? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

Pexo's Blog

A blog, where I, pexo, will post different things, at uncertain times about some topics.

The x makes it sound friendlier.

Follow in NewsfeedFollowing

Latest comments:

How to install Zeronet on QubesOS

on Aug 30, 2018 ·
15 comments

I've recently rebuild my QubesOS setup and as part of that I have also remade my Zeronet setup. Since I was going to do it anyway, I decided it just write my steps down and post them here.

Requirements and assumptions

  • I'll be using the fedora 28 templateVM for the Zeronet templateVM. The basic procedure should the same for older fedora versions, but can differ slightly, so be aware of that, should you want to use a different fedora template.

  • I'll also be assuming Qubes 4, but older Qubes versions shouldn't make much of a difference, at least as far as I'm aware of.

  • Anything in {curly braces} needs to be replaced by something.
    Example: tor-browser-linux64-{someversion}_en-US.tar.xz could be tor-browser-linux64-7.5.5_en-US.tar.xz or tor-browser-linux64-7.5.6_en-US.tar.xz.

Note from 09-24-2018

I have adjusted this guide to now work with the new Tor Browser release(8.0). In addition to that I have also included some scripts, that make managing the Zeronet templateVM, specifically new Tor Browser versions or manual changes of it in the templateVM way more comfortable, easier to apply and work with in appVMs.

Installation

The Setup

  1. Open the Qubes manager and clone the fedora 28 templateVM. The name can be anything you want, I named it ZeronetTemplateVM.

  2. In the Qube Manager open the Qube Settings section for the VM you just cloned and set under networking any netVM that has internet access. I'd choose sys-whonix, since that forces all traffic in our installation process through Tor, as well.

  3. In the same window move to Applications and select Terminal and Firefox. You can also select other applications, but we only need Firefox and the terminal. You may need to press Refresh Applications before they appear.
    After you're done you can hit Apply and close the window.

  4. Start the VM and open Firefox and it's terminal.

  5. In Firefox download:

    • The Zero Bundle from zeronet.io

    • The Tor Browser and it's signature from torproject.org

  6. Now get the public key fingerprints from torproject.org and import them into gpg with:

    gpg --recv-keys {key1} {key2} {...}

    Note: At the time of this writing the command to get all keys is: gpg --recv-keys 0x4E2C6E8793298290 0xEB774491D9FF06E2 0xD1483FA6C3C07136, but times change and I STRONGLY discourage anyone from copying and pasting random signing keys from anywhere. I could claim just about anything I want and you wouldn't know, whether that really were the Tor Browser signing keys or I lied to you.

  7. Verify the signature of the Tor Browser, to do this:

    cd /home/user/Downloads/
    gpg --verify tor-browser-linux64-{someversion}_en-US.tar.xz.asc tor-browser-linux64-{someversion}_en-US.tar.xz
    Should the signature fail, redownload the Tor Browser and the signature and try again. Should it fail again, wait a day and then redownload the Tor Browser and the signature and try again. If it continues to fail, report what failed to torproject.org.

Installing Tor

  1. Give yourself root privileges in the terminal

    sudo -i

  2. Install Tor with:

    sudo dnf install tor

    Confirm that you want to install Tor and wait for the installation to finish.

  3. Now we need to configure Tor. We do this, by editing the torrc file:

    sudo gedit /etc/tor/torrc

    Here you'll need to remove the # character in the lines that say CookieAuthentication 1 and ControlPort 9051.

    Note: The auth-cookie entry might be inside there multiple times, if you have no experience with editing the torrc file, just remove the # character from all appearing instances.
    Note2: If one of them is not present in the entire file type them in yourself and make sure, that there isn't a # character somewhere before it in the same line.

    Now save and close gedit.

  4. We need to add permission for the default user user to read the Tor auth-cookie with(if your default user is not user change the word user in the command below to your default user name):

    sudo usermod -a -G toranon user

Starting Tor

For the next step we need Tor running, so open a new terminal window and run:

sudo runuser -u toranon tor

This will start the Tor instance.

Installing Zeronet

Now we can get to the installation of the Zero Bundle.

  1. Go back to your download directory(if you left it) and unpack the Zero Bundle with:

    cd /home/user/Downloads/
    tar xvf ZeroBundle-linux64.tar.gz

  2. Copy the unpacked folder into /usr/share:

    sudo cp -r ZeroBundle/ /usr/share/ZeroBundle

  3. Now we need to configure Zeronet, to do that we have to run Zeronet for the first time, so that it can download the newest version(make sure you are still in root terminal):

    cd /usr/share/ZeroBundle/
    ./ZeroNet.sh --version

    This will download the most recent Zeronet version and print out the version after its done.
    Note: In the current version of Zeronet(Version: 0.6.3 r3576) you'll see an error here, you can run the command again and it should produce the expected output.

  4. Now, that the newest version has been downloaded, we can start Zeronet for real with:

    ./ZeroNet.sh --tor always

    If all downloads are finished, you can shut down Zeronet (either normally or by pressing ctrl+c in the terminal)

    Note: If Firefox doesn't open automatically, open it yourself, type 127.0.0.1:43110 in the url field and press enter.

  5. From here on out we don't need Tor running anymore, so in the terminal where Tor was running you can terminate it's process(with ctrl+c) and close the window.

  6. Now we remove the generated data-directory, since we wont be using it:

    cd ZeroNet/
    sudo rm -r data/

  7. After that, it is time to modify the config file. To do this run:

    sudo gedit zeronet.conf

    Remove anything, that is written in there and replace it with:

    [global]
    open_browser = False
    data_dir = /home/user/ZeronetData
    tor = always
    trackers_proxy = tor
    force_encryption
    disable_udp
    

    Explanation:

    • open_browser = False: Makes it so, that the main browser(Firefox) won't be opened each time Zeronet is started.

    • data_dir = /home/user/ZeronetData: This is the directory where all Zeronet data will be stored. You may change this to wherever you like.

    • tor = always: This forces Zeronet to make all connections through .onion addresses(the Tor network). If you want to enable connections to regular IP addresses replace always with enable, however if you do this you are no longer anonymous, meaning others can see your real IP-address in the network.

    • trackers_proxy = tor: This forces Zeronet to make all tracker connections through the Tor network.

    • force_encryption: This forces Zeronet only to connect to peers, that offer to encrypt the traffic.

    • disable_udp: Since Tor is set to always and all tracker connections are forced through Tor, allowing udp is pointless, since Tor only allows tcp connections.

    You can also add other options in there, if you want. Once you're done you can save and close gedit.

  8. Right now, the ZeroBundle folder is owned by root, so we need to change it's ownership.

    sudo chown -R user:user /usr/share/ZeroBundle/

Make Zeronet and Tor automatically start

Now we need to make Zeronet and Tor start together with the templateVM.
Note: We'll use init.d instead of /rw/config/rc.local, because /rw/config/rc.local is not inherited by any appVM that uses the Zeronet-templateVM, therefore one would need to setup rc.local for each new Zeronet appVM, which is annoying and defeats the purpose of having an templateVM)

To have Zeronet and Tor automatically start that we:

  1. Go to init.d:

    cd /etc/init.d/

  2. Create our auto start script:

    sudo gedit start-zeronet

    In the appearing window paste:

    #!/bin/bash
    # chkconfig: 345 99 10
    # description: A script to start Zeronet and Tor on boot time.
    
    case "$1" in
     'start')
       ##Start Tor and save it's pid
       runuser -u toranon tor &
       tor_PID=$!
       echo $tor_PID > /home/user/.tor.pid
       ##Start Zeronet and save it's pid
       runuser -u user /usr/share/ZeroBundle/ZeroNet.sh &
       zeronet_PID=$!
       echo $zeronet_PID > /home/user/.zeronet.pid
       ;;
     'stop')
       ##Getting the pid for Zeronet, stoping it and removing it's pid file
       if [ -f /home/user/.zeronet.pid ] ; then 
         zeronet_PID=$(</home/user/.zeronet.pid);
         kill $zeronet_PID
         rm /home/user/.zeronet.pid
       fi
       ##Getting the pid for Tor, stoping it and removing it's pid file
       if [ -f /home/user/.tor.pid ] ; then 
         tor_PID=$(</home/user/.tor.pid);
         kill $tor_PID
         rm /home/user/.tor.pid
       fi
       ;;
    esac
    

    Explanation:

    The script starts Zeronet and Tor in an background process and stores their process ids(=PIDs) into hidden files in the /home/user directory, as zeronet.pid and tor.pid.
    You can make modifications to this script as you see fit, once you're done you can save and exit gedit.

  3. Make the script executable with:

    sudo chmod +x start-zeronet

  4. Check whether or not the script is valid:

    sudo chkconfig --list start-zeronet

    If the script doesn't show up: Redo step 2. It is likely that you had a typo somewhere.

  5. Register the script with:

    sudo chkconfig --add start-zeronet

Installing the Tor Browser

Now we just need to install the Tor Browser and we are done.
To do this:

  1. Go back to the downloads directory and unpack the Tor Browser bundle:

    cd /home/user/Downloads
    tar -xvf tor-browser-linux64-{someversion}_en-US.tar.xz

  2. Move the Tor Browser to /usr/local/share and change the owner of the moved folder, to the default user:

    sudo mv tor-browser_en-US/ /usr/local/share/tor-browser_en-US/
    sudo chown -R user:user /usr/local/share/tor-browser_en-US/

  3. Now go there and run the Tor Browser for the fist time(this will set the paths, in the inner workings of the Tor Browser, to the current location):

    cd /usr/local/share/tor-browser_en-US/
    sudo runuser -u user ./start-tor-browser.desktop

    You might be asked how you want to connect to Tor. If your government or ISP restricts your internet, follow the instructions on screen, otherwise press connect.

  4. You can now configure the Tor Browser however you want, but what you absolutely have to do in order for Zeronet to work is:

    1. Go into Preferences, under General, scroll down to Network Proxy and press the Settings... button. In the No Proxy for field add 127.0.0.1:43110 and than hit OK, to close the window.

    2. Click the green onion button in the top left(or sometimes top right), press Security Settings... and move the slider all the way up(to safest). While doing this is not required in order for Zeronet to work, I strongly suggest doing it, since in Tor Browser version 8 the slider setting 'Standard' does barely anything to preserve your anonymity!

What I think is nice to have enabled(=you don't need to do this):

  1. Go into Preferences and under General change the homepage to 127.0.0.1:43110(this sets the homepage to the IP and port of the Zeronet ui-server)

  2. Go into Preferences and under General check Use autoscrolling. This enables autoscrolling(= the scroll thingy that appears, if you middle-mouse-click on most browsers).

  3. If you have an version of the Tor Browser, that is 8 or above, you are not able to do this part and can skip it. If not, you are using an older version of the Tor Browser. Please keep in mind, that it is strongly advised, that you always use the latest available version. Old Tor Browser versions are considered insecure! Select the NoScript icon, click Options..., than on Whitelist, put http://127.0.0.1:43110 in the Address of web site: text field and press the Allow button. You can then hit OK to save and close the window.

You can now close the Tor Browser and return to the terminal.

Now, that we have configured our Tor Browser we need to make it usable for appVMs and set up our templateVM for easy maintenance. To do this we need to copy our current(configured) Tor Browser to /usr/local.orig/share, since appVMs will, on their creation, copy all contents of their templateVMs /home.orig/ and /usr/local.orig to their /home/ and /user/local/ directories. We need to have the normal user terminal for the next part. You can close the terminal and then reopen it or run exit, to get back to the user terminal. After that, we:

  1. Make the directory
    sudo mkdir /usr/local.orig/share/tor-browser_en-US/

  2. Copy the Tor Browser files over there
    cp -R /usr/local/share/tor-browser_en-US/Browser/ /usr/local.orig/share/tor-browser_en-US/Browser/
    cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop

  3. And change the ownership of the directory
    sudo chown -R user:user /usr/local.orig/share/tor-browser_en-US/

Now we need to tell Qubes, that we have installed the Tor Browser, so that we can select it in the add/remove app shortcuts for this qube section of the Qubes manager. To do that, we need to move the start-tor-browser.desktop file to an location, that can be found by Qubes. In our case, we'll choose /usr/share/applications:

  1. We make a copy of start-tor-browser.desktop and place it into /usr/share/applications with:

    sudo cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/share/applications/start-tor-browser.desktop

  2. We then just need to adjust the permissions for the desktop file.

    sudo chmod 644 /usr/share/applications/start-tor-browser.desktop

And with that we are basically done with the templateVM, however there are a few things we can add, to make life easier for us later.

Making life easier

We do this by adding scripts that help in the templateVM, by:

  1. Starting the Tor Browser in the templateVM(same as using the Qubes shortcut)

  2. Making changes, made to the configuration to the Tor Browser in the templateVM, available to all appVMs that use that template.

  3. Restoring the Tor Browser configuration, that is available to all appVMs inside the templateVM.

In addition to that: One script that will help in the appVMs, by applying the Tor Browser configuration, that was made available through the templateVM.

Note: I will put all scripts in the /home/, as well as in the /usr/local/bin directory, so that you can quickly see what scripts there were and how they where called. You can run them as if they were a normal terminal command or by executing the script more explicitly with ./runSomething.sh.

In this section, we need to have an terminal with user permissions. To achieve that, you can either close the terminal and open a new one or run exit in your current terminal.

For script 1 we:

  1. Move to the /home/ directory
    cd /home/user/

  2. Create and open the file that contains our script:
    gedit runTemplateTorBrowser.sh

  3. Paste this script in there:

    #!/bin/sh
    cd /usr/local/share/tor-browser_en-US/
    ./start-tor-browser.desktop
    
  4. Save and close the file.

  5. Adjust permissions for the file
    sudo chmod 755 runTemplateTorBrowser.sh

  6. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp runTemplateTorBrowser.sh /usr/local/bin/runTemplateTorBrowser

Moving on to script 2, we:

  1. Create and open the file that contains our script:
    gedit applyTemplateTorBrowser.sh
  2. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local.orig/share/tor-browser_en-US/Browser/
    rm /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local/share/tor-browser_en-US/Browser/ /usr/local.orig/share/tor-browser_en-US/Browser/
    cp /usr/local/share/tor-browser_en-US/start-tor-browser.desktop /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop
    
  3. Save and close the file.

  4. Adjust permissions for the file
    sudo chmod 755 applyTemplateTorBrowser.sh

  5. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp applyTemplateTorBrowser.sh /usr/local/bin/applyTemplateTorBrowser

Then script 3:

  1. Create and open the file that contains our script:
    gedit revertTemplateTorBrowser.sh
  2. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local/share/tor-browser_en-US/Browser
    rm /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local.orig/share/tor-browser_en-US/Browser /usr/local/share/tor-browser_en-US/Browser
    cp /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    
  3. Save and close the file.

  4. Adjust permissions for the file
    sudo chmod 755 revertTemplateTorBrowser.sh

  5. Copy it to /usr/local/bin, to have it available as an terminal command
    sudo cp revertTemplateTorBrowser.sh /usr/local/bin/revertTemplateTorBrowser
    now close all open windows and shut the VM down.

And finally for the appVM script, we:

  1. Move to the /home.orig/ directory
    cd /home.orig/user/
  2. Create and open the file that contains our script:
    gedit updateTorBrowser.sh
  3. Paste this script in there:

    #!/bin/sh
    rm -R /usr/local/share/tor-browser_en-US/Browser
    rm /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    cp -R /usr/local.orig/share/tor-browser_en-US/Browser /usr/local/share/tor-browser_en-US/Browser
    cp /usr/local.orig/share/tor-browser_en-US/start-tor-browser.desktop /usr/local/share/tor-browser_en-US/start-tor-browser.desktop
    
  4. Save and close the file.

  5. Adjust permissions for the file
    sudo chmod 755 updateTorBrowser.sh

  6. Copy it to /usr/local.orig/bin, to have it available as an terminal command in that appVM
    sudo cp updateTorBrowser.sh /usr/local.orig/bin/updateTorBrowser

Tasks

Creating an Zeronet appVM

Now you'll just need to create an appVM, in which you'll actually use Zeronet.
To do that:

  1. In Qubes select Create a new qube.

  2. Choose what you want to name it.

  3. Select appVM as the type.

  4. Take the Zeronet templateVM(the one we just made) as template and use whichever netVM you want.
    Note: Since we instructed Zeronet to make all connections through Tor, selecting sys-whonix would mean we go through Tor twice. The safest and fasted choice here would be to choose an VPN netVM, to catch any leaks or potential mistakes you make. Choosing sys-firewall as netVM is also alright, if you don't have to worry about leaks, mistakes on your end, that may reveal your real IP or your ISP knowing you use Tor.

  5. Click finish to continue.

  6. After the qube is created right click the VM and click add/remove app shortcuts.

  7. Select the Tor Browser and add any application you also want to have. Keep in mind that you may have to refresh the applications before the Tor Browser shows up there.
    Note: If you're only going to use this qube for Zeronet browsing, you don't need to select Firefox, since you're always going to use the Tor Browser to do that, anyway.

Updating Zeronet

To update Zeronet, you need to start the templateVM and the Tor Browser. You can do this by:

  • Pressing the Tor Browser icon in the Qubes shortcuts for the templateVM
  • Opening the terminal and running ./runTemplateTorBrowser.sh in the /home/user/ directory
  • Opening the terminal and running runTemplateTorBrowser

This will start the Tor Browser.
If you do this the first time, you'll see that Zeronet is downloading ZeroHello again, which makes sense, because we deleted the /usr/share/ZeroBundle/ZeroNet/data/ directory and specified a new data directory(inside the home folder) in the setup above.
Wait until Zeronet is finished downloading and then update Zeronet as you would always do:

  1. Clicking the three dots.

  2. Clicking Version{version}({rev}):{status}.

  3. Confirm the dialogue, that pops up by pressing Update ZeroNet{version}.

  4. Wait until the Connection with UiServer Websocket recovered. message appears.

After the update is done, you can shut down Zeronet and after that the templateVM as well. The Zeronet update is automatically applied on every appVM that has this templateVM as template.
Note: You also can visit and download http://127.0.0.1:43110/1UPDatEDxnvHDo7TXvq6AEBARfNkyfxsp/, before you update. This will cause all updates to be downloaded, using Zeronet itself.

Updating the Tor Browser in the templateVM

Before you do this: Read the Things to keep in mind section below!
To update the Tor Browseror in the templateVM or change it's configuration, you need to start the templateVM and the Tor Browser. You can do this by:

  • Pressing the Tor Browser icon in the Qubes shortcuts for the templateVM
  • Opening the terminal and running ./runTemplateTorBrowser.sh in the /home/user/ directory
  • Opening the terminal and running runTemplateTorBrowser

This will start the Tor Browser. Now you need to click the onion icon on the top left(sometimes top right) and select Check for Tor Browser Update.... The Tor Browser will now automatically update itself. If you also want to modify the Tor Browser configuration, you can do that now, too. After you are done, you can close the Tor Browser. Now, for your changes and the update to be available to the appVMs, you need to open the terminal and do one of these:

  • ./applyTemplateTorBrowser.sh in the /home/user/ directory
  • applyTemplateTorBrowser

If you made changes, that you changed your mind about, don't know how to reverse and haven't made them available yet(through the applyTemplateTorBrowser command), you can use one of these:

  • ./revertTemplateTorBrowser.sh in the /home/user/ directory
  • revertTemplateTorBrowser

to revert the Tor Browser inside the templateVM back to the configuration it had before. Specifically revertTemplateTorBrowser will revert the Tor Browser to the state after the last time applyTemplateTorBrowser has been used.
Note: This is not a full backup feature, just a nice thing that we can do, because our setup allows this. revertTemplateTorBrowser blindly replaces the Tor Browser in the templateVM with the contents of /usr/local/share/tor-browser_en-US/, this will not be an issue, if you only use the scripts above, but is something to keep in mind if you do/did some hands on stuff.

You can now shut the templateVM down. From this point on every newly created appVM will use the updated Tor Browser. For appVMs, that were created before the update was made, you need to open them and in their terminal and run one of these:

  • ./updateTorBrowser.sh in the /home/user/ directory

  • updateTorBrowser

This will apply the update on the Tor Browser in that appVM.
Note: Using updateTorBrowser will erase anything, that wasn't already in the Tor Browser inside the templateVM, for example bookmarks and add-ons. Make a backup of those before using that command!

Updating the Tor Browser in an appVM

Start the Tor Browser. Now click the green onion icon on the top left(sometimes top right) and select Check for Tor Browser Update.... The Tor browser will now automatically update itself. After it is done, you can restart the Tor Browser.

Updating the templateVM

Start the Qubes Manager, select the templateVM and press the Update qube system button (the blue downward pointing arrow).

Things to keep in mind

  • The Tor Browser is only inherited once, meaning that after you have created an appVM from the templateVM, the Tor Browser in that appVM will not be influenced by the templateVM, unless you run the updateTorBrowser script.
    In other words: Changes, that you make in the templateVM Tor Browser, will not be automatically on all appVMs, that have been created from the templateVM! The changes only automatically appear in appVMs that are created after the changes to the templateVM Tor Browser were made! For all other appVMs call one of these:
    • ./updateTorBrowser.sh in the /home/user/ directory
    • updateTorBrowser
Read more

Hello World!

on Aug 29, 2018

Hi there,
my I'm pexo and welcome to my blog.

What will I find on here?

On here I will post about all kind of things, that I think are of interest, things I am working on or have worked on. I'll try to make my posts here as 'worthwhile' and 'quality' as possible. So you can (most likely) expect tutorials and somewhat more in depth explanations here.

Where else can I find you?

My ZeroID is: pexo@zeroid.bit and I have accounts at:

I have a Tox(Clearnet) account, as well.
ID:38B45630BEF5B3F1148AF7FBA19ED4CC29ECBB50756DF6CBC0B0B302D0DB19471A6F08E04C18

I am often on Millchan, ZeroTalk and ZeroMe. If you want to talk to me you can use the comments on this blog, ZeroMe or ZeroMail(although I don't check ZeroMail terribly often, so it may take a while before I respond there).

Read more
Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Not found

Title

21 hours ago · 2 min read

0 Comments:

user_name1 day ago
Reply
Body
This page is a preview of ZeroNet. Start your own ZeroNet for complete experience. Learn More