xBMachine - what can we expect?

@Torrify

Since the release date of a fist dev-build xBM is coming near:
What exactly will it be?

1. A VM so much seems to be clear. But what exactly makes it different from e.g. the anon-web VM which includes JAP support as well as Mixmaster via Tor? Will such things be supported too, besides your own solution?

2 Will there be a bootable version of xBM like e.g. the Incognito Live-CD? If so, when? Will its functionality be any different from the first VM-release?

3. Will there be a version which can also be run under Windws (etc.) as a simple .exe? Will xBM in other words offer the same functionality like the Qemu-Puppy from here which can be run under almost all circumstances one may think off (as a VM and/or Live CD and/or executable)? If so, when and which size will this final xBM have?

It would be nice if you could give us some kind of roadmap and more details on the security solutions xBM will support (or might not)...

BR
z.

 

zikarus,

Here are some answers to your questions:

1. First off, it will be a project that isn't hard to find. I've yet to play with the anon-web VM, much less rip it apart and find all the security flaws. We will be constantly updating xB Machine, and the upgrades should be auto-updating, and secured by PGP signature. The operating system is hardened and firewalled from itself. We have currently installed Tor and XeroBank on the operating system, and I am playing around with email options currently to decide if Mixmaster, I2P, Tarzan, or Tor is the best free solution. We may include all of the above, but that may be too cluttered for most people.

2. Yes, there will be a bootable version. It will boot load from QEMU. We have a working version of it, but it is DVD size, so we'll have to whittle it down and then we can release it. That will come after the VM version is released, and likely replace it. What we are releasing at DefCon is a development release which is the runnable virtual machine. We'll keep plugging away and shortly have a bootable version afterwards.

3. We want to make the VM as versatile as possible, so it will be playable from VMWare and QEMU. While VMWare is faster for the most part, I don't expect people to trust it, so that is a big reason we want to allow QEMU as it is open source. As to it being an EXE, if we can make it dual operational for VMWare and QEMU that way (think of a loose wrapper), it shouldn't be a problem. Just an implementation bridge to cross when we get there. Right now we are trying to make it down to 210MB, so it fits on a mini-cd. Currently it is somewhere around 300MB. The 210MB mini-cd may be impossible for the bootable version, but we'll deal with that, as a mini-cd isn't exactly a hard specification.

Here is an image of the current structure:

http://www.xerobank.com/images/xBVM_diagram.png

 

Basic features:
- Designed to run within VMWare (Workstation, Server, Player), Qemu, others may follow in second release only private network information, no public.
- Firewall only allows anonymity client outgoing/incoming traffic from/to external interfaces. No outgoing traffic without anonymity
- Some hardening to make local exploits less easy (GrSecurity, stackprotection, minimal suids, etc)

Anonymity clients:
- Tor
- Jap
- xB Plus
- xB Pro / Premium
- xB OR (shh, don't ask)

Usability features:
- Firefox with privacy extensions and settings
- Thunderbird with privacy extensions and settings
- GPG and Enigmail
- Pidgin w/ OTR Chat client
- Text editor, image viewer
- Filemanager
- Autoconfiguration of anonymity clients
- Proxy autoconfiguration of clients (Firefox, Thunderbird without restart of program)
- Remote filesystem via WebDavFS/SSHFS with encfs
- Local user filesystem with loop-aes
- Userdir with dmcrypt/pam_mount
- Console (command line text thing, green characters on black background )

Windowmanager: Enlightenment

Additional features:
- Easy updating without destroying userdir
- Integrity check from host system

Future features:
- LiveCD to boot Qemu and xBVM

Details on firewall:
- Each outgoing software runs under it's own userID
- Firewall only allows those userIDs
- LSM SecLVL to keep router/firewall from being changed if system got hacked locally (maybe, not sure on that yet)

 

Here is a screenshot I took from a development version we were working on.

http://www.xerobank.com/images/xBVM_dev_screenshot.jpg

 

Thx for your answers Torrify. Looking forward to the pre-release then.

Btw: What is this xB OR you mentioned?

 

? ?

 

Telling us what, caspian?

Any links available where one could dl the machine?

Edit: Now it is available on the Xerobank hp (Products)... ;-)

 

Greetings,

xB Machine is now available for download here

Steve

 

Hi Steve,

Any documentation/how to's/tutorials/step-by-step guides, etc.?

The download contains all the zip files for xB, but no real instruction on getting it to work (VMware? How?). I downloaded and was immediately lost without any documentation.

I've read some reviews from DefCon....hope it all went as well as you hoped.

Oh! What about that round-up of commercial privacy providers? Is that something you are still planning? I think at one time you were even looking at DefCon for that as well. Anxious to hear how your testing went. You said it was pretty dismal, but hearing the specifics would be terrific!

 

Welcome back home Steve...

Is it just me who can not log into xBM? Ending up in an endless loop with the login-screen popping up again and again though it accepts the password each time...

Btw - may I use xBM with VirtualBox too? Would be interesting, since there already exists a portable version of 1.4.0 which seems to work ( http://z0rz.com/blog/archives/84 )...

BR
z.

 

Give it a shot and let me know.

Regarding the logon screen, you are first logging in as user "xero" and then giving your password, yes?

The directions are as follows:

1. Download xB Machine DEVELOPMENT PRE-RELEASE version:
http://update.xerobank.com/beta/xBVM-0.02.2.zip

2. Run xB Machine (xBVM.vmx) from either VMWare or QEMU, which are
virtual machine softwares. You may have to select "Create" if a dialog
pops up.

3. Create a password. Then login as username "xero" with your selected
password.

4. Click on the Anonymity Network Selector, which looks like a globe.
Click on "Tor Network" and then click the OK button.

6. You can now access the internet anonymously and safely.

NOTE: If you had started Firefox prior to step 4, your browser may
appear unresponsive. Go to Tools:Clear Private Data, and then hit refresh.

 

Another request:

I have tried to run the xBMachine under the Moka5 environment (some kind of modified VMWare player; see www.moka5.com) but did not succeed. It fails since "snapshot and sparse volumes are not supported" by Moka5.

Could xBMachine not be distributed as an .iso too?

Would be great since Moka5 works quite well with .iso's. The good thing about this software is that it can easily be run off of a stick - even without admin-rights! The downside is, that the program may become payware sometime after the actual beta status may have turned into final...

Since then xBMachine and Moka5 would make a good portable combo

 

Try loading it from the boot.iso file that is included, you may have to designate the vmdk as disk partitions on launch, I'm unfamiliar with Moka5. That is how we are launching it in QEMU.

 

I know xBM is still in development, but here is the trouble I am having tonight with a fresh download. Thanks in advance!

I've tried loading xBM but it fails to complete the boot process. Using Ubuntu 6.0.6.1 LTS, I installed qemu via apt-get and then tried to open xBM. Initially nothing worked until I found this thread which hinted at specifying the hard disk to use. Here is the command I used which got xBM to start to boot, but it later kernel panics.

qemu xBVM.vmx -cdrom boot.iso -boot d

During the boot process, I get the following :

>> Determining loop type
!! Invalid loop location: /image.squashfs
!! Please export LOOP with a valid location, or re and boot and pass a pr
oper loop=...
!! kernel command line!

/bin/ash: can't access tty; job control turned off
/newroot #

I press CTRL+D to exit and then I get :

>> Checking base image signature (Please wait, it takes a while)...
!! ATTENTION: VERIFICATION FAILED!
!! RISK OF INTRUSION
!! Press [ENTER] to continue on your own risk

So I press enter and finally get :

>> Mounting squashfs filesystem
mount: Mounting /newroot/mnt/cdrom//image.squashfs on /newroot/mnt/livecd failed: No such file or directory
>> Copying read-write image contents to tmpfs
cp: etc: No such file or directory
cp: root: No such file or directory
cp: home: No such file or directory
cp: var: No such file or directory
>> No cdupdate.sh script found, skipping...
>> Booting (initramfs)..switch_root: Bad init '/sbin/init'
Kernel panic - not syncing: Attempted to kill init!

 

No worries. The next version of xB Machine will have qemu wrapped into it, and will probably also be bootable. I have trouble getting it to load under QEMU as well with the old version.

 

I guess that is why it's labeled as a development release.

Thank you for letting me know. All in all, xBM sounds like a great solution for those that want to isolate their computing environment and keep it very portable.

 

Hi I'm also have trouble loading xBVM can you explain how to actually load it in to one of the virtual machines - what steps are necessary? I am not familiar with .bat files

Thanks

 

http://update.xerobank.com/beta/unfinished.jpg

xB Machine is almost ready for release.

Will include xB Browser, xB Mail, xB Configurator, Pidgin, VOIP client, Bit Torrent client, Flash & Java support, and OpenOffice if we have room. It is now Bootable and Live, so you can run it from any operating system or hardware. It also no longer requires VMWare, as it is a standalone appliance, but it can run under VMWare. It is now smaller than 700MB when uncompressed, uses less than 200MB of ram, and is an ISO. It now boots in less than one minute!

This is by far and away the most advanced, slick, secure OS I've ever seen.

 

Damn looking awesome. I'm really waiting this one and hope so that there's coming new solution/service too No hurry. Going to India on thurday so I can wait

 

So apparently there is another install method I forgot: USB. With the USB you can either extract the ISO image to boot from the USB device, OR you can keep the autorun stuff there and run it live.

Wasn't yet able to run it in boot mode until we add more specs to the boot kernel, but under QEMU live I did. I was really surprised with how much smoother it acted than v0.2. Still a loooong way to go on it before defcon this year.

 

Do you think it would be possible to do an XB Machine for dummies tutorial?? LOL! I was able to use it with VMware, but I do not understand Qemu at all, I'm embarassed to say.

 

Caspian,

no worries. The QEMU version is just you double-clicking. Everything else is *done*.

 

Here is a video showing part of the new interface for xB Machine. Check out how smooth the scroll is. This is running in QEMU, in Windows XP.

We were playing with a new trick last night. We had a xB Machine setup in California and were remotely using it from Texas. This gave us an idea for a request that a few vendors have had: Make xB Machine run remotely so the user only needs a terminal and can access their workspace from any computer.

While possible, it still needs some tweaking on the server/client relationship.

 

Hi Steve,

Do you have a launch date in mind? I watched the video and it looks good!

 

We're hoping for the end of march, concurrent with our new website and service release. Although there is a longer way to go with it.

Lots of things need to be tweaked.

One thing i discovered is that it takes twice as long to boot if you have dual processors, and specify to use them, than if you don't. Strange. Another issue is we're resolving lots of SIGABORTs in the theme. Just last night we put in the torrent client. So far this thing is tiny. Uncompressed its now at about 710Mb, and compressed it is as small as 200MB.

I think we need to add some buttons to the desktop like a simple shutdown button, save profile button, and self-destruct button.