Bitcoin Forum
November 14, 2024, 09:57:56 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: [OpenSource live USB OS] BitSafe, a safety deposit box for your bitcoins.  (Read 19571 times)
rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
October 05, 2011, 02:47:25 PM
Last edit: April 19, 2012, 01:08:08 PM by rb1205
 #1

BitSafe is an opensource Debian-based live linux distribution designed to provide an essential and secure environment to store and use your bitcoins from a USB drive, SD card or hard disk.

Unlike other live distros, BitSafe is thought to do nothing else other than to keep your bitcoins really safe. The crypted persistence partition used to store the wallet and the block chain is not mounted as home directory: it's only used by the Bitcoin client and other few applications related to backup and security (gpg and ssh). BitSafe takes care to dynamically mount and unmount said persistence as needed, making everything else volatile: home, cache, temporary files, settings, browser... everything vanishes as soon as it's shut down.
BitSafe comes with full networking support, TOR included, but you can also use it offline for even greater security. When you'll need your bitcoins, you just have to connect it to the net and let it download the block chain.
   
Features:
  • Very light, it can be run on about any PC. If it has 64 MB of ram or more it can run BitSafe
  • Immunity to most malware around, including keyloggers. If you use the built-in soft keyboard to enter passwords, you are immune to hardware keyloggers, too
  • Comes with the latest official Bitcoin client (bitcoin-qt V0.6.0)
  • Volatile, non-persistent home directory. Persistence (for the bitcoin client and backup applications only) is provided by a secondary partition that is automatically created and mounted on-demand (asking for password) whenever you open bitcoin or any program that needs it, and then it's unmounted when it isn't needed anymore
  • Can download the blockchain from a trusted source, to cut down the time needed for the first sync to less than an hour, down from several days.
  • TOR and Vidalia installed by default. You can start bitcoin with TOR networking just by clicking on a icon.
  • Minimal number of applications and installed packages to reduce attack surface. If you need a browser, there's a script to download and run Firefox from RAM with TORbutton and noscript already installed.
  • Persistent screen locking password to protect the client while you're not at the PC.
  • Multilanguage. The default build supports English, German, Italian, Spanish, French, Portoguese and Russian, but you can download the source and build your own localized version choosing any language supported by Debian Squeeze. ATM BitSafe scripts are localized in english and italian only, feel free to contribute
  • If GUI isn't your thing, you can disable x and go text mode with bitcoind. BitSafe scripts will work just fine

Screenshots


Downloads:

Binary Image V0.6.1B (for first time installations) digital signature, MD5: 5f2e67a2da443d697234ddaf7c5ae7f3
Live filesystem V0.6.1B (to upgrade from previous releases) digital signature, MD5: 8a940da24ac18214f9d98cf37a249ad3
You can check the digital signature with the gpg/pgp public key linked in my forum sign.

Source Code
Github repository: https://github.com/rb1205/BitSafe
git clone git://github.com/rb1205/BitSafe.git

Flashing
THIS WILL FORMAT YOUR FLASH DRIVE AND YOU'LL LOSE ANYTHING YOU HAVE ON IT, INCLUDING THE STORAGE PARTITION AND ANY BITCOIN STORED THERE.
IF YOU HAVE ALREADY INSTALLED A PREVIOUS VERSION OF BITSAFE ON THE SAME DRIVE AND YOU ONLY WANT TO UPGRADE, PLEASE FOLLOW THE INSTRUCTIONS IN THE NEXT SECTION.

You'll need a fast USB drive or SD card of 4gb or more. I say fast for a reason: bitcoin goes heavy on disks, and slow devices will greatly slow it down. You want a drive that can at least put down 10 MB/s of write bandwidth. Here's a brief list of some suitable USB sticks. For SD cards, aim for a class 10 device.
Download the Binary Image file and flash it on your drive.

On Linux: sudo dd if=/path/to/binary.img of=/dev/sdX where sdX is the name of the device (not partition) you want to flash BitSafe on
On Mac: Same as for Linux. Remember to unmount (not eject) the device you want to install BitSafe on before using dd or it'll give an error. NOTE: You'll need some extra steps to let bitcoin boot on a Mac, just as any other USB live linux distribution. Read more about this here.
On Windows: I recommend Image Writer. You'll need to launch it as administrator. Go pick the downloaded binary.img file, choose the letter of the drive you want to install BitSafe on and press "Write".

Upgrading
If you have already installed a previous version of BitSafe on a device and you want to upgrade it without losing your storage partition, just download the Live filesystem from the download section, insert the drive with BitSafe in the computer and overwrite the directory "live" with the one in the file you downloaded.

Usage
  • Insert the device you flashed BitSafe on in the PC you wish to use it and start (or reboot) it.
  • As soon as the PC displays the first screen press repeatly the boot list menu button (usually "F12" or "ESC") and choose the BitSafe device from the list you'll get. If your PC doesn't have a boot list menu you'll have to launch the BIOS setup, navigate into the boot options and set your PC to boot from the device with BitSafe first.
  • Choose your preferred language, hit Enter and wait a minute for BitSafe to start
  • Double click on the Bitcoin icon to launch the first time wizard utility
  • BitSafe will ask if you want to create the storage partition. Press yes and enter your choosen password when requested, you'll have to enter it a total of 3 times. Please keep in mind that there's no way to recover the password, should you forget it.
  • BitSafe will ask if you want to download the block chain from the web. Press yes if you are connected to the internet and you're not paranoid, otherwise press no. Keep in mind that the former option takes about 1 hour to reach the sync state from scratch, while the latter takes about 2-3 days.
  • Finally, the Bitcoin client is launched. You can use it as you usually do.
  • Remember to shut down the PC using the shutdown button in the lower right corner of the screen. Cutting down the power while the client is running may
    lead to blockchain or even wallet corruption.

To Do:
  • Backup manager with multiple encryption and output choices.
  • Script to download the blockchain from here and put in the bitcoin data folder done!
  • Trasparent TOR for every ongoing connection (when enabled)
  • GUI for format script
  • Restore the storage partition after flashing the image, to unify first time installations and upgrading.
  • Tool to export all bitcoin addresses in the wallet.dat file

DISCLAMER:
BitSafe is a beta software. I cannot guarantee you will not have problems.
Under no circumstances I will take any responsibility for any damage done to your hardware, your software and/or your finances directly or indirecly caused by my software.

rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
October 05, 2011, 03:13:01 PM
Last edit: October 06, 2011, 11:27:24 AM by rb1205
 #2

If you find a bug, please post it here or in the project page on github

Translations are very welcome, if you wish to help there's a translation project on GetLocalization

d33tah
Newbie
*
Offline Offline

Activity: 47
Merit: 0



View Profile
October 06, 2011, 03:40:24 AM
 #3

I like the visual keyboard thingy.
btalk
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile WWW
October 30, 2011, 12:50:30 PM
Last edit: October 30, 2011, 01:34:10 PM by btalk
 #4

Unable to download file from the Dropbox

P.S. now all right, this is a temporary problems...

rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
October 31, 2011, 07:02:29 AM
 #5

Version 0.2B released

To upgrade from previous installations, do NOT flash your drive with the binary.img file! Just delete the "padder" file and replace the filesystem.squashfs file in the live directory with the one in the download section.

Change list:

  • Added an internal backup feature, which will be used by the backup frontend i'm working on. Your sensible data is put in a tar.bz2 archieve and backed up every time you mount the persistent storage partition. This includes the wallet.dat file and the gpg and ssh datadirs.
  • Added GPA, a graphical frontend for GPG
  • Fixed some bugs

EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
October 31, 2011, 09:11:50 AM
 #6

This is great, and only now I saw your thread!

Question: is all traffic forced to pass through Tor by default?

Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.

Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?

Thank you for this work. I'll try it out as soon as I can.
rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
October 31, 2011, 10:31:01 AM
 #7

Question: is all traffic forced to pass through Tor by default?
No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

Quote
Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.
I use the "new" connection manager in Debian Squeeze which is AFAIK the same one in Ubuntu. I included all the optional wifi drivers and firmware packets i could find in the debian archives, intel-notfree included. If your card doesn't work, please let me know the model so I can look into it.

Quote
Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?
You're right, that's why in my first builds there was no browser at all. Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it.
Probably, i'll end up giving two different builds, one with the browser and the other one without. I don't like the idea of using a virtual machine, as that would basically cut off all the PCs mounting a CPU without virtualization feature.

EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
October 31, 2011, 01:22:57 PM
 #8

No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

If I'm not mistaken the client does not download the blockchain at "full speed". I don't remember if the reason for this is that the verification process normally takes longer than the download, or that everything is downloaded from one unique connection, not benefiting from the P2P nature of the network like a torrent with so many seeds would. Either case, Tor shouldn't have a much negative impact.
Also, you may deliver your system with the block chain files already downloaded and indexed, up to the point when the release was built. That would be very useful and poses no trust issue.

Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it.

You could argue that your system is meant to be a "safe banking system", not the browsing system the user will use daily. So, people could leave their larger wallets on your system, and in the browsing system have another wallet credited with an amount they could eventually afford to lose.
Plus, sending addresses to the "banking system" could be done by writing them on a file on the disk, and once in BitSafe, mounting the disk and reading this file. Eventually this could even be automated with a browser plugin on the browsing system side, and an utility app on BitSafe side that would know where to search for addresses during boot time, and then ask the user if he wants to confirm those payments (amount and description info could be included, like those bitcoin URLs. Just giving some ideas... Smiley

I don't like the idea of using a virtual machine, as that would basically cut off all the PCs mounting a CPU without virtualization feature.

I didn't quite understand what you meant there... there are PCs incapable of running a virtual machine?
rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
November 01, 2011, 12:17:57 PM
 #9

Either case, Tor shouldn't have a much negative impact.
Nice to hear!  Smiley

Quote
Also, you may deliver your system with the block chain files already downloaded and indexed, up to the point when the release was built. That would be very useful and poses no trust issue.
I don't like "prebuilt" block chains: i think the right (default) approach is letting the client download and verify the block chain via P2P. Besides, many people (including me) may want to use bitsafe as offline wallet generator. I think I'll add a script to download and install the block chain from some trusted source.

I didn't quite understand what you meant there... there are PCs incapable of running a virtual machine?
Yes, every CPU is capable of running a virtual machine but only those with hardware virtualization can do it efficently. As this build is likely to be used on old laptops with outdated hardware, I feel that running a modern browser via software virtualization on those slow CPUs isn't viable.
Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO

EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
November 01, 2011, 01:49:47 PM
 #10

I've just tested the system. I've found some issues:

  • As I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial
and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown.  Sad Is there a way to make such configuration persistent?
  • After I had wifi, I loaded Bitcoin to download the blockchain. I made a mistake with the virtual keyboard and the verification of my password didn't match the first input. The script went a bit crazy after that and created a persistent partition that I cannot access. It claims it's corrupted but doesn't offer to overwrite it (normal, since it doesn't know if there are coins there). I'll probably just format everything since I don't have anything to lose.
  • Not a big issue, but it seems the keyboard layout is chosen based on the language you select on startup. Not sure if it's the best choice... when I chose Portuguese, I couldn't find the symbols I wanted anymore.
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
November 01, 2011, 01:56:04 PM
 #11

Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO

Yes, it should. Even more if you add NoScript to that firefox.
rb1205 (OP)
Hero Member
*****
Offline Offline

Activity: 797
Merit: 1017



View Profile
November 01, 2011, 10:16:45 PM
 #12

    [lAs I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial[/li][/list] and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown.  Sad Is there a way to make such configuration persistent?
    I'll check if that fix doesn't block any working configuration, mostly the blacklisting part. If it doesn't, I'll add it to the build.

    Quote
    After I had wifi, I loaded Bitcoin to download the blockchain. I made a mistake with the virtual keyboard and the verification of my password didn't match the first input. The script went a bit crazy after that and created a persistent partition that I cannot access. It claims it's corrupted but doesn't offer to overwrite it (normal, since it doesn't know if there are coins there). I'll probably just format everything since I don't have anything to lose.
    It's intended: bitsafe will automatically start the persistent partition format utility only if no secondary partitions are found on the current drive. If any is present but it can't be properly mounted, which is your case, you will need to manually start the format script in the system menu as stated in the error message.

    Quote
    Not a big issue, but it seems the keyboard layout is chosen based on the language you select on startup. Not sure if it's the best choice... when I chose Portuguese, I couldn't find the symbols I wanted anymore.
    That's a problem i'm trying to fix. There's a keyboard layout switcher applet, but it shows the current layout as the only possible choice. I'll look into it.

    EhVedadoOAnonimato
    Hero Member
    *****
    Offline Offline

    Activity: 630
    Merit: 500



    View Profile
    November 03, 2011, 08:08:43 PM
     #13

    I'll check if that fix doesn't block any working configuration, mostly the blacklisting part. If it doesn't, I'll add it to the build.

    Thank you!


    By the way, today I had a weird error, which I'm not sure if it's related to BitSafe somehow, or bitcoin itself.

    I've left my laptop downloading the block chain, not connected to the power supply, until the battery was over. So, there was this sudden shutdown during block download. After I restart and tried to load the bitcoin client again, I got two error popups, with the following messages:

    First popup:

    EXCEPTION: NSt8ios_base7failureE       
    CAutoFile::read : end of file       
    bitcoin in AppInit() 


    Second popup:

    EXCEPTION: NSt8ios_base7failureE       
    CAutoFile::read : end of file       
    bitcoin in CMyApp::OnUnhandledException()


    And after clicking OK to the second popup, nothing happens, bitcoin does not start.

    Does this make any sense to you?
    rb1205 (OP)
    Hero Member
    *****
    Offline Offline

    Activity: 797
    Merit: 1017



    View Profile
    November 03, 2011, 11:39:44 PM
     #14

    It looks like you have a corrupt blockchain. It happened once for me when i disconnected the USB drive while bitcoin was running. Can you check that the issue (and the blockchain) disappears when you delete everyting in the /storage/bitcoin folder except for the wallet.dat file?

    Red Emerald
    Hero Member
    *****
    Offline Offline

    Activity: 742
    Merit: 500



    View Profile WWW
    November 04, 2011, 12:04:32 AM
     #15

    Very cool.  I'd been playing around with building my own live CD, but you beat me to it.

    What version of the bitcoin client do you have installed (and what version of libdb++ did you use)?  If I wanted to use my own branch (like one of sipa's with the private key import), what would be the easiest way to do that?  What would be the easiest way to get namecoin installed?  I haven't done much with debian before, but I do know my way around linux/freeBSD.

    EhVedadoOAnonimato
    Hero Member
    *****
    Offline Offline

    Activity: 630
    Merit: 500



    View Profile
    November 04, 2011, 08:08:32 AM
     #16

    It looks like you have a corrupt blockchain. It happened once for me when i disconnected the USB drive while bitcoin was running. Can you check that the issue (and the blockchain) disappears when you delete everyting in the /storage/bitcoin folder except for the wallet.dat file?

    Yes, I already did it, and it works after deleting the blockchain files.

    This is probably a problem with bitcoin, then, right? I'll search if there is a bug for this already.
    Red Emerald
    Hero Member
    *****
    Offline Offline

    Activity: 742
    Merit: 500



    View Profile WWW
    November 04, 2011, 07:19:06 PM
     #17

    Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO

    Yes, it should. Even more if you add NoScript to that firefox.

    If you have torbutton, do you need NoScript?  I think it handles all of that for you.

    EhVedadoOAnonimato
    Hero Member
    *****
    Offline Offline

    Activity: 630
    Merit: 500



    View Profile
    November 06, 2011, 08:21:14 PM
     #18

    So, I downloaded the block chain with BitSafe. Here go my comments:

    • Persistence for Bitcoin client and backup applications is provided by a 2GB secondary partition
    2GB were not enough for my initial block download, mainly due to debug.log. It grew so much that there was no space left on the 2GB partition. Manually deleting debug.log took care of the problem.

    • TOR installed by default

    I'm having some problems using the available Tor proxy... Iceweaseal doesn't connect to it after manual configuration, and when I configure bitcoin to use Tor it does not find any peer. I haven't investigated much yet to figure out what could be the reason, I might just be making something wrong.

    You'll need a fast USB drive or SD card. I say fast for a reason: bitcoin goes heavy on disks, and slow devices will greatly slow it down.

    And he means it!
    My initial download, on a Kingston memory stick, took more than 2 full days.

    I don't know how bitcoin does the block chain indexation, but I suspect the index is not kept on RAM during block download, and that every new address it finds it just inserts it in the middle of the index, directly on the "disk". That would require moving, in average, half the current size of the index every time it finds a new address. Currently that's ~150Mb. In a USB stick that's very slow.
    I suspect it works like that because block download got slower the bigger the downloaded chain was.


    To summarize, rb1205, if you want a few more suggestions, here are them:

    • A lightweight client like MultiBit could be useful.
    • Consider distributing the chain files already indexed with BitSafe. There's really no trust issue in that, as you cannot lie about the largest chain. That won't make bitcoin any less P2P and will speed things up for those which prefer the original client.
    • Make the storage partition larger than 2GB if possible.


    Thank you a lot for this great work of yours. I plan to keep using it, and annoying you with these suggestions. Wink
    EhVedadoOAnonimato
    Hero Member
    *****
    Offline Offline

    Activity: 630
    Merit: 500



    View Profile
    November 06, 2011, 09:09:47 PM
     #19

    If you have torbutton, do you need NoScript?  I think it handles all of that for you.

    I don't think TorButton blocks scripts. At least it doesn't conveniently allow you to manage a whilelist, as does NoScript.
    rb1205 (OP)
    Hero Member
    *****
    Offline Offline

    Activity: 797
    Merit: 1017



    View Profile
    November 23, 2011, 10:31:28 PM
    Last edit: November 28, 2011, 10:59:42 AM by rb1205
     #20

    Version 0.3B released. here are the main changes:

    • Fixed tor configuration and added polipo and vidalia.
    • Added a custom bitcoin launcher to start it with TOR networking
    • Removed iceweasel from build, added a script to download and run it from RAM. Runs on a different user and with TORbutton and noscript exensions
    • Added keyboard layout switcher, with "us" and "es" as optional layouts on top of the default layout for the chosen language
    • Increased storage partition to 3GB and binary image size to about 270MB. We're still in the 4GB flash drive range.

    As I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown.  Sad Is there a way to make such configuration persistent?

    I manually compiled and added the wl.ko module, and blacklisted the brcm80211 module. I can't blacklist the b44, b43, b43legacy and ssb modules as that would stop many wifi and ethernet interfaces from working. Can you please check if this is working or not? If it isn't, you should be able to make it work just by typing
    Code:
    sudo modprobe -r b44 b43 b43legacy ssb brcm80211 wl
    sudo modprobe wl

    Pages: [1] 2 3 4 »  All
      Print  
     
    Jump to:  

    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!