Unix/Linux.SE: trigger system self destruct when certain password entered

Discussion in 'privacy technology' started by mirimir, Jan 4, 2014.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Question:

    Answer:

    <http://unix.stackexchange.com/questions/107739/how-to-trigger-a-system-self-destruct-with-a-certain-password-is-entered>

    That is very elegant :thumb:
     
  2. tom1876

    tom1876 Registered Member

    Joined:
    Jan 4, 2014
    Posts:
    15
    Location:
    England
    anyone got similar solution for windows,where a particular password will start the destruction of windows file system?

    I guess setting up a new admin account and adding the batch file in task scheduler for that account will do the job.
    any better suggestion?
     
  3. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I know in Dell's BIOS there is an option to password protect the HDD and if a wrong psw is entered for 3 times, then the disk is wiped.
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Is the HDD actually wiped (all the data stored on the media is overwritten in a way that prevents the data previously stored there from being recovered) or does this feature simple manipulate access/encryption/decryption key(s) in a way that supposedly makes the data previously stored on the media from being read and decrypted?
     
  5. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I don't see how this could work with the preferred method of FDE with LUKS? This would have to trigger at user log on, after FDE is decrypted. I'd rather just just shred the boot loader and yubikey in the shredder...just as quick :D

    But good tip for those that want to set it up.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Maybe something analogous is possible in the preboot environment.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    I've thought more about this.

    I wonder if there's a way to script LUKS header deletion in initramfs in response to three (or whatever) incorrect passphrase attempts -- and/or entry of a nuke-it passphrase. I've been playing with using dropbear for remotely entering the passphrase via SSH. For that, you install busybox and dropbear in the initramfs, and SSH to initramfs. You can add other small packages and scripts, so initramfs becomes a fairly capable OS.
     
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I like it, if it can be done. If you could overwrite with a defined string, like "wiped wiped wiped wiped", (but zero's are probably fine too) it may help in a court situation where their forensic guy could say "yeah, the LUKS header was definitely destroyed, and without it, even the pass phrase won't let us in". Of course, the user could have a sector by sector backup drive stashed somewhere, but who knows how it would play out in a civilized jurisdiction. Assuming the guy had another complete copy of a disk, seems to be a stretch.
     
  9. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    It's wiped, but I am not sure about any possible data recovering (at least when the HDD is not encrypted).
    Being a BIOS option, it runs before the bootloader.
     
  10. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Kali is *not* a user oriented or server oriented operating system. It's an OS designed for penetration testing and hacking. The reason the encryption feature is helpful is so that when you're doing a pentest with sensitive company information, and you lose your laptop, the information is safe.

    Do not run this as a regular user if you want to be secure from hackers. Default user is root, among other things.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Thanks.

    I'm just interested in how they implement the disk wipe.
     
  14. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    It certainly depends on your adversary but if you are faced with a police officer or FBI agent and you enter a destruct password, you better be sure they won't find the destruct script after the fact. If they do, you could be in big trouble for destroying evidence. This is why the Truecrypt developers went to so much trouble to build in plausible deniability. If you have hidden data such as implemented by Truecrypt, you can type in the decoy password and reveal the benign contents of the decoy. If they demand the password to the hidden data, you play dumb and say "what's a hidden volume?"
    There is no way to prove a hidden volume exists unless you give them the password.
     
  15. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I believe you have to know that you are a target of an investigation, before a private individual can be charged with destroying evidence. Just having an "official" talk to you, or ask for the password, shouldn't rise to that level...but I am not a lawyer. If you see a police car pull into your driveway, why can't you wipe the header? People wipe data every day, using tools like Privazer, CCleaner, etc...

    As presented in the article, this was mainly about pen-testers and journalists wiping the key, before leaving a client with sensitive info, or crossing an international border... and then restoring it, when "safe". No suspicion of wrong doing, just precaution against over reach or theft.

    You can kind of do the same thing with TC, just not as easily. Restore the Windows boot loader to a regularly encrypted system, or restore an *incorrect* header (created with a pass phrase you definitely never knew) for the hidden volume that the Hidden OS sits in. You obviously should not have the rescue disk .iso or header backup on your person.
     
  16. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    Forensic teams copy the drive first.

    "NSA stuff"
     
  17. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yes they do. This is before they get it. Leave client, wipe header. Leave for airport, wipe header. See a SWAT van pulling into your driveway, wipe header.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Yes indeed. It's very reversible, as long as you have the header.

    As extra protection, one could keep multiple copies of the header, very thoroughly hidden. Micro SD chips are very small.

    For the readily-available copy, one could make minor changes in a hex editor, in places that can't be checked through within-header relationships or whatever. So the header would be useless unless corrected.
     
  19. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    221
    Surely...

    Sorry for not being clearer; my 2 cents was not in relation to your post but rather the booby trapped passwords.

    Traps other than physical would not work because--as said--the team will copy first before entering in supplied/brute forced PWs.

    Anyhow, for the threads sake:

    What are you guys talking about?

    ~Adversaries have your computer and ask for passwords or brute which results in things getting gutted.

    Or

    ~You see/feel heat so you destroy/preserve your sensitive info proactively.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    As you note, it's too late then, because they image.

    That's what I was thinking of.

    Using a "nuke-it password" might also work in the airport "Please boot the machine" scenario. After entering the password, you would freak out about your lost thesis, business plan, or whatever. But that would be very risky.
     
Loading...
Thread Status:
Not open for further replies.