Guardian Rom - Secure Android OS

Discussion in 'privacy technology' started by x942, Jun 9, 2013.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    It appears that x492, aka Kyle, has formed a new business. He does have a gmail address by which he can be contacted. I imagine he still resides in BC, Canada.

    -- Tom
     
  2. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Hi everyone I am going to try and clear some of this up. I know there is no way to verify this is me. If I have a chance I will sign this post with my personal GPG key tomorrow.

    This is what happened. Back in June we were victim to a ddos attack, shortly after this I was contacted by over e-mail from an individual demanding we remove the website. I ignored it of course, assuming it was just nonsense. This individual proceeded to attempt to doxx me, not hard since GuardianRom was tied to my identity since I didn't want a truecrypt issue where people don't trust the product because of anonymous devs. He posted a bunch of info, nothing tied to my address or anything major, but I decided to delete a few accounts to be on the safe side. One of which was my x942 account on this site.

    The attack continued for another couple weeks. I then went to put cloudflare up to help mitigate the attack, but when I logged into my registrar account I was surprised to see that both Guardianrom and shadowdcatconsulting were no longer listed. I reached out to my registrar and they said they were both released and I no longer owned them.

    I have been fighting for over a month to get them back, but no luck.

    The next part sucks but due to the nature of this project we had several dead-man switches in play. They took me and my two other team members to reset it every 30 days. Part of the check is a special TXT DNS record that is supposed to change every 30 days to prove we still own the domain. Since the domains weren't in our possession any more the check failed on the 30th day.

    The dead-mans switch wiped: Our servers, Our newsletter registration list (users emails), and our GPG keys.

    So we were in the dark for a while due to no longer having access to our GPG keys, domains, or servers.

    We are not dead. After the above happened, I called a meeting with the other members, we agreed to go into "Stealth mode" and work on the project without worry. At this time I am working on another startup - any money that I personally make will be poured into GuardianRom's successor. If anyone would like to help us - shoot me an e-mail.

    I still recommend staying away from Silent Circle. Buy a Nexus phone + install stock AOSP/CM (No Gapps) + Silent Circles apps. Cheaper and
    just as secure.

    Yes I have launched a new, unrelated startup in order to bring in money. As I said above, I will taking my money and putting it into a new company that will form the new GuardianRom/Phone. We have exciting work being done right now.
     
  3. Tani

    Tani Registered Member

    Joined:
    Aug 14, 2015
    Posts:
    4
    site server seems to be down :(
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,032
    Wow :eek:

    I'm glad that you're OK :)
     
  5. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Yeah since the domains aren't in our possession, they aren't pointed anywhere. We have been fighting to know what happened but our registrar keeps saying 'Only the user can release a domain' and then the contradict that by saying their was no account activity during the period of when the domains were released. The account was protected with a strong randomly generated password and two-factor so I doubt it was hacked on that end.

    Yup! Doing well. Just trying to get this out ASAP :)
     
  6. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Thanks for the follow-up and glad you are ok.

    I am starting to look at it from the perspective of buying a Nexus and security hardening it myself. I like the article by the TorProject https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
    A little outdated but it is a good start. We really need something more up to date, maybe worth documenting some of the experiences or having a security hardening android project.
     
  7. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    I would be more than happy to write a new guide on this. Somethings have changed since my last one (and the one you posted). I will write it up and post here on the forms + my website. That link isn't to out of date, but I personally believe there are some better things you can do now and it doesn't cover every use case.
     
  8. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Didnt realize that was your article. It works for Android Kit Kat but Lollipop changes quite a few things. Droidwall doesnt appear maintained either.

    I saw the following photo that convinced me silent circle wasnt what I was looking for.
     

    Attached Files:

  9. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Lollipop did change quite a bit. The guide I am writing will be far more in depth and will cover everything from an average user to more paranoid users like me. I will post the whole thing as a link, but I will also quote the parts I know you all will want and just post that in the thread so you don't have to go to another website to view it.

    Yup. Of course they are going to add Google in. No one was buying it before. How much longer before the playstore is included as well.
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,277
    Location:
    Outer space
    Good to see the project is not dead :)
    Btw, do you know if GuardianRom's hardened kernel and GRsecurity would have stopped the exploiting of the stagefright CVE's?
     
  11. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Haven't tested it but I will do so tonight for you. It should though as it appears that Android's ASLR implementation mitigated the damage on newer devices. I will do a full test and see if I can make it working against the GRSec kernel.
     
  12. guest

    guest Guest

    Is there a way besides this thread to follow the news about this ROM? twitter account or something?
     
  13. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    You can follow my website as I post updates often. However all accounts were shutdown temporarily due to us going stealth for the time being. I will update once we relaunch but for most part updates will be few and far between until then. You can also e-mail me for updates if you use GPG.
     
  14. guest

    guest Guest

    Is this your website? it doesn't work for me.
    http://www.shadowdcatconsulting.com/
     
  15. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
  16. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    What handsets do you see working the GuardianRom on in the future? Are you planning on bringing this to the new Nexus 5 coming out in October?

    My thoughts at the moment are to follow your advice and go the Cyanogenmod path with a Nexus and until GuardianRom is done security harden it myself.
     
  17. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Yeah I think the project is dead, which is unfortunate. Luckily i found another project that is coming along very nicely! Check out Mission impossible android (MIA) on github, ill post a link below. Nathan from guardian project (Not GuardainROM) is helping as well as Mike Perry from the Tor project. The project is a streamlined version of the Mike Perry hardened android writeup on the Tor blog and they have been making great progress, come check it out.

    https://github.com/mission-impossib...id#mia---mission-impossible-android-hardening
     
  18. guardianrom

    guardianrom Registered Member

    Joined:
    Aug 16, 2015
    Posts:
    9
    Our software releases will always target the Nexus devices as its easier since google releases the AOSP source tree for those devices. Anyone can port them to another device is the feel like it though. Part of the delay is working on the following issues:

    1. We want reproducible builds so people can confirm our binaries are legit and not back-doored.
    2. We are working on implementing XEN isolation still, on most devices you will be limited to Dom0 and on VM, but on mobile this is all you need really. The guest VM can run any apps you don't trust and possible even google apps for those who need them. All without having access to your sensitive data.
    3. With reproducible builds we are building out an open-source server that will allow anyone to host a server that will automatically download our source-code and compile it. This would be set by the server own as to how often it would do it, but as a default upon any knew binary release. The servers download the source-code, compile it, and as its reproducible they check the hash (SHA-256). If they match all good, if not something is up. The more servers running the better and each server will send results to the other servers so as an end user you can just visit one trusted server and see if the builds pass the checks. The more servers the better as it eliminates the threat of a rouge server claiming the binaries don't match when they do, or vice versa. You would get a break down like 20/20 servers verified the build. This should make implementing a backdoor hard as it would HAVE to be in the source-code to pass these tests. If its in the source, it will get found eventually. This part of the project is being completed after we have reproducible builds.
    4. Hardware version. We are working hard on vetting vendors for a hardware version. Our open-source modem is a ways away though. The first iteration of the phone will probably have a removable modem so you can simply remove it if you don't trust it.
    That is a great project, but we aren't dead. Things are taking longer are we are a small team and we want to ensure this is done correctly.
     
  19. ImplicitDeny

    ImplicitDeny Registered Member

    Joined:
    Sep 14, 2015
    Posts:
    1
    Since we haven't gotten a GPG key yet (and many of us wouldn't know how to effectively use it anyway), I'm assuming there's a few people on here that can verify you in their circle of trust and say that you are really you? Not intending any offense here.....
     
    Last edited by a moderator: Sep 14, 2015
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,032
    His key, as I know it:
    Code:
    Key ID:      0xF17D45EB
    Fingerprint: 75F0 29CC 7580 2332 C0F9 9B40 AAC4 E1E8 F17D 45EB
     
  21. NotNo

    NotNo Registered Member

    Joined:
    Sep 19, 2015
    Posts:
    2
    Hi Guardianrom, mirmir and all..

    I am still waiting patiently to see this one stop shop of personal freedom and safety come to fruition.

    Still on the seat of my pants.......

    Please please please KD.............News please?

    We the few marvel at your genius ;)
     
  22. u235

    u235 Registered Member

    Joined:
    Oct 26, 2015
    Posts:
    1
    Hi. Is there any news on the guardian ROM? Im very courious to see the results. I'm currently owning a rooted Sony z1 phone with all kinds of privacy countermeasures. But that's far from ideal. I hope so, that the project isn't dead yet. The world deserves the option of an phone that can be trusted. :(
     
  23. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    It is the dilemma that I am facing.
    I could buy a Nexus and wait for guardian rom which would be ideal for my purposes. The balancing act is between privacy and security.
    Other solutions include using Knox or Android for Work Phones,Of the three solutions my preference is:
    1.) Guardion ROM (nice but not available) Privacy and Security but not available.
    2.) Knox - Addresses security but not privacy
    3) Android for Work - Less security and little privacy

    https://www.wilderssecurity.com/threads/virtual-machines-within-android.380926/
     
  24. Mailmaiden

    Mailmaiden Registered Member

    Joined:
    Jul 20, 2014
    Posts:
    14
    Copperhead OS might be of interest to people in this thread. Perhaps a new thread should be made as I haven't seen anything on it here. Been using it now for a month, also spoof MAC address's per app as well as including PAX kernal etc. Pretty cool project that is advancing nicely
     
  25. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Great to hear Mailmaiden, definitely one worth considering. I am looking at alternative options at the moment.

    I know every time I say that Guardian Rom is a dead project Kyle pops up.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.