Encrypted Storage: Create Encrypted File Container Ubuntu 16.04LTS

Luks-formatted file container on your harddrive or cloud storage solutions

In the year 2017, a lot of security issues surfaces, and ransomware are lurking in the cyberspace preying on the next victim. Be it the oft-quoted ‘vulnerable operating system’ like Windows, or other ‘more secure’ platforms like Linux kernel driven operating system or Macintosh operating system, once you are in the cloud, you are equally vulnerable.

Hence, we can take one small step in securing our data online. I have read this article on a security blog written by Nick Thomadakis from Cybrary, a education provider for IT security.

You can read on this website. Just be aware that you need to register to view the content or you can use chrome extension, ScriptSafe, to turn off the script giving the website to your browser.

Let’s begin with the first approach (a casual approach to creating the file container) :

1st step:  let’s search for the module dm_crypt (to know more: click on the attached link to Archlinux documentation on dm-crypt) which is an application to create a virtual partition using embedded cryptographic capability in the Linux kernel.

Run command: lsmod | grep ‘dm_crypt’

If the module is loaded the following output should appear below the command:

dm_crypt                                     28672          0

2nd step: If not, we can always insert the dm_crypt module with the option verbose (-v) to see the module being activated.

Run command: sudo modprobe -v dm_crypt

3rd step: We proceed to install the Ubuntu package of dm-crypt known as cryptsetup. ( You can read the man pages by running command man cryptsetup )

Run command: sudo apt-get install cryptsetup

4th step: As the package is installed, we can now do the proper setup of the file container. We create a storage size depends on our own need. For example, i going to create a 500MB  file container on my Dropbox folder by navigating to the Dropbox folder and create a file container called ‘crypt’ using fallocate command.

Run command: cd ~/path/to/Dropbox
                         fallocate -l 500MB crypt

Note: Depends on your storage capacity on Dropbox or other media, you can create the file container size in multiplicative suffixes of following: KB, MB, GB, TB,  PB, EB, ZB and YB. (or alternative unit suffixes : KiB, MiB, GiB, TiB, PiB, EiB, ZiB, YiB.)

A 500MB file of unknown filesystem appears in my Dropbox folder. It is time to encrypt the file container with industrial strength application.

5th step: Let’s start using the cryptsetup application to encrypt ‘crypt’ with LUKS format, a open source industrial grade encryption which claims to require several times the world GDP to break the encryption.

Run command: sudo cryptsetup luksFormat ~/path/to/Dropbox/crypt

We answer YES (uppercase letter please) to the prompt to overwrite ‘crypt’ file container irrevocably. We set the password (passphrase) which we need to open the ‘crypt’ file container. You can create a tough but easy to enter (on your laptop keyboard) password using a password manager like KeePass2 (or KeePassX) which is recommended because it is easily available on Android smartphone and Windows too for your day to day web surfing.

6th step: Now we open the luks-formatted ‘crypt’ file container in a intermediate holding folder, arbitrarily called ‘decrypt’ or you can use a simple 2-letter name like ‘SG’. The command takes the format ‘sudo cryptsetup luksOpen /path/to/source /path/to/holding‘. Note the option ‘luksOpen’ as in the previous option ‘luksFormat’ has the uppercase character ‘O’ and ‘F’ respectively after the ‘luks’ prefix.

Run command: sudo cryptsetup luksOpen ~/path/to/Dropbox/crypt decrypt

7th step: Before we start saving any files, we need to create a proper filesystem on ‘decrypt’ folder which has the following path dev/mapper/decrypted_folder. In my case, i choose Ext4, which is stable since late 2009 (October 2009 release of Ubuntu 9.10).

Run command: sudo mkfs -t ext4 /dev/mapper/decrypt

8th step: Now we create an arbitrarily named folder in $HOME with root permission. In my case i create the folder called ‘secondcrypt’ so that the decrypted files is not easily editable by people with no root permission.

Run command: sudo mkdir ~/secondcrypt

9th step: We can now mount the ‘decrypt’ folder on ‘secondcrypt’ folder. Once done, we can start saving files in the folder with root permission. Note: some files are not saved easily when you use a application with no root permission to edit. Hence you need to save it in a temporary location and move it into the mounted ‘secondcrypt’ folder with root permission. Best is you can directly edit the file permission using sudo nautilus.

Run command: sudo mount /dev/mapper/decrypt ~/secondcrypt

10th step: Once we are done with saving our precious work, we proceed to dismount the ‘secondcrypt’ folder. Then we close the intermediate decrypted folder ‘decrypt’ using the command luksClose (in format sudo cryptsetup luksClose /path/to/holding) .

Run command: sudo umount ~/secondcrypt
                         sudo cryptsetup luksClose decrypt

Now, the serious Second approach that is more secure: 

We need to only alter the 4th step in comparison with the 1st approach that is maybe less secure. A reference is here which is written by Justin Ellingwood from DigitalOcean, a cloud infrastructure service provider. The file container referred to is hosted on a Virtual Private Server(VPS).

4th step: The move away from the above approach is due to the fact that the old, deleted files may exist beneath the allocated space that is now held by ~/path/to/Dropbox/crypt or ‘crypt’ file container. The encrypted data may be easily distinguished from the rest of the empty hard disk drive written with zeros and random data.

One way of securely erasing the old, deleted data is using dd command. ( You can read the man pages by running command man dd ). Below are the dd commands stated by Justin Ellingwood in the DigitalOcean blog.

‘Most paranoid’ Run command: dd if=/dev/random of=~/path/to/Dropbox/crypt bs=1M count=512
‘Secure’ Run command: dd if=/dev/urandom of=~/path/to/Dropbox/crypt bs=1M count=512
‘Quite Secure’ Run command: dd if=/dev/zero of=~/path/to/Dropbox/crypt bs=1M count=512

The main thing in how secure is the wipe of the allocated space is dependent on the input file path (if) assigned with the 3 pseudo-devices : /dev/zero, /dev/urandom, /dev/random.

The /dev/urandom pseudo-device is good enough to mimic the encrypted data that will be written into the ‘crypt’ file container.

Conclusion

Let’s summarise the steps we may need in our daily life to store our data in the ‘crypt’ file container.

1st command: sudo cryptsetup luksOpen ~/path/to/Dropbox/crypt decrypt
2nd command:  sudo mount /dev/mapper/decrypt ~/secondcrypt
3rd command: sudo umount ~/secondcrypt
4th command: sudo cryptsetup luksClose decrypt

Happy encrypting our data!

Using HDSentinel in Ubuntu 16.04

If you are still using spinning harddrive, concerned about the health of your harddrive and using Linux, in particular, Ubuntu 16.04, you are in the right place

Running HDSentinel is quite simple in Linux. You need to download the file Hard Disk Sentinel LINUX (FREE) from http://www.hdsentinel.com/download.php

After extracting the file into your preferred directory, we export the path which is the directory using the command ‘export’ : export PATH=$PATH:/path/to/bin . Then, we can preserve the path enviroment to run HDSentinel using administrative sudo command: sudo -E env “PATH=$PATH” HDSentinel. Alternatively, we may need to edit the sudoers file to include the /path/to/bin using the command: sudo -E visudo and add /path/to/bin  in the line below Defaults  mail_badpass like this : Defaults        secure_path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/path/to/bin“

The change above in /etc/sudoers is differentated in light green (and yellow highlight) from the original in dark green. To double check the path in environment, use the command : sudo echo $PATH.

We are done and ready to run the command to check the health of our spinning Harddisk: sudo HDSentinel .

(function(i,s,o,g,r,a,m){i[‘GoogleAnalyticsObject’]=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,’script’,’https://www.google-analytics.com/analytics.js’,’ga’); ga(‘create’, ‘UA-96048892-1’, ‘auto’); ga(‘send’, ‘pageview’);

KeePass in Firefox on Fedora 25/Ubuntu 16.04: Passwords No Fear

If you are using KeePass on Fedora 25 or Ubuntu 16.04, you are in luck. There may be other addons or applications that may do the same task, KeePass is the used and tested application for storing passwords.

Background history: KeePass is built using Xamarin

Do try to use the default theme for Firefox, as there may be interface issue on a 3rd party theme.

Addons needed: PassIFox (either), KeeFox (either), KeePass Helper (optional).

First, you have to install the either one of the addons in Firefox:  KeeFox, or PassIFox. These are the two available addons to act as a go-between for KeePass and Firefox. Personally, i prefer KeeFox, since it has better support at keefox.org

After adding this, we need to install the Mono files (which the application is built on) and extract the pre-built KeePass zip file.

To install Mono is a breeze, just go to the official Fedora community website and execute the Quick command. In Ubuntu, use the apt-get command to install the package ‘mono-complete’.

The Keepass Professional file is found here: http://keepass.info/download.html.

Download and extract the lastest to a directory you found convenient, for e.g., /home/your_username/KeePass

In this directory, create a ‘plugins’ folder and paste the keepassRPC.plgx file into ‘plugins’. The plugin can be found at the developer github repository:
https://github.com/luckyrat/KeeFox

You are ready to create a new database in a local directory (in .kdbx format) ,create a key file (in .key format) and a master password.

Remember to set the database or one of the subcategory as KeeFox start group as shown in the picture below.

Now you are ready to go with Keepass integration with Firefox.

 

 

 

Debian 8 Jessie: Wireless mini PCI express Ralink RT3090sta Driver installation

Background: Linux Mint Debian running in Mate Environment

Prior to verify the model of you wireless Network Controller, it is important to ensure that Network Manager(which is default in Gnome and Mate) is running.

Issue command: sudo lshw -C network
Please note that *-network UNCLAIMED is shown prior to installing the required package listed below.

Ensure that your /etc/network/interfaces file is clean as mine:

source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback

The most you need to add are the three lines above.

From the above the model is RT3090 Wireless 802.11n
PCIe.

Required package:  ‘firmware-ralink‘ and ‘wireless-tools‘ package

Install the ‘firmware-ralink‘ driver (perhaps ‘wireless-tools‘ too if not already installed) to provide support for RT3090 driver.

Issue command: sudo apt-get update && sudo apt-get install firmware-ralink

Important: ensure no Ralink RT28xx driver is blacklisted in /etc/modprobe.d/blacklist.conf

Reboot the PC to allow the driver to initiate.

If the driver is not loaded up after the reboot, initiate the command :

sudo modprobe rt2800pci

If the ‘firmware-ralink’ is not working, you can try the alternative package ‘rt3090-dkms’ on Ubuntu thread : http://ubuntuforums.org/showthread.php?t=1669283 .

Hopefully it works by now and you can confirm it by running the command ifconfig or lshw -C network. The ‘logical name‘ row (lshw -C network) is an indication that your device is identified.

 

Installing ffDiaporama Development Version in Fedora 23

Preliminary
As the maintainer for ffDiaporama is not maintaining the project, i decided to try out the development version which tends to be ahead of the stable version.

Select the Linux button from ffDiaporama Landing site (http://ffdiaporama.tuxfamily.org/?page_id=3635) .

We shall see this page.

There is a script for Fedora, but i can’t seem to get it to work. Hence, i downloaded the zip files found under the section “Other cases”.

Download the three files, Resource package – Source files package,Application package – Source files package, Texturemate extension – Source files package.

Installing Qmake and other prequisites

 Go for Qt5

Installation prerequisites:
sudo dnf groupinstall development-tools
     sudo dnf install gcc-c++
     sudo dnf install qt5-qtbase-devel qt5-qttools-devel qt5-qtsvg-devel qt5-qtbase qt5-qttools qt5-qtsvg qt5-qtimageformats qt5-qtmultimedia-devel qt5-qtmultimedia qt5-qtdeclarative-devel
     sudo dnf install ffmpeg ffmpeg-devel
     sudo dnf install SDL SDL-devel SDL_mixer-devel SDL_mixer
     sudo dnf install exiv2 exiv2-devel
      

     cd
     test -d bin || mkdir bin
     cd bin
     ln -s /usr/bin/qmake-qt5 qmake
     ln -s /usr/bin/lrelease-qt5 lrelease

NB: If previous “symbolic link” (to earlier Qt, e.g. Qt3 and Qt4, exists, please remove them (e.g. sudo rm qmake) and relink again (e.g. ln -s /usr/bin/qmake-qt5 qmake)

Editing Header files (cDeviceModelDef.h & -EncodeVideo.cpp)

NB: Prior to install “ffDiaporama.zip” if you r using ffmpeg 2.8.7 (or above, which i believe applicable to higher version)

#define RESAMPLE_MAX_CHANNELS SWR_CH_MAX
to
#define RESAMPLE_MAX_CHANNELS 32

in cDeviceModelDef.h

Add in
VideoStream->time_base                  = VideoFrameRate;  
//ffmpeg 2.8.7 and above
right after the line
VideoStream->codec->time_base           = VideoFrameRate;
in _EncodeVideo.cpp.

Installing ffDiaporama

NB: Do install ffDiaporama Resource before ffDiaporama Main. After installing ffDiaporama Main, you may proceed to install plugin like Texturemate and Openclipart.

Installing ffDiaporama Resource (ffdiaporama_rsc_2.2.devel.2014.0503.tar.gz)

1) Extract the file in your preferred workspace.
2) Compilation:
     qmake /PREFIX=/usr -o Makefile ffDiaporama_rsc.pro
     make
3) Installation:
 sudo make install

Installing ffDiaporama Main (ffdiaporama_bin_2.2.devel.2014.0701.tar.gz)

1) Extract the file in your preferred workspace.
2) Compilation:
qmake ffDiaporama.pro /PREFIX=/usr
     make
3) Installation:
  sudo make install

Installing ffDiaporama Texturemate 
(ffdiaporama_texturemate_1.0.2014.0125.tar.gz)

1) Extract the file in your preferred workspace.
2) Compilation:
  qmake ffDiaporama_texturemate.pro CONFIG+=release
     make

3) Installation:
sudo make install

Installing ffDiaporama Openclipart
1) sudo dnf install openclipart

Happy making your Video Presentation on Fedora 23!

 

 

Using LibreOffice to insert a ticked box

Operating System: Linux Mint Debian Edition
LibreOffice: 4.3.3.2

Insert> Special Characters> OpenSymbol>Select U+E531

Thumbdrive and Oracle VirtualBox

Safely remove Hdd/Thumbdrive on Linux Mint Debian Edition

Sometimes the eject option is not available to safely remove a external storage device, the way to do it manually is to issue the following command:

udisks –detach /dev/sd*

Resolving gpg-keyserver error updating VirtualBox

Advice: follow the instruction on https://www.virtualbox.org/wiki/Linux_Downloads to update the repository list in your /etc/apt/sources.list

NB: An error likely to surface when updating Oracle VirtualBox on Debian-based distribution (including Ubuntu):  “Error! Could not locate dkms.conf file.
File: does not exist.”

1) Simply delete the previous version folder in /var/lib/dkms/vboxhost/ for e.g. (/var/lib/dkms/vboxhost/5.X.XX)

2) issue the command “sudo /etc/init.d/vboxdrv setup” and the error is gone.

Checking your harddisk using smartctl

This short tip is to check your harddisk to check if it is active or in standby mode using smartctl  command:

 sudo smartctl -i -n standby /dev/sdx

Note:
x = a letter representing the device you are checking

Happy holidays!

History is to be corrected Arduino & Wiring

I support Wiring for its modern approach to teaching schoolchildren the basics of computing.

It is a shame that Arduino has appropriated the ideas of Wiring.

The purpose of writing this post is to lend support to Hernando Barragán the original creator of concepts behind Arduino. 

Full Story can be read here :  http://arduinohistory.github.io/#what-is-programma2003-and-how-is-it-related-to-you-or-to-wiring

Backing up the stock partitions of Android Kindle Fire HD 7 (codenamed Tate) using Android Sdk and installing TWRP 2.8.7

This article is about installing TWRP on Kindle Tate and still use your stock ROM.

Using the following commands after going to /path/to/Android/Sdk folder:

./platform-tools/adb shell su -c “dd if=/dev/block/mmcblk0boot0 of=/sdcard/boot0block.img”

./platform-tools/adb shell su -c “dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/boot of=/sdcard/stock-boot.img”

 ./platform-tools/adb shell su -c “dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/recovery of=/sdcard/stock-recovery.img”

./platform-tools/adb shell su -c “dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/system of=/sdcard/stock-system.img”

i have verified the system integrity of my Kindle Fire 7 HD (in this article aka Kindle Tate).

Next, i can proceed to backup the partitions with the following commands:

./platform-tools/adb pull /sdcard/boot0block.img

./platform-tools/adb pull /sdcard/stock-boot.img

./platform-tools/adb pull /sdcard/stock-recovery.img

 ./platform-tools/adb pull /sdcard/stock-system.img

Prequisite to move to the next step: !) A Factory Cable (A Factory Cable is used to set Kindle Tate in Fastboot mode). 

Proceed to install the bootloader by downloading the files comprising stack override file, TWRP 2.8.7.0 recovery image, kfhd7-freedom-boot-7.4.6.img, older 7.2.3 bootloader file posted here (http://forum.xda-developers.com/showthread.php?t=2128848). 

As i used the adb tool in Android Studio, i proceed to have the downloaded files placed in /path/to/Android/Sdk folder and proceed to install stack override in Kindle Tate’s /system:

./platform-tools/adb push stack /sdcard/

./platform-tools/adb shell su -c “dd if=/sdcard/stack of=/dev/block/platform/omap/omap_hsmmc.1/by-name/system bs=6519488 seek=1” 

Deactivate the original recovery update script in Kindle Tate:

./platform-tools/adb shell su -c “mount -o remount,rw ext4 /system”

./platform-tools/adb shell su -c “mv /system/etc/install-recovery.sh /system/etc/install-recovery.sh.bak”
 
./platform-tools/adb shell su -c “mount -o remount,ro ext4 /system”

Now, we are ready to proceed to install Teamwin Recovery Project on Kindle Tate. We unplug and turn off Kindle Tate and connect Kindle Tate back to the computer with a Factory Cable to put Kindle Tate in fastboot mode.

In Linux (in particular, Debian and Ubuntu), we can proceed to do md5sum check on the downloaded files. This is to ensure file integrity prior to flashing the files (namely bootloader kfhd7-u-boot-prod-7.2.3.bin, boot kfhd7-freedom-boot-7.4.6.img, flash recovery kfhd7-twrp-2.8.7.0-recovery.img)

We flash each file in the order of the command below one by one:

fastboot -i 0x1949 flash bootloader kfhd7-u-boot-prod-7.2.3.bin
 
fastboot -i 0x1949 flash boot kfhd7-freedom-boot-7.4.6.img
 
fastboot -i 0x1949 flash recovery kfhd7-twrp-2.8.7.0-recovery.img
 
fastboot -i 0x1949 reboot

After going through the painstaking steps above, we may proceed to  make major modifications on Kindle Tate. (Proceed with caution)  
Above credits fully goes to the developer with nickname Hashcode on XDA Developers.