blog

RSS
[TAGGED: encryption]
  1. How to mount a LUKS encrypted Linux drive in Windows

    Become the world’s top super hacker with this one weird trick

    This is kind of fun, but probably no one will need to do this ever. But the point is you can! So why not? Anyway, suppose you have an encrypted Linux drive and you want to mount it in Windows for whatever reason. Just follow along.

    1. Install Windows Subsystem for Linux 2

      WSL 2 allows you to run a virtualized Linux environment that integrates tightly with the Windows OS. To install it, search for "Turn Windows features on or off" in the Start menu and click the shortcut to open the Settings pane. Scroll down towards the bottom and check the box for "Windows Subsystem for Linux". Then click "OK" to install WSL 2.

    2. Open the Microsoft Store app and install Ubuntu Linux 22.04 LTS

      This is trippy as hell. Ubuntu Linux on an App Store? We have entered the end times indeed.

      Screenshot of Microsoft Store app

    3. Confirm it worked by opening Linux in Windows Terminal

      Start the Terminal app, which should be pre-installed. By default it will probably open to a Powershell or Command Prompt. Click the dropdown arrow on the tab bar and you should see "Ubuntu 22.04.2 LTS" or something similar in the dropdown menu. Click it to start Linux!

      Screenshot of Windows Terminal app

    4. Run an Administrator Powershell and give WSL 2 access to your physical drive

      These instructions are adapted from Microsoft's own documentation so check that out if you need help. Basically, open a new Powershell as Administrator (right click the shortcut and then "Run as administrator").

      List your physical drives by entering: GET-CimInstance -query "SELECT * from Win32_DiskDrive"

      The command should give you output similar to the following:

      DeviceID           Caption                   Partitions Size          Model
      --------           -------                   ---------- ----          -----
      \\.\PHYSICALDRIVE3 Samsung SSD 980 PRO 2TB   1          2000396321280 Samsung SSD 980 PRO 2TB
      \\.\PHYSICALDRIVE0 WD_BLACK SN850X 4000GB    3          4000784417280 WD_BLACK SN850X 4000GB
      \\.\PHYSICALDRIVE1 Samsung SSD 970 PRO 512GB 1          512105932800  Samsung SSD 970 PRO 512GB
      \\.\PHYSICALDRIVE2 WDBRPG0020BNC-WRSN        1          2000396321280 WDBRPG0020BNC-WRSN

      So, one of the DeviceIDs in the output should map to your LUKS encrypted Linux. Suppose for example it was \\.\PHYSICALDRIVE3, then you can give your WSL 2 environment access to that drive with the following commmand:

      wsl --mount \\.\PHYSICALDRIVE3 --bare

      PROTIP — If you need to do this a lot, you can put that command in a .bat file and run it (as Administrator) anytime you want to mount the drive in WSL 2.

    5. Find your encrypted drive in your WSL 2 shell

      Go back to your Terminal with the Ubuntu Linux shell running, and if everything worked, you should be able to find your encrypted drive with the following command: lsblk -l

      The command should give you output similar to the following:

      NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
      sda             8:0    0 363.3M  1 disk
      sdb             8:16   0     8G  0 disk  [SWAP]
      sdc             8:32   0     1T  0 disk  /snap
                                               /mnt/wslg/distro
                                               /
      sdd             8:48   0     2T  0 disk
      sdd1            8:49   0     2T  0 part

      In this example the sdd1 identifier maps to the encrypted partition on your physical drive.

    6. Decrypt and mount the encrypted drive

      You will need a package called cryptsetup if it's not installed. From your Linux shell, enter sudo apt install cryptsetup if needed.

      Now you can decrypt the volume by entering (for example): sudo cryptsetup luksOpen /dev/sdd1 samsung_980_pro

      ^ The name you put in the last argument of that command is any arbitrary name you want to assign the drive in the device mapper. Just be sure that you use the correct device name for the encrypted partition listed from lsblk (in this example /dev/sdd1).

      Once it's decrypted, you can mount the drive with the following command(s):

      • sudo mkdir /mnt/my_encrypted_drive (if needed)
      • sudo mount /dev/mapper/samsung_980_pro /mnt/my_encrypted_drive

      Obviously you can customize the names and mount location however you see fit.

    7. Now you can access your encrypted drive from Windows Explorer!

      Open a new Explorer window and scroll down the left sidebar until you see "Linux." Click this and you'll be able to browse the filesystem from your Ubuntu 22.04 installation. Simply navigate to /mnt/my_encrypted_drive or wherever you mounted the drive, and you'll have access to your encrypted volume!

      Screenshot of Windows Explorer

    One nice use case for this...

    Having an encrypted drive is just a good idea in general. If your computer is lost or stolen you can keep your private files protected and not worry so much about identity theft or any other bad outcomes from people maliciously accessing your files. Many Windows computers ship without any kind of drive encryption, and Microsoft's own BitLocker disk encryption is only available in "Pro" editions of Windows.

    Speaking of BitLocker, who can even trust that shit? It's a closed source system and Microsoft can swear up and down that it's safe and secure, but for all anyone knows it's backdoor'ed six ways from Sunday. By using Linux LUKS drive encryption in Windows, you at least have open source and provable security. Just make sure your passphrase is strong enough and you're good to go!

    Posted 2023-09-12 11:04:00 CST by henriquez. Comments
  2. Obsessive Facts hidden service now available on TOR

    Lately I've been playing with some alternative web protocols, specifically Project Gemini. But I realized before I create a "Smol Web" site, I've been missing the opportunity to release a "Dark Web" version of this site accessible to people using the TOR Browser. So I put my cores to work brute forcing the perfect vanity address, and a couple days later I'm happy with the result.

    Find us at http://obsessivecto5al3kdoe24cyt77np4w4owew7sm66qb7kwhlpzsgyuyd.onion

    This link only works if you have the TOR Browser, or another browser capable of loading onion addresses (but please don't use Brave for high security use-cases).

    In the spirit of the higher-security nature of TOR, I've disabled all JavaScript on the onion site. I've been bitching about JavaScript device fingerprinting for awhile now, so it was time to do this anyway. JavaScript is a progressive enhancement for most of the functionality on this site, so if you want the fancy animations and media streaming you can use the Clearnet version. And if you care more about security over all else, use the Darknet version. Mostly everything still works either way.

    Posted 2023-07-21 14:21:00 CST by henriquez. 1 comment
  3. The JavaScript Black Hole

    A playbook for ethical engineering on the web.

    In the 25 years since JavaScript was first added to Netscape Navigator, the language has evolved from a cute little toy to an integral part of the Internet. JavaScript frameworks such as React and Angular have transformed the web, bringing us fully-fledged client side applications with functionality that could only be imagined just a decade ago. In the process, the web has become more powerful, but also much more dangerous. Malware and mass surveillance have become persistent threats, fueled by the ever-expanding amounts of user data exposed by new JavaScript features, and sucked into the black hole of omnipresent tracking networks. With real human costs, these threats have been worsened by the increasingly popular belief that "the web browser is an operating system, and everything is an app."

    This essay is written for web developers and people interested in the field. In it, I break down the problems mentioned above, demonstrate some commonly-used JavaScript practices that can expose users to harm, provide examples of actual harm being done, and ultimately propose some actionable alternatives that we, as developers, can adopt to prioritize ethical engineering and minimize harm for our users, while still building feature rich applications.

    Read More

    Posted 2020-04-04 11:40:00 CST by henriquez. 9 comments
  4. Obsessive Network LLC Launches Memespeech, An Unbannable End-to-End Encryption Format

    MINNEAPOLIS, MARCH 12, 2020 – FOR IMMEDIATE RELEASE

    ObSesSIVE nEtwoRk Llc HAS lAUNcHeD MemEsPeEcH, a NEw eNd-To-end EncryptiON FOrMAT thaT Is legaLly iMPoSSiBLE For the U.s. GOvernmeNT to bAN. MemESPEEch ENablES CONsUMErS tO hIdE EncryPTed MeSSAGES WITHin OrDInAry PaSSages oF FReE SPEECh. WItHoUT ThE DecrYpTIOn PASsWORd, iT iS IMpoSSiblE TO KNOw WhETher a PaSSagE OF mEmEspeEcH cOnTAinS AN ENCrYPTeD meSSAge, TherefORe thE U.s. GovernMENT cOULD Not bAN MEMESpEech WitHoUT BaNnInG SpEEch, ChEcKmate.

    IN TOdAY'S cOMPETiTIVE LaNDSCApe, thE U.S. cOngrESS hAS propOsEd A piecE OF leGISLAtioN CALLed tHe EarN iT Act, wHicH WouLD GIVe tHE U.s. ATTorneY GenerAL uNIlaTeRaL ConTRol OVeR HOw tecH COmPaniEs ImpLEMenT encRyptiOn TEchnOloGy. PURportEDlY AiMed AT StOppING peDoS FroM sHarINg kidDIe pOrn on facEbOOK (WhIcH has bECOmE a dIsGUSTing cESspOol OF FILth), tHE eARn iT acT HeRoicallY ENds aLL ChILD PoRN by bannINg All intERnet SecURItY.

    MeMEsPEeCh EnABles useRs whO sTiLL waNt secURiTy tO aDD THEir OWn ENCrYPtIOn BaCK iN to coMmUnICatIOn ApPs THaT aLLOw uSErs to ExcHAnGE teXT MessagES, thEreBy lEveraginG rEsoURcEs ANd addinG vAluE. as ThE maRkEt eVOlVEs, ComPAnIEs mAy bE foRCED to put BacKdooRS in thEIR own eNcryPtION, bUT they will nOT bE ABLE To IntErCEpt ThE ENCryPted MESSaGES CONsUmeRs SENd Over their netwoRkS witH mEmESpeEch. ThiS WILL CreAte nEw oPporTuNItiEs IN THe law eNfoRcemENT SECtoRs tO whine AbOUt nOt BeIng AblE to SPY On EVErythinG.

    MEMeSpEecH waS dEvElopeD by ObseSSIvE NEtWoRk lLc, A bOOTsTRaPPED UnICorn StARtUp WIth a $1.3 BIllIoN VaLuatIon aND A LeaDiNg-EdGe tEAM Of rocKsTAr nINJa 10X DEVeLoPErS wIth A CoLLECtiVE exPErience oF 75,000,000 years Of RUsT ANd goLang.

    "aftER COLlAboRaTINg WITh conSUmer rElATiOns AND brand EXperT teAmS AcRoss tHe INdustry, We ReaLIzeD THAt meMESpEECh CoULD rEVoLuTionizE ThE CONSUMER-suCCesS StRATegIes of OUr StAKeHOLDERs BY UsiNG BIG DATa machIne leaRNINg aI," saId heNRiQuez, sOME GuY At OBSesSiVe netWork.

    MeMeSpeECH is iMMeDIATeLy AvAilAbLE as a brOWSER eXTeNSiON foR MOzILla FIrefox anD GoOgle chROmE, As wEll as A dEvElOpER sPECIfiCatIoN, enAbLInG enGinEeRs tO DEVElOP mEmeSpEeCh implEMeNTATIon iN tHE LanGuAgeS oF THeir ChOicE.

    Posted 2020-03-12 16:20:00 PST by henriquez. 1 comment
  5. Cryptoops — a totally pointless JS crypto library

    I've recently been working on a project that involves encryption in web browser extensions, like take some text and encrypt it using a password. Pretty standard, except how do you do that in JavaScript? Due to my obsessive aversion to third party client dependencies, the decision was clear: I must read the specifications to all the relevant cryptographic standards and implement the algorithms myself in Javascript, from scratch.

    It never dawned on me that in the half-decade since I last played with JS crypto, perhaps things might have advanced past the previous status-quo of "roll your own crypto library #yolo". I neglected to consider the possibility that all of this functionality might be already baked into modern web browsers. Well turns out it is. While I was putting the finishing touches on my library (using a Web Worker to make it multi-threaded), I stumbled onto documentation for the Crypto.subtle API, a.k.a. everything I had just built but way faster due to being compiled code that takes advantage of native cryptographic CPU instructions. Oops.

    I can't bring myself to straight-up delete this code, but in reality it should never be used by anyone for any reason. Rather than try to make some sort of point (this is pointless), I'll leave it here for those who click "Read More."

    Read More

    Posted 2019-11-02 19:24:00 CST by henriquez. Comments