BusKill
Veracrypt Self-Destruct Trigger
This ticket will track the effort to implement a self-destruct trigger for veracrypt.
Work was started on this by @jneplokh here:
- https://github.com/BusKill/veracrypt-self-destruct
But I believe they got stuck on privilege escalation in Windows. When developing the soft-shutdown trigger on MacOS, I also encountered issues running as a non-root user, so I wrote a simple wrapper to launch a child process as root. I believe this would need to be ported to Windows for this task:
- https://github.com/BusKill/buskill-app/blob/v0.6.0/src/packages/buskill/init.py#L567-L751
- https://github.com/BusKill/buskill-app/blob/v0.6.0/src/packages/buskill/root_child_mac.py
Deliverables would be:
- A function
spawn_root_child()- A python function that, when executed as a non-root user, asks the user (via the official OS UAC prompt) for their password and then launches another python script (root_child_win.py) as child process with root privileges. root_child_win.shA python script that, when executed as root by wrapperspawn_root_child(), it loops and waits for a command sent over stdin. If sent averacrypt-self-destructcommand, then it calls a functiontrigger_veracrypt-self-destruct()- A function
trigger_veracrypt-self-destruct()that finds all veracrypt volumes, securely wipes the veracrypt header and footer, and initiates a hard shutdown - a forensic analysis that proves this works
[1] above would be similar to spawn_root_child() in src/packages/buskill/__init__.py https://github.com/BusKill/buskill-app/blob/52d699a5eff851212ce7bddf55942a8df28c319a/src/packages/buskill/init.py#L567-L751
[2] would be similar to https://github.com/BusKill/buskill-app/blob/master/src/packages/buskill/root_child_mac.py
[3] above would be similar to https://github.com/BusKill/buskill-linux/blob/master/triggers/buskill-selfdestruct.sh
[4] above would be similar to https://www.buskill.in/luks-self-destruct/
