342 lines
13 KiB
HTML
342 lines
13 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="description" content="">
|
|
<meta name="author" content="">
|
|
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
|
|
|
<title>How to have Privacy on your Phone (GrapheneOS)</title>
|
|
|
|
<!-- Bootstrap core CSS -->
|
|
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
|
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- Custom styles for this template -->
|
|
<link href="../../assets/css/main.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
|
<!--[if lt IE 9]>
|
|
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
|
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
|
<![endif]-->
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<!-- Static navbar -->
|
|
<div class="navbar navbar-inverse-anon navbar-static-top">
|
|
<div class="container">
|
|
<div class="navbar-header">
|
|
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
<span class="icon-bar"></span>
|
|
</button>
|
|
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
|
|
</div>
|
|
<div class="navbar-collapse collapse">
|
|
<ul class="nav navbar-nav navbar-right">
|
|
|
|
<li><a href="/about.html">About</a></li>
|
|
<li><a href="/blog.html">Categories</a></li>
|
|
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
|
<li><a href="/contact.html">Contact</a></li>
|
|
</ul>
|
|
</div><!--/.nav-collapse -->
|
|
|
|
</div>
|
|
</div>
|
|
|
|
<!-- +++++ Posts Lists +++++ -->
|
|
<!-- +++++ First Post +++++ -->
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-07-10</ba></p>
|
|
<h1>How to have Privacy on your Phone (GrapheneOS) </h1>
|
|
<img src="1.png" class="imgRz">
|
|
<p>In this tutorial we're going to setup graphene OS, an open source android operating system for google pixel phones. (Yes google phones, if you don't like it then you'll have to wait for functional <a href="../openhardware/index.html">open hardware</a> alternatives to arrive on the market.) Currently GrapheneOS is one of the most privacy-focused mobile operating systems given that it's fully <a href="https://grapheneos.org/source">open source</a>. and that they refuse to implement google services by default, unlike their competitors like LineageOS.</p>
|
|
|
|
<p><u>DISCLAIMER:</u> yes the quality of the photos taken are garbage :)</p>
|
|
|
|
<p><h2><u>OPSEC Recommendations:</u></h2></p>
|
|
<ol>
|
|
<li><p>Hardware : (Phone (google Pixel model))</p></li>
|
|
</ol>
|
|
<p>I recommend using this setup for <a href="../privacy/index.html">Private use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /grey -->
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon3">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Requirements </b></h2>
|
|
<p>First step is go acquire a Google pixel phone, and a model <a href="https://grapheneos.org/faq#supported-devices">that supports grapheneOS</a>. In my case, i purchased a Pixel 6 model. Then on the host OS on your computer, install the required packages:</p>
|
|
<pre><code class="nim">
|
|
|
|
[ nowhere ] [ /dev/pts/11 ] [~]
|
|
→ sudo pacman -Syy android-tools
|
|
[sudo] password for nihilist:
|
|
resolving dependencies...
|
|
looking for conflicting packages...
|
|
|
|
Packages (4) android-udev-20240221-1 libmtp-1.1.21-1 protobuf-25.3-4
|
|
android-tools-35.0.1-1
|
|
|
|
Total Download Size: 4.84 MiB
|
|
Total Installed Size: 22.07 MiB
|
|
|
|
:: Proceed with installation? [Y/n] y
|
|
|
|
</code></pre>
|
|
<p>Here on the phone, we need to enable developer settings, to be able to enable the "OEM Unlocking" option:</p>
|
|
<img src="3.png" class="imgRz">
|
|
<img src="4.png" class="imgRz">
|
|
<img src="5.png" class="imgRz">
|
|
<img src="6.png" class="imgRz">
|
|
<img src="7.png" class="imgRz">
|
|
<p>Then reboot the phone by holding the power and volume down to enter fastboot mode:</p>
|
|
<img src="8.png" class="imgRz">
|
|
<p>Then, connect the device via usb to your computer:</p>
|
|
<pre><code class="nim">
|
|
[ nowhere ] [ /dev/pts/11 ] [~]
|
|
→ lsusb | grep Google
|
|
Bus 001 Device 098: ID 18d1:4ee0 Google Inc. Nexus/Pixel Device (fastboot)
|
|
|
|
[ nowhere ] [ /dev/pts/11 ] [~]
|
|
→ fastboot --version
|
|
fastboot version 35.0.1-android-tools
|
|
Installed as /usr/bin/fastboot
|
|
|
|
[ nowhere ] [ /dev/pts/11 ] [~]
|
|
→ fastboot devices
|
|
no permissions; see [http://developer.android.com/tools/device.html] fastboot
|
|
|
|
[ nowhere ] [ /dev/pts/11 ] [~]
|
|
→ sudo -i
|
|
nowhere# fastboot devices
|
|
1C21FGJH6993LC fastboot
|
|
|
|
nowhere# fastboot flashing unlock
|
|
OKAY [ 0.043s]
|
|
Finished. Total time: 0.043s
|
|
|
|
</code></pre>
|
|
<img src="9.png" class="imgRz">
|
|
<img src="10.png" class="imgRz">
|
|
<img src="11.png" class="imgRz">
|
|
|
|
<p>Next, as i have a google pixel 6 model, i need to download the correct graphene os image</p>
|
|
<img src="2.png" class="imgRz">
|
|
<pre><code class="nim">
|
|
nowhere# mv /home/nihilist/Downloads/oriole-factory-2024070201.zip .
|
|
nowhere# unzip oriole-factory-2024070201.zip
|
|
Archive: oriole-factory-2024070201.zip
|
|
creating: oriole-factory-2024070201/
|
|
extracting: oriole-factory-2024070201/image-oriole-2024070201.zip
|
|
inflating: oriole-factory-2024070201/bootloader-oriole-slider-14.5-11677881.img
|
|
inflating: oriole-factory-2024070201/radio-oriole-g5123b-135085-240517-b-11857288.img
|
|
extracting: oriole-factory-2024070201/avb_pkmd.bin
|
|
inflating: oriole-factory-2024070201/flash-all.sh
|
|
inflating: oriole-factory-2024070201/flash-all.bat
|
|
|
|
nowhere# cd oriole-factory-2024070201
|
|
|
|
nowhere# ls
|
|
avb_pkmd.bin flash-all.sh
|
|
bootloader-oriole-slider-14.5-11677881.img image-oriole-2024070201.zip
|
|
flash-all.bat radio-oriole-g5123b-135085-240517-b-11857288.img
|
|
|
|
nowhere# chmod +x ./flash-all.sh
|
|
nowhere# ./flash-all.sh
|
|
|
|
</code></pre>
|
|
<p>Then let the bashscript run, it can take a few minutes:</p>
|
|
<pre><code class="nim">
|
|
nowhere# ./flash-all.sh
|
|
Warning: skip copying bootloader_a image avb footer (bootloader_a partition size: 0, bootloader_a image size: 14125140).
|
|
Sending 'bootloader_a' (13794 KB) OKAY [ 0.364s]
|
|
Writing 'bootloader_a' (bootloader) Flashing pack version slider-14.5-11677881
|
|
(bootloader) flashing platform gs101
|
|
(bootloader) Validating partition ufs
|
|
(bootloader) Validating partition partition:0
|
|
(bootloader) Validating partition partition:1
|
|
(bootloader) Validating partition partition:2
|
|
(bootloader) Validating partition partition:3
|
|
(bootloader) Validating partition bl1_a
|
|
(bootloader) Validating partition pbl_a
|
|
(bootloader) Validating partition bl2_a
|
|
(bootloader) Validating partition abl_a
|
|
(bootloader) Validating partition bl31_a
|
|
(bootloader) Validating partition tzsw_a
|
|
(bootloader) Validating partition gsa_a
|
|
(bootloader) Validating partition ldfw_a
|
|
(bootloader) Flashing partition ufs
|
|
(bootloader) Flashing partition partition:0
|
|
(bootloader) Flashing partition partition:1
|
|
(bootloader) Flashing partition partition:2
|
|
(bootloader) Flashing partition partition:3
|
|
(bootloader) Flashing partition bl1_a
|
|
(bootloader) Flashing partition pbl_a
|
|
(bootloader) Flashing partition bl2_a
|
|
(bootloader) Flashing partition abl_a
|
|
(bootloader) Flashing partition bl31_a
|
|
(bootloader) Flashing partition tzsw_a
|
|
(bootloader) Flashing partition gsa_a
|
|
(bootloader) Flashing partition ldfw_a
|
|
(bootloader) Loading sideload ufsfwupdate
|
|
OKAY [ 3.089s]
|
|
Finished. Total time: 3.454s
|
|
Setting current slot to 'a' OKAY [ 0.058s]
|
|
Finished. Total time: 0.059s
|
|
Rebooting into bootloader OKAY [ 0.000s]
|
|
|
|
[...]
|
|
|
|
Sending sparse 'super' 11/13 (254972 KB) OKAY [ 6.618s]
|
|
Writing 'super' OKAY [ 0.950s]
|
|
Sending sparse 'super' 12/13 (254972 KB) OKAY [ 6.621s]
|
|
Writing 'super' OKAY [ 0.935s]
|
|
Sending sparse 'super' 13/13 (46284 KB) OKAY [ 1.216s]
|
|
Writing 'super' OKAY [ 0.204s]
|
|
Erasing 'userdata' OKAY [ 0.390s]
|
|
Erase successful, but not automatically formatting.
|
|
File system type raw not supported.
|
|
wipe task partition not found: cache
|
|
Erasing 'metadata' OKAY [ 0.007s]
|
|
Erase successful, but not automatically formatting.
|
|
File system type raw not supported.
|
|
Finished. Total time: 105.929s
|
|
Rebooting into bootloader OKAY [ 0.000s]
|
|
Finished. Total time: 0.150s
|
|
nowhere#
|
|
|
|
|
|
</code></pre>
|
|
<img src="12.png" class="imgRz">
|
|
<img src="13.png" class="imgRz">
|
|
<img src="14.png" class="imgRz">
|
|
<p>then lock the bootloader:</p>
|
|
<pre><code class="nim">
|
|
nowhere# fastboot devices
|
|
1C21FGJH6993LC fastboot
|
|
|
|
nowhere# fastboot flashing lock
|
|
OKAY [ 0.276s]
|
|
Finished. Total time: 0.276s
|
|
|
|
</code></pre>
|
|
<img src="15.png" class="imgRz">
|
|
<img src="16.png" class="imgRz">
|
|
<img src="17.png" class="imgRz">
|
|
<img src="18.png" class="imgRz">
|
|
<img src="19.png" class="imgRz">
|
|
<img src="20.png" class="imgRz">
|
|
<img src="21.png" class="imgRz">
|
|
<p>And that's it! we managed to flash grapheneOS on the pixel phone.</p>
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<div id="anon2">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setting up multiple Profiles (for Public, and for Private use)</b></h2> </br> </br>
|
|
<p>As we have seen <a href="../internetsegmentation/index.html">previously</a>, it's always a good opsec practice to separate public use from private use. This can also apply on your phone, In this case we'll create a profile specifically for public usage, while we keep the main one for private usage.</p>
|
|
<img src="22.png" class="imgRz">
|
|
<img src="23.png" class="imgRz">
|
|
<img src="24.png" class="imgRz">
|
|
<p>Now in there, we can keep the closed-source applications in the public usage profile, while we keep the FOSS applications in the default private usage profile. </p>
|
|
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
|
|
<!-- +++++ Second Post +++++ -->
|
|
<div id="anon1">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-8 col-lg-offset-2">
|
|
<h2><b>Setting up package managers</b></h2> </br> </br>
|
|
<p>Now that's done, we use the private usage profile to install f-droid, in order to install FOSS applications</p>
|
|
<img src="25.png" class="imgRz">
|
|
<img src="32.png" class="imgRz">
|
|
<img src="33.png" class="imgRz">
|
|
<img src="34.png" class="imgRz">
|
|
|
|
|
|
<p>And here we can go into our public usage profile to setup the Aurora store to install closed-source applications like so:</p>
|
|
<img src="41.png" class="imgRz">
|
|
<img src="42.png" class="imgRz">
|
|
<img src="26.png" class="imgRz">
|
|
<img src="27.png" class="imgRz">
|
|
<img src="28.png" class="imgRz">
|
|
<img src="29.png" class="imgRz">
|
|
<img src="31.png" class="imgRz">
|
|
|
|
|
|
<p>And from there, we can install all non-FOSS applications in the public usage profile.</p>
|
|
|
|
</div>
|
|
</div><!-- /row -->
|
|
</div> <!-- /container -->
|
|
</div><!-- /white -->
|
|
|
|
<!-- +++++ Footer Section +++++ -->
|
|
|
|
<div id="anonb">
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col-lg-4">
|
|
<h4>Nihilism</h4>
|
|
<p>
|
|
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>My Links</h4>
|
|
<p>
|
|
|
|
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
|
|
|
|
</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
<div class="col-lg-4">
|
|
<h4>About nihilist</h4>
|
|
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
|
</div><!-- /col-lg-4 -->
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<!-- Bootstrap core JavaScript
|
|
================================================== -->
|
|
<!-- Placed at the end of the document so the pages load faster -->
|
|
|
|
</body>
|
|
</html>
|