RabbitHole : AES-256 archiver with multiple hidden volumes for plausible deniability

Discussion in 'privacy technology' started by Commitant, Oct 28, 2017.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,100
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    I would ask for support for command line arguments. As a somebody from Unix-like world I am used to make scripts. For example in Gnu/Linux I can:
    Code:
    1st line: tar arg1 arg2 arg3
    2nd line: xz arg1 arg2 arg3
    3rd line: gpg arg1 arg2 arg3
    This way in three lines (I can do this in one, but I written this way for clarity) I can:
    1. Make file containing files and directories
    2. Compress it (effectively making solid archive (not mentioned earlier oop principles))
    3. Encrypt it (I don't know a way to make hidden archives with plausible deniability)

    You call this app command line, but it is not in this sense I used to call command line. Your app only supports entering the menu and commanding from inside, what effectively makes difficult use this app in scripts. I think Windows version is good as now, but for Gnu/Linux version it would be nice to make it more script-friendly.
     
  3. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
  4. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    Good points reasonablePrivacy, and we were originally planning on doing it this way. However, it became clear that it would be too cumbersome to most users. Example: When you create a new archive, you have to specify a "new" keyword, then you need to specify path and file name of the archive, then you need to specify the size of the archive, then you need to choose encryption algorithm, then you need to input random keystrokes from the keyboard to collect entropy for the random generator, then you need to specify number of volumes, and finally you need to enter the passwords for all volumes.
    While possible, this would be impractical to do from shell-commands only, as we need preserve state and context, and guide the user through the process. Agreed?
     
  5. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    107
    Location:
    Some country in the European Union
    Maybe something between? Do interface like now for no interested in scripting, but also specify argument to read commands from file?
    Gnu/Linux and OpenBSD systems have /dev/urandom for that. I think typing manually generated random input from keyboard should be optional rather a must.
     
    Last edited: Nov 4, 2017
  7. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    845
    Commitant

    Using XP SP3 x86 No it wouldn't run


    Sorry that I didn't reply earlier, I don't login much and didn't see the notification for your post.



     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,100
    I'm not sure which .NET Framework-version Rabbithole requires, .NET 4.0 / .NET 4.5 :cautious:
    If it is .NET 4.5, you can't run it on Windows XP (The maximum supported version on Windows XP is .NET 4.0)
     
  9. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    845
    I know that this is going to sound stupid and of course, I know nothing about these matters :( but...When programming an app like this, is it possible to allow an older .net or does the architecture of the program require the use of that particular .net to meet the demands of the latest OS etc?
    I find these days that unless you have the latest OS then you are forced out of the game. I often wish that instead of these upgrades disrupting your whole life that we had an architecture which allowed just an add-on for all previous operating systems or that software could be backwardly compatible. Yes, I know that 'World of Warcraft or whatever isn't going to run on Windows 3.11...but I like using XP which I've 'clothed' with all my pet projects, apps and stuff over the years and this ol' man can't cope with the disruption.

     
  10. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    Hi mood, thanks for making me aware of this. I've now recompiled the project to use .Net Framework 4.0, there's no parts of the project dependant on 4.5. It's available here: https://github.com/Commitant/RabbitHole/releases.
     
  11. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    I hear you sdmod. A new version compiled for .Net Framework 4.0 available now. However, since you're obviously privacy minded, you should consider upgrading to a newer OS anyways. As I'm sure you know XP is no longer supported by Microsoft, which means security vulnerabilities might not be patched. Windows 7 will do.
     
  12. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    I'm no Linux expert, but from what I understand, /dev/random and dev/urandom doesn't provide entropy, but provides pseudo random numbers as it's based on a CSPRNG. The input from from the keyboard is not to collect random data (it would be a very poor source), but it uses keystroke timings to seed the CSPRNG we use, which is Bouncy Castle's Sha512 Digest. I understand Linux itself collects entropy from "various souces", probably also from keystroke timings, harware interupts etc.
    However, this all gets a bit theoretical since we do not have a Java version of RabbitHole at this time.
     
  13. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    845
    I've installed RabbitHole now but I haven't dared try it yet until I fully understand what I am doing. I find those github pages hard to navigate. Layout seems very 'techie'.
    I'm not sure which version I have of RabbitHole but it starts up in XP 32 bit now and opens up to the command prompt.
    I managed to open help by typing in help :) clever lad that I am.
    and downloaded the text instructions from your webpage. I'm one of those people that is phobic of manuals, I'll do anything to wriggle out of reading the information that's in front of me and hope for magic gifts of salient information that will 'get the thing working'. I like the sort of manuals that say 1) Press that 2) then do this 3) next thing and so on. I haven't gone further yet.. Scared of deleting or encrypting something by accident.
    I haven't quite conceptualized yet, the function of the program. in it's entirety but I'll try some small tests in unimportant folders
    I downloaded the file setup.exe 2487K file version 0.1.1.0 Internal Build number 158438
    Is that the correct one? Do I need to download anything else, apart from the single setup file?
    I'm familiar with Blowfish Advanced CS, Secure IT, Secure Message (text encrypter) and those sorts of things with a GUI.
    I'm not too uncomfortable using the command point as I used to mess about on a Unix system in the mid nineties and MSDOS
    Commitant, Thanks for adjusting RabbitHole so that we can use it.
     
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    Unfortunately, forcing you out of the game unless you buy a new one is better for their profits than providing backwards compatabilty and seems to be becoming the standard 21st century business model. Probably because Wall Street demands consistent profits so "things" have to be done to ensure the people believe they need a new one every few years.
    Almost makes you "wannacry" doesn't it...
     
  15. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    Hi there Sdmod, no worries, I'll walk you through it :)
    First of all, relax, RabbitHole doesn't touch any of your existing files, so you can't mess up anything. When you encrypt files you simply add them to your new archive, but the original files stay untouched on your disk. In other words, the files themselves aren't encrypted, overwritten or deleted, they are just duplicated and placed inside the encrypted archive.

    So, let's walk through the steps, it's really quite easy when you know the ropes:
    1. Create a new archive: new c:\temp\myArchive 10
    This creates a new archive c:\temp\myArchive.rabbit with a size of 10MB.

    2. Follow the on-screen instructions. You will chose encryption algorithm, the number of volumes, passwords for those volumes, and input som entropy through the keyboard.

    3. Now your archive and the volumes within are created. Open the archive and the volume you want to use with: open C:\temp\myArchive <password>
    Use the password associated with the volume you want to use.

    4. Add an existing file to the archive: put c:\temp\somefile.txt
    This adds somefile.txt to the volume you just opened.

    5. Save the changes to the volume: save <password>
    To persist the changes, use the save command, and use the password you used to open the volume.

    Congratulations, you're done :) You now have an encrypted archive containing your secret file. You can now upload it to the cloud and be sure that nobody can decipher your secrets (as long as you chose a strong password). If you added the file to any other volume than the first, you now have plausible deniablity, and no one will be able to prove your secret's existance. To get the file out again, use the get command.
     
  16. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    845
    Hi Commitant,
    You have tried your very best to help me and I'm grateful for that but after quite a few hours of floundering around, I have to admit defeat. It just isn't clear to me what is happening and I don't have the necessary skills and/or patience. Thanks for allowing me to try though :) I wish you all the best with your project.

    sdmod
     
  17. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    I'm sorry to hear that sdmod, we were thinking of making a Windows GUI for the app as well, maybe you would have more luck with that.
     
  18. sdmod

    sdmod Shadow Defender Expert

    Joined:
    Oct 28, 2010
    Posts:
    845
    Hi Commitant,
    Yes possibly Windows GUI might be better for me. The problem that I had was that it didn't appear logical to me. Something isn't linking up for me in my attempt at conceptualization of it or the 'one two three' of the process.
    I couldn't picture it in my minds eye and couldn't see a clear picture of the resulting expected benefit considering the work I was putting in. I wasn't sure if I was to put a full path to my file and found difficulty with working out how to retrieve anything that I thought that I might have had success encrypting. I did, at one point get confirmation that I'd archived a file. Also the archive didn't seem to retain the name that I had given it...or it seemed that way. Yes, maybe swimming in water that is too deep for me when I can't swim all that well. I tried the help file but couldn't make progress even using it. Maybe I didn't understand the directions properly.
    I suppose I ws thinking along the lines of something like a .zip or .rar containing invisible encrypted file/s
    When using for example Blowfish, I choose a file or series of files to encrypt. I have a password I can encrypt those files as named with file extension or save as a random number of letters without extension.
    I've played around a little with programs that obfuscate within images etc with some success. I am at the level where I can find my way around amost Windows programs to some degree. I've run and configured software servers, ftp dns, www and found my way around various forum softwares. I've used PGP in the past when it first came out and multiple encryption programs. Something about this confounds me and I'm not quite sure what it is.
    I think I had some success creating the original folder in temp as you described but everything went awry after that :(
    If others are finding it really easy I'm going to feel quite stupid. :O


    .....................


     
    Last edited: Nov 10, 2017
  19. Commitant

    Commitant Registered Member

    Joined:
    Oct 28, 2017
    Posts:
    23
    Location:
    Norway
    I'm not quite sure what to tell you, our testers didn't have any problems following the instructions. While not programmers, they are used to command line tools and shells. I'm not quite sure what you don't understand, but the concept works like this:
    • First you create an archive, which is in fact a file (myArchive.rabbit) with a given size that's filled with random garbage data.
    • Then you add your secret files to a volume within this archive.
    • Then you save the changes to the archive.
    And that's it. A copy of your secret files are now encrypted inside the archive.
    But hey, there's a lot of tools out there with GUIs that will probably be easier for you to use.
     
  20. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    @sdmod don't feel stupid, command line tools can be difficult when you're used to GUI.
    This is, I'm sure, why desktop linux has not been able to break out of their 1% market share.
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,867
    This might be one of the reasons that linux users get left alone. Servers get attacked but linux desktop just doesn't have a payoff for creators of "ill".