Wiki/Entities/Holocron.md

5.3 KiB

WARNING: Holocrons should not hold copies of sensitive information.
The Holocron is a mobile USB designed to take over any computer hardware and run as an element of the AniNIX.

Etymology

Named for the [http://starwars.wikia.com/wiki/Holocron_of_Heresies Sith Holocron] from the Star Wars universe, the Holocron is a method for AniNIX admins to craft and record all their personal code and knowledge, including Aether backups, Foundation repo checkouts, etc. It should be secured and difficult to crack to protect the secrets within, just as its namesake -- the better the traps, the better the knowledge it can hold.

Capacity and Components

Holocrons have no defined capacity since they are not bound to any set of hardware. The portable storage space is bound to the drive on which it's written.

Hosted Services and Entities

No services or entities are hosted.

Connections

Holocron can dial to any host desired. It should have VPN, SSH, remote-desktop, browser, code version control, and file transfer clients available.

Additional Reference

Implementation details for Holocron are below.

Host drive

We currently recommend a [https://www.pcnation.com/web/details/ZY1268/Corsair-Flash-Survivor-Stealth-64GB-USB-3-0-Flash-Drive-CMFSS3B-64GB-00843591066389?mkwid=s_dc&pcrid=64230955823&pkw=&pmt=&plc=&gclid=Cj0KEQjwo_y4BRD0nMnfoqqnxtEBEiQAWdA124R1SSj-sqFREK5wSAXJca5AVpUXJuKfbi3IuD_Sn2IaArOC8P8HAQ Corsair Survivor Stealth] for Holocrons. This offers 64GB of flash storage with the following layout, in a form that is both impact- and water-resistant, making it a resilient tool.Category:Corsair

NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
fd0             2:0    1    4K  0 disk
sda             8:0    0    1G  0 disk
sdb             8:16   1 59.6G  0 disk
|-sdb1          8:17   1   40G  0 part  /mnt/xplatfrm
|-sdb2          8:18   1  9.3G  0 part  /boot
`-sdb3          8:19   1  9.3G  0 part
  `-spartacus 254:0    0  9.3G  0 crypt /
sr0            11:0    1  544K  0 rom

WARNING: Do not store sensitive information on Holocrons!
Though a Holocron has its root encrypted, /boot is not and the device is portable. Physical access is death! The storage can be cloned and cracked with sufficient computing resources. The encryption is a delay but not a hard-stop protecting your information. If you have access to an encrypted machine like Core there is no reason to keep sensitive information on this, a client device. If you have nothing else, this encryption is better than none.

The Israelis and such have been working out ways to listen with directional mics to crack encryption, and I have no guarantee they didn't use some similar hardware assault to crack the encryption. The algorithm might be smart enough, but the hardware may give rise to a more direct way. Moreover, with the hardware being mobile, the firmware and bootloader could be assaulted to broadcast key signatures from memory, or someone could record you entering the decryption password. Some example vectors are below:

Installation

  1. Install ShadowArch to the / partition. Remember to remove the first four lines so that your mount options are used with your storage layout.
  2. Create a folder /boot/iso in the / partition.
  3. Edit /etc/grub.d/40_custom:
    1. See [https://wiki.archlinux.org/index.php/Multiboot_USB_drive Arch's multiboot] for individual GRUB entries.
    2. Also see [https://releng.archlinux.org/pxeboot/ Arch's netboot] for a GRUB entry to use for netboot.
  4. Load ISOs and pack for travel.

Example 40_custom file:

1. !/bin/bash
exec tail -n +3 $0
probe -u $root --set=rootuuid
set imgdevpath="/dev/disk/by-uuid/$rootuuid"
menuentry 'ArchLinux ISO' {
	set isofile='/iso/archlinux.iso'
	loopback loop $isofile
	linux (loop)/arch/boot/x86_64/vmlinuz archisodevice=/dev/loop0 img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
	initrd (loop)/arch/boot/x86_64/archiso.img
}
menuentry "Kali Linux ISO" {
	set isofile='/iso/kali-linux.iso'
	loopback loop $isofile
	linux (loop)/live/vmlinuz boot=live findiso=$isofile noconfig=sudo username=root hostname=kali earlymodules=loop
	initrd (loop)/live/initrd.img
}
menuentry "CentOS ISO" {
	set isofile='/boot/iso/CentOS.iso'
	loopback loop $isofile
	linux (loop)/isolinux/vmlinuz noeject inst.stage2=hd:/dev/sdb2:/$isofile
	initrd (loop)/isolinux/initrd.img
}
  • ArchLinux ISO: This ISO can be used to have a clean point from which to start -- its signature and size can be compared against [https://archlinux.org/download the ArchLinux page] for integrity.
  • Kali Linux ISO: This ISO is a hack suite, porting the latest tools with the user.
  • CentOS ISO: This allows a user to access an enterprise network using a trusted OS with a known signature.
  • ArchLinux local install: This is a portable workspace for the carrier -- packages installed here will be persistent, and allow the user to boot their own toolset without any or much network traffic.
  • Cross-platform storage: This allows Spartacus to perform as a usual flash-drive. }}