Skip to content

Kodachi Terminal Version

Kodachi Terminal Edition

A minimal, terminal-only live ISO based on Debian 13 (Trixie) crafted for two critical missions: bulletproof testing of the full Kodachi toolchain and operating as a dedicated SOCKS proxy gateway for your network. Built for power users, hardened servers, and elegant headless deployments.

Production Hardened Multi-Protocol Proxy-Ready Hardware Optimized

Download & Installation First Release: 26 October 2025 9.0.1 | Terminal last updated 28 October 2025 - build #1

Download ISO

ISO SHA256 Checksum: 

05907fa1730576e45f3bbe766488cd97c930fea747e0e7975f97006adf60613f

Installation Methods

  1. Live USB - Boot from USB drive (no installation, portable, leaves no traces)
  2. Virtual Machine - Run in VMware/VirtualBox/QEMU (isolated testing environment)
  3. Bare Metal - Install on dedicated hardware (maximum performance as proxy server)
  4. Persistent Storage - Enable persistence for configuration retention across reboots

Create Bootable USB

Linux (Recommended Method) 

# Find USB device
lsblk

# Write ISO to USB (replace /dev/sdX with your USB device)
sudo dd if=kodachi-terminal-9.0.1.iso of=/dev/sdX bs=4M status=progress oflag=sync

Rufus (Windows) - Link: https://rufus.ie/ - Description: Industry-standard tool for creating bootable USB drives. Select ISO file, select USB drive, write in DD mode or ISO mode.

Etcher (Windows/macOS/Linux) - Link: https://www.balena.io/etcher/ - Description: Simple, cross-platform tool for writing ISO images to USB drives. Clean interface and reliable performance.

Ventoy (Multiboot) - Link: https://www.ventoy.net - Description: Modern tool that you install on the USB drive once. You can then just drag-and-drop multiple ISO files (Windows, Linux, etc.) directly onto the drive, and it will give you a boot menu to select from.

YUMI (Your Universal Multiboot Installer) - Link: https://www.pendrivelinux.com/yumi-multiboot-usb-creator/ - Description: Popular tool for creating a multiboot USB drive. It allows you to add multiple operating systems and utilities to a single USB, one at a time.

Universal USB Installer (UUI) - Link: https://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ - Description: Simple, reliable tool from the makers of YUMI, but designed to create a bootable USB for a single operating system.

macOS 

# Find disk identifier
diskutil list

# Unmount disk
diskutil unmountDisk /dev/diskN

# Write ISO
sudo dd if=kodachi-terminal-9.0.1.iso of=/dev/rdiskN bs=4m

Technical Specifications Dashboard

Core System Specifications
Component Details
Base SystemDebian 13 (Trixie)
Architectureamd64 (x86_64)
ISO Size2.4GB (lightweight, no GUI bloat)
Total Packages1,181 packages (2025-10-24 build manifest)
Terminal Packages247 terminal-specific packages
Base Common43 shared base packages
Firmware Packages30+ packages (WiFi, Ethernet, Bluetooth, GPU)
Kodachi Binaries14 core security binaries pre-installed
InterfaceTerminal-only (no GUI)
Boot SupportBIOS + UEFI compatible
Login CredentialsUsername: kodachi / Password: r@@t00
Sudo AccessPasswordless sudo enabled

Pre-Installed Kodachi Binaries

All 14 core security binaries are pre-installed at /home/kodachi/dashboard/hooks/. Launch the toolkit instantly without additional setup.

deps-checker dns-leak dns-switch global-launcher health-control integrity-check ip-fetch logs-hook online-auth online-info-switch permission-guard routing-switch tor-switch workflow-manager

Package Categories Breakdown

Package Categories Breakdown
Category Count Signature Packages
Hardware Firmware30+firmware-iwlwifi, firmware-realtek, firmware-atheros, broadcom-sta-dkms
VPN / Anonymity15+tor, openvpn, wireguard, shadowsocks-libev, v2ray, xray, hysteria, mieru
Network Tools20+nmap, tcpdump, tshark, whatweb, netcat, socat, proxychains4
DNS Management8+dnscrypt-proxy, dnsutils, bind9-dnsutils, resolvconf
Firewalls6+iptables, nftables, ufw, iptables-persistent
Security Tooling25+cryptsetup, gnupg, openssh-client, fail2ban, apparmor
Development Stack30+git, python3, perl, build-essential, cmake, gcc
System Monitoring15+htop, iotop, nethogs, sysstat, lm-sensors
File Systems20+btrfs-progs, xfsprogs, ntfs-3g, exfat-utils, squashfs-tools
Terminal Multiplexers4+tmux, screen, byobu
Base System1000+Debian core utilities, libraries, and base packages

Supported Routing Protocols

Kodachi Terminal ships with 12+ routing protocols via the routing-switch binary, covering everything from battle-tested VPNs to advanced censorship-resistant transports.

Routing Protocol Coverage
Category Protocols & Features
VPN ProtocolsOpenVPN (industry-standard, AES encryption), WireGuard (modern, ChaCha20 encryption) — with kill switch and DNS leak protection
Anti-CensorshipShadowsocks (SOCKS5 + encryption), V2Ray (traffic obfuscation), Xray (enhanced V2Ray), Hysteria2 (high-performance for restrictive networks), Mieru (MITA - lightweight anti-censorship proxy)
Proxy ProtocolsSOCKS5 (standard proxy), Dante (SOCKS server), HTTP/HTTPS (proxy support), Microsocks (lightweight SOCKS5 server)
Tor IntegrationRedsocks (transparent Tor routing), SOCKS proxy configuration, TransPort routing, DNS over Tor, System-wide torrification (can run on top of any existing VPN service: WireGuard, OpenVPN, Hysteria2, Shadowsocks, V2Ray, Xray, Mieru)
Multi-LayerVPN + Tor (double encryption), protocol chaining for enhanced anonymity, traffic obfuscation layers

Protocol Documentation

For detailed protocol configuration and usage, see the routing-switch documentation.

Torrification Capability

Kodachi Terminal supports system-wide torrification that can run on top of any existing VPN service. This means you can layer Tor routing on top of WireGuard, OpenVPN, Hysteria2, Shadowsocks, V2Ray, or Xray connections for enhanced anonymity. Use sudo tor-switch torrify-system-nftables-dns (preferred) or sudo tor-switch torrify-system-iptables-dns to torrify your entire system regardless of your underlying VPN connection. To disable, use sudo tor-switch detorrify-system-nftables or sudo tor-switch detorrify-system-iptables.

Security Models & Layered Anonymity

Kodachi Terminal includes 87+ pre-built security workflows and supports unlimited custom workflows via the workflow-manager binary. Below are 18 example workflows organized by anonymity levels with diverse protocol coverage (WireGuard, OpenVPN, Shadowsocks, Hysteria2, V2Ray, Xray, Mita). Workflows 1-3 (Triple VPN + Tor) provide maximum anonymity for extreme threat models. Workflows 4-8 (Double VPN + Tor) offer ultra anonymity with host+guest configurations. Workflows 9-11 (Single VPN + Double Tor) provide very high anonymity. Workflows 12-18 balance security with performance for various use cases. All profiles are located in /home/kodachi/dashboard/hooks/config/profiles/. Users can create, modify, and chain workflows using workflow-manager to build custom security configurations.

Workflow Comparison Matrix

01

Router VPN → Host Mullvad → VM Kodachi WireGuard → Torrified

Chain: ISP → Router VPN → Host Mullvad VPN → Kodachi WireGuard (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Slowest

Ideal for: Ultimate anonymity, extreme threat models, maximum deniability, state-level adversaries.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
02

Router VPN → Host ProtonVPN → VM Kodachi OpenVPN → Torrified

Chain: ISP → Router VPN → Host ProtonVPN → Kodachi OpenVPN (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Slowest

Ideal for: Whistleblowing, state-level adversaries, journalist protection, maximum operational security.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
03

Router VPN → Host NordVPN → VM Kodachi Shadowsocks → Torrified

Chain: ISP → Router VPN → Host NordVPN → Kodachi Shadowsocks (VM NAT) → Torrified System → Tor DNS

Anonymity: Ultra++ (6/6 - Triple VPN) Speed: Very Slow

Ideal for: Maximum obfuscation, defeating DPI in hostile networks, evading advanced surveillance.

sudo routing-switch connect shadowsocks sudo tor-switch torrify-system-nftables-dns
04

Host Mullvad → VM Kodachi OpenVPN → Torrified + Tor DNS

Chain: ISP → Normal Router → Host Mullvad → Kodachi OpenVPN (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Different VPN providers, avoiding single-point surveillance, investigative journalism.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
05

Host ProtonVPN → VM Kodachi Shadowsocks → Torrified + Tor DNS

Chain: ISP → Normal Router → Host ProtonVPN → Kodachi Shadowsocks (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Censorship bypass with double VPN + Tor, evading DPI, hostile network environments.

sudo routing-switch connect shadowsocks sudo tor-switch torrify-system-nftables-dns
06

Host NordVPN → VM Kodachi V2Ray → Torrified + Tor DNS

Chain: ISP → Normal Router → Host NordVPN → Kodachi V2Ray (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Moderate

Ideal for: Traffic obfuscation, triple anonymity layer, defeating advanced network analysis.

sudo routing-switch connect v2ray sudo tor-switch torrify-system-nftables-dns
07

Host ExpressVPN → VM Kodachi Hysteria2 → Torrified + Tor DNS

Chain: ISP → Normal Router → Host ExpressVPN → Kodachi Hysteria2 (VM NAT) → Torrified → Tor DNS

Anonymity: Ultra (5/5) Speed: Moderate

Ideal for: High-performance with maximum anonymity, restrictive network circumvention.

sudo routing-switch connect hysteria2 sudo tor-switch torrify-system-nftables-dns
08

Anonymous VPN → Tor → Torrified System + Tor DNS

Chain: ISP → Kodachi VPN (anonymous node) → Tor → Torrified System → Tor DNS

Anonymity: Ultra (5/5) Speed: Slow

Ideal for: Investigative journalism, activist operations, secure communications.

sudo routing-switch connect openvpn sudo tor-switch torrify-system-nftables-dns
09

Forced Xray → Torrified System + Tor DNS

Chain: ISP → Kodachi Xray (forced traffic) → Torrified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Very Slow

Ideal for: Extreme anonymity requirements, .onion operations, dark web access.

sudo routing-switch connect xray sudo tor-switch torrify-system-nftables-dns
10

WireGuard → Torrified System + Tor DNS

Chain: ISP → Kodachi WireGuard → Torrified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Slow

Ideal for: Dark web research, sensitive communications, enhanced privacy.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
11

Router VPN → VM WireGuard → Tor (Single Tor)

Chain: ISP → Router VPN → Kodachi WireGuard (VM via NAT) → Torified System → Tor DNS

Anonymity: Very High (4.5/5) Speed: Slow

Ideal for: Maximum deniability with physical isolation, secure operations.

sudo routing-switch connect wireguard sudo tor-switch torrify-system-nftables-dns
12

Host Mullvad → VM Kodachi Shadowsocks → DNScrypt

Chain: ISP → Normal Router → Host Mullvad → Kodachi Shadowsocks (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Good

Ideal for: Censorship bypass with double VPN layer, evading DPI.

sudo routing-switch connect shadowsocks sudo dns-switch switch --names dnscrypt-cloudflare health-control net-check
13

Host ProtonVPN → VM Kodachi Hysteria2 → DNScrypt

Chain: ISP → Normal Router → Host ProtonVPN → Kodachi Hysteria2 (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Very Good

Ideal for: High-performance double VPN for restrictive networks, streaming with privacy.

sudo routing-switch connect hysteria2 sudo dns-switch switch --names dnscrypt-quad9 ip-fetch
14

Host ExpressVPN → VM Kodachi Xray-VLESS-Reality → DNScrypt

Chain: ISP → Normal Router → Host ExpressVPN → Kodachi Xray-VLESS-Reality (VM NAT) → DNScrypt

Anonymity: High (4/5) Speed: Good

Ideal for: Advanced anti-detection with Xray Reality, defeating sophisticated censorship.

sudo routing-switch connect xray sudo dns-switch switch --names dnscrypt-quad9 health-control security-score
15

Forced Hysteria2 → Torrified System + Tor DNS

Chain: ISP → Kodachi Hysteria2 (forced traffic) → Torrified System → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: Hostile network environments, censorship bypass with good performance.

sudo routing-switch connect hysteria2 sudo tor-switch torrify-system-nftables-dns
16

V2Ray → Torrified System + Tor DNS

Chain: ISP → Kodachi V2Ray → Torrified System → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: General privacy and anonymous browsing, traffic obfuscation.

sudo routing-switch connect v2ray sudo tor-switch torrify-system-nftables-dns
17

Anonymous Shadowsocks → Tor + Tor DNS

Chain: ISP → Kodachi Shadowsocks (anonymous node) → Tor → Tor DNS

Anonymity: Moderate-High (3.5/5) Speed: Moderate

Ideal for: Daily privacy operations, secure communications, DPI evasion.

sudo routing-switch connect shadowsocks sudo tor-switch start-tor-dns-nftables
18

Forced OpenVPN → DNScrypt (Fast Performance)

Chain: ISP → Kodachi OpenVPN (forced traffic) → DNScrypt

Anonymity: Moderate (3/5) Speed: Fast

Ideal for: Online banking, shopping, business email, general secure browsing.

sudo routing-switch connect openvpn sudo dns-switch switch --names dnscrypt-quad9 health-control net-check

Protocol-Specific Initial Setup Workflows

Kodachi Terminal includes ready-to-use initial setup profiles for multiple routing protocols:

VPN Protocols:

  • initial_terminal_setup_openvpn_only - OpenVPN connection setup
  • initial_terminal_setup_wireguard_only - WireGuard connection setup

Anti-Censorship Protocols:

  • initial_terminal_setup_shadowsocks_only - Shadowsocks proxy setup
  • initial_terminal_setup_v2ray_only - V2Ray traffic obfuscation
  • initial_terminal_setup_xray_vless_only - Xray VLESS protocol
  • initial_terminal_setup_xray_trojan_only - Xray Trojan protocol
  • initial_terminal_setup_xray_vless_reality_only - Xray VLESS Reality
  • initial_terminal_setup_hysteria2_only - Hysteria2 high-performance

Proxy Servers:

  • initial_terminal_setup_dante_only - Dante SOCKS5 server
  • initial_terminal_setup_mita_only - Microsocks lightweight SOCKS5

Tor Combinations:

  • initial_terminal_setup_tor_only - Tor-only setup
  • initial_terminal_setup_wireguard_torrify - WireGuard + Tor torrification
  • initial_terminal_setup_auth_torrify_only - Authentication + Tor torrification

Execute with: sudo workflow-manager run <profile-name>

Workflow Selection Guide - Organized by Anonymity Tiers

TIER 1: Maximum Anonymity - Triple VPN + Tor (Workflows 01-03) - Anonymity Level: Ultra++ (6/6) - Triple VPN protection with Tor torrification - Best for: Ultimate anonymity, extreme threat models, state-level adversaries, whistleblowing, maximum deniability - Configuration: Router VPN → Host VPN (Mullvad/ProtonVPN/NordVPN) → Kodachi VPN (WireGuard/OpenVPN/Shadowsocks) → Torrified System → Tor DNS - Speed: Slowest to Very Slow

TIER 2: Ultra Anonymity - Double VPN + Tor (Workflows 04-08) - Anonymity Level: Ultra (5/5) - Double VPN with Tor torrification - Best for: Different VPN providers, avoiding single-point surveillance, investigative journalism, activist operations, censorship bypass with maximum protection - Configuration: Normal Router → Host VPN (Mullvad/ProtonVPN/NordVPN/ExpressVPN) → Kodachi VPN (OpenVPN/Shadowsocks/V2Ray/Hysteria2) → Torrified System → Tor DNS - Speed: Slow to Moderate

TIER 3: Very High Anonymity - Single VPN + Double Tor (Workflows 09-11) - Anonymity Level: Very High (4.5/5) - Double Tor circuits or Router + Guest VPN + Tor - Best for: Extreme anonymity requirements, .onion operations, dark web research, sensitive communications, maximum deniability - Configuration: Kodachi VPN (Xray/WireGuard) → Torrified → Double Tor Circuits OR Router VPN → Kodachi VPN → Torrified System - Speed: Very Slow to Slow

TIER 4: High Anonymity - Double VPN without Tor (Workflows 12-14) - Anonymity Level: High (4/5) - Double VPN layer - Best for: Censorship bypass, DPI evasion, advanced anti-detection, high-performance with strong privacy - Configuration: Normal Router → Host VPN (Mullvad/ProtonVPN/ExpressVPN) → Kodachi VPN (Shadowsocks/Hysteria2/Xray-VLESS-Reality) → DNScrypt - Speed: Good to Very Good

TIER 5: Moderate-High Anonymity - Single VPN + Tor (Workflows 15-17) - Anonymity Level: Moderate-High (3.5/5) - Single VPN with Tor - Best for: Hostile network environments, general privacy, anonymous browsing, daily privacy operations, secure communications - Configuration: Kodachi VPN (Hysteria2/V2Ray/Shadowsocks) → Torrified System → Tor DNS - Speed: Moderate

TIER 6: Moderate Anonymity - Single VPN Only (Workflow 18) - Anonymity Level: Moderate (3/5) - Single VPN with encrypted DNS - Best for: Online banking, shopping, business email, general secure browsing, fast performance requirements - Configuration: Kodachi VPN (OpenVPN) → DNScrypt - Speed: Fast

Create Custom Workflows using workflow-manager for: Multi-protocol chains, adaptive failover, custom threat models, automated security responses, and specialized use cases.

NOT Recommended: Tor → VPN

Avoid Configuration: Your Computer → Tor → VPN → Internet

This configuration is widely discouraged; it blocks .onion access, lets the guard see your real IP, makes Tor usage detectable, degrades performance, and shifts trust to the VPN.

Why this is dangerous: Entry nodes see your real IP • ISP detects Tor usage • NO access to .onion sites • Severely degraded performance • VPN provider can see your activity

Evidence: For detailed analysis, read the Tor Project's official documentation on Tor+VPN configurations.

Source Information

Based on Privacy Guides 2025 recommendations, Tor Project official documentation, and Kodachi security research. These workflows represent comprehensive threat modeling from maximum anonymity to secure financial operations.

Hardware Support Matrix

Kodachi Terminal bundles 30+ firmware packages to deliver broad WiFi, Ethernet, Bluetooth, GPU, and microcode coverage out of the box.

Hardware Support Matrix
Hardware Type Supported Chipsets & Manufacturers
WiFiIntel (all generations), Broadcom (modern + legacy wl driver), Atheros/Qualcomm, Realtek, MediaTek, Marvell, TI, Atmel
EthernetBroadcom (bnx2, bnx2x), Cavium, Myricom, Netronome, QLogic, Realtek
BluetoothBlueZ firmware, miscellaneous nonfree firmware
GPU / GraphicsAMD (amdgpu for terminal console), Intel (microcode)
MicrocodeIntel CPU microcode updates, AMD CPU microcode updates

Broadcom Wireless Support - Pre-Installed

Broadcom b43 and b43legacy firmware is pre-installed in the ISO at /lib/firmware/b43/ and /lib/firmware/b43legacy/.

Supported chipsets:

  • b43legacy: BCM4301, BCM4303, BCM4306/2 (very old cards)
  • b43: BCM4311, BCM4312, BCM4313, BCM4321-BCM4360 (modern cards)

Drivers included:

  • b43 kernel driver (open-source, loaded automatically)
  • b43legacy kernel driver (for BCM4301-4306/2)
  • broadcom-sta-dkms (wl proprietary driver, alternative for some cards)
  • b43-fwcutter tool (if you need to extract different firmware versions)

No post-boot installation required - firmware is ready to use immediately.

SOCKS Proxy Server Setup (Primary Use Case)

One of Kodachi Terminal's primary use cases is running as a dedicated SOCKS proxy server for your entire network. This allows all devices (phones, tablets, computers) to route traffic through a single anonymized gateway.

Step-by-Step Server Setup

1. Boot Kodachi Terminal on dedicated hardware or VM

# Login credentials
# Username: kodachi
# Password: r@@t00

2. Configure network routing

sudo routing-switch connect wireguard              # Connect to VPN
sudo tor-switch torrify-system-nftables-dns       # Torrify system + Tor DNS
sudo dns-switch switch --names dnscrypt-quad9      # Privacy-focused DNS

3. Start SOCKS proxy server (choose one)

Option A: V2Ray SOCKS5 proxy (recommended for performance) 

# Configure V2Ray with SOCKS5 inbound
v2ray run -config /path/to/config.json
# Default SOCKS5 port: 10808

Option B: Microsocks lightweight proxy 

microsocks -i 0.0.0.0 -p 30050  # Listen on all interfaces, port 30050

Option C: Dante SOCKS server (enterprise-grade) 

sudo apt install dante-server
sudo systemctl start danted
# Configure /etc/danted.conf for your network

4. Configure client devices

Point all devices on your network to use: - SOCKS5 Server: <Kodachi-Terminal-IP>:30050 (or your chosen port) - Protocol: SOCKS5

5. Verify proxy is working

sudo ip-fetch                 # Check exit IP
health-control net-check      # Verify no leaks
sudo dns-leak test            # DNS leak test

Managing the Proxy Server

# Monitor active proxy connections
sudo netstat -tulpn | grep microsocks

# Configure firewall to restrict proxy access to trusted IPs
sudo iptables -A INPUT -p tcp --dport 30050 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 30050 -j DROP

Use Case Examples

Example 1: V2Ray Proxy Server for Network

Boot Kodachi Terminal on old laptop → Connect to VPN → Start V2Ray SOCKS5 server → Configure all home devices to use proxy → Entire household anonymized

Example 2: VMware Testing Environment

Run Kodachi Terminal in VMware Workstation/Fusion → Test all 14 binaries safely → Snapshot before testing → Roll back after experiments → No impact on host system

Example 3: Dedicated Proxy Server Hardware

Old desktop/laptop → Boot Kodachi Terminal → Enable persistent storage → Configure routing protocols → Run 24/7 as network proxy gateway → Centralized anonymity for all devices

Example 4: Internet Café/Public Computer

Boot from USB → No installation required → Use Kodachi binaries for secure browsing → Shut down → No traces left on host machine

Example 5: Travel & Hotels

Boot Kodachi Terminal on travel laptop → Connect to hotel WiFi → Enable VPN + Tor → Access sensitive accounts securely → Bypass local censorship/monitoring

Example 6: Corporate/Educational Testing

Security researchers → Test Kodachi binaries in isolated VM → Learn CLI commands → Verify routing configurations → Safe environment for experimentation

First Boot Experience

Automatic Welcome Screen

On first login, Kodachi Terminal automatically performs:

  • Binary Deployment Verification - Validates all 14 core security binaries
  • DNSCrypt Auto-Configuration - Enables encrypted DNS on first run
  • Online Authentication - Connects to Kodachi services for updates
  • System Status Collection - Fetches IP, geolocation, network info, security score
  • Interactive Menu Display - Shows 13 pre-configured security workflows

System Status Dashboard

The welcome screen displays comprehensive real-time status information:

Category Information Displayed
System Type Live ISO / Installed-Encrypted / Installed-Unencrypted
Security Score 0-100 rating (PARANOID/EXCELLENT/GOOD/MODERATE/WEAK)
Network Status Connected protocol (WireGuard, OpenVPN, etc.) or "No VPN"
Torrification Active Tor routing or Direct connection
DNS Config DNSCrypt, Tor DNS, or Direct DNS servers
Geolocation Current IP address, Country, City
System Info Hostname, MAC address, Timezone
Crypto Prices BTC, ETH, XMR, AZERO current USD prices
Latest News Security and privacy news headlines

Interactive Workflow Menu

The welcome screen presents 13 automated security workflows:

[1] WireGuard Setup

Auth → Status Check → System Hardening → WireGuard Connection → Verification

[2] Xray-VLESS-Reality

Auth → Status Check → System Hardening → Xray-VLESS-Reality Connection → Verification

[3] OpenVPN Setup

Auth → Status Check → System Hardening → OpenVPN Connection → Verification

[4] V2Ray Setup

Auth → Status Check → System Hardening → V2Ray Connection → Verification

[5] Hysteria2 Setup

Auth → Status Check → System Hardening → Hysteria2 Connection → Verification

[6] Xray-VLESS Setup

Auth → Status Check → System Hardening → Xray-VLESS Connection → Verification

[7] Xray-Trojan Setup

Auth → Status Check → System Hardening → Xray-Trojan Connection → Verification

[8] Mita (Microsocks) Setup

Auth → Status Check → System Hardening → Mita SOCKS5 Server → Verification

[9] Torrify Only

Auth → Network Check → System Torrification → Tor Verification

[10] WireGuard + Torrify

Auth → System Hardening → WireGuard Connection → Torrification → Verification

[11] Emergency Recovery

Detorrify → Disconnect All → Network Recovery → Reset Configuration → Verification

[12] Security Score Check

Display comprehensive security score report with detailed breakdown

[13] Exit to Shell

Exit the menu system and access command-line interface for manual operations

Manual Command Usage

After exiting the menu (option 13), run commands manually:

# Explore all available commands
health-control -e              # 50+ health control commands
routing-switch -e              # All routing and protocol commands
workflow-manager list          # List all 87+ workflow profiles
tor-switch -e                  # Tor management commands
dns-switch -e                  # DNS configuration commands

# Quick status checks
health-control security-score  # Comprehensive security analysis
ip-fetch                       # Current IP and geolocation
dns-leak test                  # DNS leak detection
routing-switch status          # Network connection status

# Start SOCKS5 proxy server
routing-switch microsocks-enable -u USERNAME -p PASSWORD

Running Custom Workflows

Execute any of the 87+ pre-built profiles:

# List all available workflows
workflow-manager list

# Run specific workflow
sudo workflow-manager run initial_terminal_setup_shadowsocks_only
sudo workflow-manager run torrify-dns-nftables-simple
sudo workflow-manager run privacy-maximum-anonymity
sudo workflow-manager run emergency-recovery-all

# Create custom workflow
workflow-manager create my-custom-workflow

Bypassing Welcome Screen

To skip the interactive menu on login:

# Set environment variable before login
export KODACHI_SKIP_WELCOME=1

# Or add to ~/.bashrc to skip permanently
echo 'export KODACHI_SKIP_WELCOME=1' >> ~/.bashrc

Re-Running Welcome Screen

To manually trigger the welcome screen:

# Source the welcome script
source /etc/profile.d/kodachi-welcome.sh

# Or type the shortcut command
kodachi

VM and Boot Methods

VMware Workstation/Fusion - 4GB+ RAM recommended - 20GB+ disk (if enabling persistence) - Network adapter: NAT or Bridged - Boot from ISO

VirtualBox - Enable EFI (for UEFI boot) - 4GB+ RAM - Network: NAT or Bridged - Attach ISO to virtual optical drive

QEMU/KVM 

qemu-system-x86_64 -cdrom kodachi-terminal-9.0.1.iso -m 4096 -enable-kvm

Physical Hardware - Boot from USB drive - BIOS: Set USB as first boot device - UEFI: Select USB from boot menu

Advanced Configuration

Persistent Storage & Encrypted Persistence

Automatic Persistence Setup (Recommended)

Most USB creation tools handle persistence automatically! When creating your bootable USB, select the persistence option in these tools:

  • Rufus (Windows) - Select "Persistent partition size" slider when writing the ISO
  • UUI (Universal USB Installer) - Check "Persistent file size for storing changes" option
  • YUMI (Multiboot) - Supports persistent storage configuration during setup

See the Create Bootable USB section above for tool downloads and setup.

No manual commands needed - The tools will automatically create and configure the persistent partition for you!

Boot Options: - live-persist - Enable persistent storage (standard) - live-persist-encrypted - Enable encrypted persistent storage (recommended for security)

Manual Setup (Advanced - Linux dd Method Only):

If you used the Linux dd method to create your USB, you'll need to manually configure persistence:

# Create encrypted persistent partition on USB
sudo apt install cryptsetup
sudo cryptsetup luksFormat /dev/sdX2
sudo cryptsetup luksOpen /dev/sdX2 persistence
sudo mkfs.ext4 -L persistence /dev/mapper/persistence
sudo mkdir -p /mnt/persistence
sudo mount /dev/mapper/persistence /mnt/persistence
echo "/ union" | sudo tee /mnt/persistence/persistence.conf
sudo umount /mnt/persistence
sudo cryptsetup luksClose persistence

Verification: 

# Check if persistence is enabled
mount | grep persistence
ls -la /live/persistence

Network Configuration

# Configure static IP
sudo nano /etc/network/interfaces

# Restart networking
sudo systemctl restart networking

# WiFi configuration
sudo nmcli dev wifi connect "SSID" password "PASSWORD"

Firewall Configuration

# Configure firewall rules
sudo iptables -A INPUT -p tcp --dport 30050 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 30050 -j DROP

# Monitor active connections
sudo netstat -tulpn | grep microsocks

Emergency Data Destruction (Nuke Password)

What is Nuke Password?

The nuke password feature allows instant, irreversible destruction of encrypted data in emergency scenarios by destroying LUKS encryption keys, making data permanently unrecoverable.

Requirements

  • Encrypted persistent storage (live-persist-encrypted boot option)
  • LUKS-encrypted partition
  • health-control binary (Kodachi system binary)
  • cryptsetup-nuke-password package (auto-installed by health-control if missing)

The health-control binary provides a safe, automated approach to managing nuke passwords with built-in safety features:

# Step 1: Detect LUKS devices on your system
health-control luks-detect
health-control luks-detect --all-devices    # Include loop and virtual devices
health-control luks-detect --json           # JSON output for scripts

# Step 2: Configure nuke password (Interactive - Recommended)
sudo health-control luks-nuke --action configure --device /dev/sda5
# Prompts for nuke password interactively (safer method)

# OR: Configure with password (Automated - for scripts)
sudo health-control luks-nuke --action configure --device /dev/sda5 --password YOUR_NUKE_PASSWORD

# Step 3: Verify nuke password is configured
health-control luks-nuke --action status                    # Check all LUKS devices
health-control luks-nuke --action status --device /dev/sda5  # Check specific device
health-control luks-nuke --action status --json             # JSON output

# Optional: Remove nuke password
sudo health-control luks-nuke --action remove --device /dev/sda5

Safety Features

When using health-control for nuke password management, you get:

  • Automatic LUKS Validation: Verifies device is actually a LUKS partition before operations
  • Encrypted Header Backup: Creates AES-256-CBC encrypted backup of LUKS header on Desktop (timestamped)
  • Package Management: Auto-installs cryptsetup-nuke-password if not present
  • Comprehensive Logging: All operations logged to logs-hook for audit trail
  • Status Monitoring: Check nuke password status across all LUKS devices
  • JSON Support: Full JSON output for GUI/dashboard integration

Advanced/Manual Method

For advanced users who prefer direct control, you can use the underlying cryptsetup command:

# Add nuke password to existing LUKS partition (manual method)
sudo cryptsetup luksAddNuke /dev/sdX2

# You'll be prompted to:
# 1. Enter existing LUKS password
# 2. Enter new NUKE password (different from normal password)
# 3. Confirm nuke password

# <i class="fas fa-exclamation-triangle" style="color: #ff9800;"></i> WARNING: Manual method does NOT create header backups
# Consider using health-control for automated safety features

How It Works

  1. Normal Boot: Enter regular LUKS password → Data decrypted normally
  2. Emergency Activation: Enter nuke password → LUKS header destroyed instantly → Data permanently unrecoverable
  3. Result: Partition appears as random data, no forensic recovery possible

Activation Process

# During boot, when prompted for LUKS password:
# Enter NUKE password instead of normal password
# → LUKS header immediately destroyed
# → Boot fails (expected)
# → Data permanently destroyed

Use Cases

  • Border crossings / checkpoints under duress
  • Emergency situations requiring immediate data destruction
  • Physical device seizure scenarios
  • Coercive password disclosure situations

Critical Warning

Nuke password destroys ALL data on the encrypted partition permanently. There is NO recovery, NO undo, NO backup restoration. Use only in genuine emergency scenarios. Test in a non-critical environment first.

Troubleshooting

Issue: WiFi not working 

# Check WiFi hardware
lspci | grep -i wireless

# Install missing firmware (if needed)
sudo apt update
sudo apt install firmware-iwlwifi firmware-realtek
sudo modprobe -r iwlwifi && sudo modprobe iwlwifi  # Reload driver

Issue: Binary not found 

# Verify binaries exist
ls -la ~/dashboard/hooks/

# Check PATH
echo $PATH

# Run with sudo
sudo ip-fetch

Issue: VPN not connecting 

# Check VPN configuration
sudo routing-switch status

# Verify network connectivity
ping -c 4 1.1.1.1

# Check DNS resolution
nslookup check.torproject.org

# Review logs
tail -f ~/dashboard/hooks/logs/routing-switch.log

Issue: Tor not starting 

# Check Tor service status
sudo systemctl status tor

# Review Tor logs
sudo journalctl -u tor -f

# Restart Tor service
sudo tor-switch stop-tor
sudo tor-switch torrify-system-nftables-dns

Issue: DNS leaks detected 

# Switch DNS provider
sudo dns-switch switch --names dnscrypt-quad9

# Test again
sudo dns-leak test --comprehensive

# Verify DNS configuration
cat /etc/resolv.conf

Security Considerations

  1. Always verify downloaded ISOs - Check SHA256 checksums
  2. Use encrypted persistent storage - Enable live-persist-encrypted boot option
  3. Configure nuke password - For emergency data destruction
  4. Restrict proxy access - Use firewall rules to limit client IPs
  5. Regular updates - Keep system packages updated (if using persistence)
  6. Monitor logs - Review service logs for anomalies
  7. Test workflows - Verify anonymity configurations before production use
  8. Backup configurations - Export VPN/proxy configurations separately
  9. Physical security - Secure hardware running proxy server
  10. Network segmentation - Isolate proxy server on dedicated network

Summary

Kodachi Terminal is the perfect solution for:

Key Benefits

Network-wide proxy protection - Run as dedicated SOCKS5 server

Safe binary testing - Isolated environment for experimentation

Multi-protocol support - 12+ routing protocols included

Resource efficient - Lightweight terminal-only design (2.4GB ISO)

Production ready - Based on Debian 13 (Trixie) with comprehensive hardware support

Complete toolkit - All 14 Kodachi binaries pre-installed

Maximum compatibility - 30+ firmware packages for WiFi, Ethernet, Bluetooth

Whether you need a dedicated proxy server for your network or a safe testing environment for Kodachi binaries, Kodachi Terminal provides a complete, lightweight solution.