Deniability - Home-server based emergency shutdowns triggered by mouse and keyboard inputs
TL;DR: secure your home-server to detect HID (Human interface device) activity that could trigger a shutdown
In this tutorial we're going to setup and showcase how to shut down your home server with deniability upon adversary hardware activity.
In this setup, we are running a hidden service on a sensitive whonix VM inside your hidden volume.
This blog post makes references to, and depends on speeding up the Host OS shutdown + Anonymous SSH for deniability:
Introduction: Home-server based services and understanding potential threats
The idea is to set up a trap on the home-server to be ready to trigger the emergency reboot at ANY input coming from either the mouse or keyboard.
Leave the mouse and keyboard plugged into the home-server waiting as a trap for the adversary.
In case the adversary raids you, they have to account for not moving the mouse at all or clicking, nor pressing any keystroke, even though that's most likely the first thing they will do, accident or not.
If they touch the mouse or keyboard, they will invariably trigger the emergency reboot, which prevents them from being able to prove the existence of a hidden volume and the sensitive whonix VM inside it.
If you don't know the home-server has been intruded, you will not know if your server has been compromised.
The scenario without an emergency shutdown:
The adversary breaches into the location of your home-server.
The adversary gains access to the home-server.
Adversary copies all the content on the home-server.
The home-server becomes identified/undeniable.
The importance of emergency shutdowns
Let's explore our options to prevent this scenario. 1. Using a camera to detect unauthorized access and trigger a shutdown (requires camera) 2. Using a motion detector to trigger a shutdown. (requires a motion detector) 3. Detecting hardware activity to trigger a shutdown. (this tutorial's focus)
Since we want our sensitive home-server to remain deniable against this attack, we need an emergency shutdown mechanism.
Setup instructions
Make sure to SSH over onion guide
Use kicksecure live-mode to ssh into your home-server.
Dependencies for the code (use sudo to install in a Kicksecure SYSMAINT Session):
- evtest
- sudoless input permissions
Once you've successfully ssh'd in your home-server via onion access, follow these steps:
1. Ensure evtest is installed.
user ~$ sudo apt install evtest
user ~$ sudo usermod -aG input $USER
user ~$ vim emergency.sh
user ~$ cat emergency.sh
#!/bin/bash
sleep 2 #Time to escape SSH before activation. (Tweak to the amount of time you need)
for device in /dev/input/event*; do
if [[ -r "$device" ]]; then
timeout 3600 evtest "$device" 2>/dev/null | while IFS= read -r line; do
if [[ "$line" =~ ^Event:.*\(EV_KEY\).*value\ 1$ ]] || [[ "$line" =~ ^Event:.*\(EV_ABS\).*value\ -?[1-9] ]]; then
reboot #replace reboot with poweroff if you want to shut it down
fi
done &
fi
done
wait
emergency.sh and run it once you no longer need SSH access to your home-server server.
user ~$ chmod +x emergency.sh
user ~$ ./emergency.sh
user@home-server ~$ exit
How it works
Optional enhancement
For added security, consider using the Homeserver deadman switch in conjunction with this setup, or employ usbguard.
Conclusion
We have now implemented this emergency shutdown script and secured it against interference, the adversary cannot prove the existence of our sensitive service with the attacks described in this article.
DISCLAIMER: This blog's stance is not to endorse sensitive activities and nothing in this article serves as legal advice. You are responsible for whatever you do, unless found not guilty.
Suggest changes
Lain
2026-03-08
Donate XMR to the author:4AGtz56WqJdXYt8qhkDbHRNaSTdu2nKuEGwDVzxeWPodQj1cVH2EQkk4fi9uAu8os1fazSUBDsqeFBqoEzAFuay3Fwd9BjJ