LKRG on Ubuntu 18.04

Today felt adventurous and decided to add LKRG to my host system Ubuntu 18.04. As Ubuntu 18 is a direct fork of Debian Buster (or so I imagine) I decided to just follow the Whonix instructions for adding LKRG instead of compiling the source code myself (adventurous and a bit lazy). The only instruction that did not work for Ubuntu was ‘sudo apt-get install lkrg linux-headers-amd64’. In Ubuntu the package linux-headers-amd64 is not available, so I substituted (after consulting internet) that for linux-headers-generic. The installation process itself did not indicate any error. But a manual integrity check as in ‘sudo sysctl -w lkrg.force_run=1’ did not check anything. The program’s response being: ‘sysctl: cannot stat /proc/sys/lkrg/force_run: No such file or directory’. On LKRG’s website there was this other command: ‘sysctl -a |grep lkrg’ which gives the program’s different options. When I execute the command the output does not look the same at all. I get output like: sysctl: reading key “net.ipv6.conf.all.stable_secret”
sysctl: reading key “net.ipv6.conf.br0.stable_secret”
So, I guess that LKRG is not working on Ubuntu by just following instructions for Debian.

No, it won’t work on Ubuntu due to the header dependency issue.
Same for tirdad, if you were wondering.
A workaround I found to be acceptable is to git clone the repository of choice and install it that way. It works, because we do in fact have the required headers, and do not have to deal with the dependency issue.
This works for most Whonix Github repos I have tried. I have NOT tried LKRG yet, so I can’t speak on it specifically, but it should be okay if you clone directly.
Note: If you are a Virtualbox user, keep in mind that LKRG will not work, The other platforms should be fine

1 Like

LKRG / tirdad on Ubuntu is untested, unsupported by me. That applies only to the packaging fork for Debian / Whonix / Kicksecure. This doesn’t say anything about upstream original developers.

But I had 1 idea to solve the dependency issue. Untested.

It’s done in git master and the developers repository and will flow to other repositories as per usual.

1 Like

Awesome! Thanks for doing that.
I can confirm that LKRG already has the changes implemented. It works in Ubuntu as well, same as it does in Debian. No extensive testing done, just a download and restart to make sure it runs and integrates into dkms with no errors (it does)
Tirdad didn’t implement the change yet, but in the meantime, a manual git clone will work. There were a couple minor edits to get it working in Ubuntu, but the module absolutely works as intended. Verified after thorough analysis of an entire day’s connection log pcap file (Wireshark). (tested on 5.0.0-x kernel and also on 5.3.x and both are fine)

1 Like

anontor via Whonix Forum:

Tirdad didn’t implement the change yet,

Not sure what you mean. Tirdad updated in git and developers repository
at the same time.

There were a couple minor edits to get it working in Ubuntu, but

If you specify these, I might be able to fix these as well.

Verified after thorough analysis of an entire day’s connection log
pcap file (Wireshark). (tested on 5.0.0-x kernel and also on 5.3.x and
both are fine)

Awesome!

1 Like

Hi Patrick
No, I know tirdad updated; I meant that when I tried to install it from the Whonix repo, it still had the ‘linux-headers-amd64’ dependency requirement and apt complained (in Ubuntu 18.04)
My small mods to get tirdad to work in Ubuntu are very hacky and just consisted of making a systemd service file (the same one that comes included in the Debian package from the Whonix repo), and enabling the service to start on boot.
I git-cloned your tirdad Github repo, but do not understand how to get dkms to work. In other words, all the files are there but I do not know where to put them. So, for now, on my Ubuntu system, tirdad does not have dkms. The module works though, and is active right before “Reached Target Network (Pre)” Then, just to be sure I let Wireshark capture a whole day of work. Sure enough, the ISN’s are indeed randomized and different.
What helped get me set up was to follow how the individual files were placed in Debian, and model Ubuntu’s tirdad file placement after that.
I studied both your tirdad fork, and the original developer’s version, and had a question. What did you do in your loader at /usr/lib/tirdad/loader that is different from the original tirdad implementation? i did not see that loader in the developer’s repository (I admit I am still learning bash scripting, and also how to navigate git and github. I study a lot of your bash coding in your different repos and it has helped me get better) I read through your code for the tirdad loader and understand almost all of it, but got a little confused.
Great work

1 Like

Strange. It was updated by the same time as lkrg.

apt download pkg, extract package. See folder structure. Better: try rebuild the package on Ubuntu and install.

The C version didn’t work for me and crashed the system. Hard to debug. More easily rewritten in bash. It’s history now. No longer in use. No more need for any user space loader as this causes other issues too.

1 Like

@Patrick, thank you, that clears it up for me; I am going to work on rebuilding the package.
Regarding Tirdad, that makes perfect sense; bash accomplishes the same thing and is easier to follow (for me at least)