How do I conceal my pikvm/tinypilot from my employers?
Hi, I am using a pikvm/tinypilot to either outsource or handle hybrid OE. What are some of the steps I can take to conceal my tracks?
Solution:Jump to solution
Detecting and Concealing Tinypilot and PIKVM
Detection Mechanism
Both TinyPilot and PIKVM can be detected due to their physical HDMI and USB connections. When plug-and-play hardware is connected, the computer identifies details like the manufacturer, serial number, etc., enabling automatic driver installation.
...
Tuning HDMI EDID - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
FAQ & Troubleshooting - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
Mass Storage Drive - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
41 Replies
Solution
dependent-tan•12mo ago
Detecting and Concealing Tinypilot and PIKVM
Detection Mechanism
Both TinyPilot and PIKVM can be detected due to their physical HDMI and USB connections. When plug-and-play hardware is connected, the computer identifies details like the manufacturer, serial number, etc., enabling automatic driver installation.
IT departments might have software that scans computers, retrieving a list of all connected devices. By default:
- TinyPilot doesn't conceal its identity.
- PIKVM identifies itself explicitly as "PIKVM", allowing anyone with IT knowledge to recognize and understand its purpose with a simple Google search.
How to Conceal Device Identities
For PiKVM:
1. Disable Mass Storage: Turn it off to avoid detection. Refer to the official guide and check the "Disable MSD" section.
2. Change USB Identification: Modify the USB manufacturer and serial number details. Check the FAQ under "How do I emulate various USB devices on the target machine?".
3. Adjust HDMI EDID: Alter the EDID for HDMI. Details can be found in the official documentation under "kvmd-edidconfig".
4. Change your iConfiguration: (thanks to a user here)
otg:
config:
value. By default it exposes PiKVM as the name. You can check with lsusb
sudo lsusb -v | grep iConfig
5. Change your PiKVM's MAC address
vim /etc/systemd/network/eth0.network
Use a mac address generator
info: https://www.reddit.com/r/pikvm/comments/1ef59bu/hide_rpi_from_being_discoverable_on_local_network/
For TinyPilot:
1. Disable Virtual Media: Turn it off for concealment. Refer to the forum discussion for guidance.
2. Modify EDID: Change the EDID settings as per the official FAQ.Tuning HDMI EDID - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
FAQ & Troubleshooting - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
Mass Storage Drive - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
When trying to change the EDID for a tinypilot. Keep in mind the new EDID (on FAQ) shows Audio inputs and ouputs as TinyPilot still. Youll want to use the older EDID or edit one yourself.
https://forum.tinypilotkvm.com/-561/in-device-manager-under-audio-inputs-outputs-i-see-tinypilot-intelr-display-audio#post-7
Original EDID:
Credit to @Alternity https://discord.com/channels/1181304501999784027/1181322626283614240/1292990756713267220
best case it should look like this essentially notice the #. if you have no # in front then you are in trouble
dependent-tan•3w ago
@burneyburney[👑]
5 steps in "Pikvm"
xenial-black•3w ago
ty!
Do you like Tinypilot or PiKVM more? Tinypilot said they are more newbie friendly, while PiKVM V4 Plus is just as expensive. (Also as of Oct 15, 2024, Tinypilot run out of stock)
exotic-emerald•3w ago
depends what you need
Do people use KVM to access J's laptop?
1. use personal laptop to access J's laptop
2. use J1 laptop to access J2's laptop
3. use J1 laptop to access personal laptop
4. use (any laptop) to access personal PC
I am thinking maybe I need [1],[2], and probably [4]
exotic-emerald•3w ago
kvm is just a kvm
what you decide you need is how you use it
access the work stuff while not touching the laptop? does that help choose between the two type of KVMs?
I mean if I setup my Pi that would be <$100 but i am not very hardware savvy
exotic-emerald•3w ago
what are you trying to do also, lets take this to #🖥|tech-talk
dependent-tan•3w ago
As someone who owned 2 tinypilots where i later bought pikvms to replace it, pikvm wins hands down
"pikvm" - do you mean buy your own pi to setup KVM w/ the pikvm software (github) or https://pikvm.org/buy/ ?
Buy PiKVM V3 or V4
PiKVM an easy and inexpensive DIY IP-KVM on Raspberry Pi to control remote machines: Full HD, mouse, Mass Storage Drive, VNC, IPMI and much more out of the box. Most modern KVM over IP ever!
dependent-tan•3w ago
PiShop.us
PiKVM V4 Plus
American Raspberry Pi Shop. One stop shop for all your Pi needs. Raspberry Pi add-ons, HATs, accessories, Starter Kit, Media Center kit, RetroPi Arcade kit, Ultimate Kit, and many other project kits. PiShop.us is approved Raspberry Pi re-seller and carries all official Raspberry Pi boards and products.
also do you need 1 KVM for each laptop? seems an investment
dependent-tan•3w ago
yes 1 per laptop if youw atn to control them independently. otherwise you need an ezcoo or equivalent https://docs.pikvm.org/ezcoo/
ezCoo managed multiport KVM switch - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
dependent-tan•3w ago
i wouldn't really recommend getting your own pi and getting the software unless you just like to tinker
buy vs build -- buy is better if you're just focused on the OE use case
Reminder Added
ask kvm plus vs mini, multi device support<t:1729094400:t> (<t:1729094400:R>)
Boss Battle
OH SHIT A BOSS SPAWNED! We need 2-5 people to send "I'M READY" to fight this boss. Quick!Generic Dank Fighter "shut yo lil bro ahh up" Time to join ends <t:1729063869:R>!
Boss Battle
Not enough people joined the boss battle...
Better luck next time everyone!
What’s the difference between plus vs mini? Is it that the Plus support multi laptop or multi USB and mini does not?
Say if the KVM is setup so that we can use J1 laptop to access J2. Does the J’s IT know the interactions?
dependent-tan•3w ago
no idea. i never bought the mini. i assume both will fit the “hybrid OE” use case
ideally you should not have j1 laptop access j1. that requires tailscale installation and IT will know this interaction
you want your personal laptop to have access to whatever is connected to the pikvm
exotic-emerald•3w ago
hdmi passthru
So if in a hybrid scenario, we go to the J1 office, either bring personal laptop and access pikvm for J1/J2 laptop?
Or just bring two laptop: j1 laptop and personal laptop for j2 kvm or just j2 laptop (if only j2
dependent-tan•3w ago
Bring personal and job laptop
You may certainly do personal to j1 and j2 if you can
Makes sense
vicious-gold•3w ago
would company traffic network be able to detect this at all? like if i am going into office on company internet, and i access tailscale to use my laptop from j1 or j2, is that an issue that would raise any flags?
dependent-tan•3w ago
it shouldn't especially if you use a hotspot
vicious-gold•3w ago
ah so i would need to use hotspot from like my phone?
dependent-tan•3w ago
if you want to be safe
newbie quesiton, are we able to do zoom calls with pikvm (receive audio/video from client to send to KVM)?
seems it is possible for
H.264 / WebRTC as in this doc https://docs.pikvm.org/audio/HDMI audio - PiKVM Handbook
Open and cheap DIY IP-KVM on Raspberry Pi
dependent-tan•3w ago
No, you need to do alot more setup for that
For example, jack trip for audio
And vdo.ninja + OBS
For video
Those software will be in the KVM machine? doesn't seem sus?
dependent-tan•3w ago
No... If you remind me tomorrow I'll link more.
It's a separate architecture
I guess just bring the laptop with me and forget about KVM :monkaS: otherwise i need to be in zoom while "cannot speak" and "no camera"
or, if zoom specifically, i will just log into J1 zoom in my personal laptop...
Ok, reminding in 10 hours:
tommorownice system design diagram
dependent-tan•3w ago
https://discord.com/channels/1181304501999784027/1181322626283614240/1285819222999437362
Jacktrip audio setup
Instructions https://discord.com/channels/1181304501999784027/1181322626283614240/1224797568815337591
But yeah, it's not as easy as what you think
Need separate architecture for both video and audio
@Hestia Kohi Sage, reminder from <t:1729144891:R>:
tommorowvicious-gold•3w ago
or you can just login with your phone?