday, 20-Aug-2024 21:51:42 JST тняэдт™

     in reply to
     @sun im not into arm so im ignorant on the matter but the previous comment if blacklisting kernel mods is about the only option that seems reasonable
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Tuesday, 20-Aug-2024 21:55:41 JST Sick Sun

     in reply to

     • тняэдт™
     @threat This is a physically isolated machine, the only network it has is its local network connection back to the Tor node. If they have root they may own the box but they can't pivot anywhere.
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Tuesday, 20-Aug-2024 21:55:42 JST тняэдт™

     in reply to
     @sun if an adversary has root it was over the minute they did. this would constitute a trip-power scenario immediately. just my .o2c