• XSS.stack #1 – первый литературный журнал от юзеров форума

Новое! Введение в разработку Secrypt Phone

Отслеживать
nightly сказал(а):
> Nitrokey
is pure shit. selling overpriced items is shit.

U told u have company in CH - now no company and students.
Where is the open source repo?
Where is the audit?

U're not a like Nitrokey, u're like Krebs bastard.
Thanks for sharing your perspective. We understand the skepticism and appreciate your critical view, it helps us identify areas to improve. To clarify, we're students currently learning and exploring the development of privacy-focused hardware, not an established company just yet. However, we are in the process of registering the company. Since I'm based in the Netherlands, the paperwork and cross-border logistics are taking some time, but it's progressing.

Our project is still in its early stages, so we haven't released an open-source repository or conducted audits yet, but these are part of our long-term goals. We're inspired by companies like Nitrokey for their commitment to privacy, though we recognize the need to stand on our own merit and avoid the pitfalls of overpriced or inaccessible products.

We welcome constructive feedback to guide us in this journey and hope to earn your trust over time through tangible results.
 
okay, let's talk money. how would your company survive without help from the FBI and other 3 letter guys? this project seems too big for just two students.
have you estimated the time frames for the project (and multiplied them by 3)? have you estimated the expenses (and multiplied them by 3)?
 
Прикольные чуваки :)
Продукта еще нет, просто прощупывают спрос.

Во первых ничего не сказано про операционную систему на которой будет работать сие чудо. Штатный андроид или graphene OS.
А может своего франкенштейна запилят. Тогда основная уязвимость это сервер обновлений с ключем подписи сборок. Захват такого сервера трехбуквенными ведомствами и всем п***да. Запилят свою сборку, подпишут ее и фсе, телефоны превратятся в жучки.

Весь трафик через ТОР, во-первых медленно, во-вторых привлекает к себе излишнее внимание. Представляю сколько будет качаться обновление системы.

Пароль под принуждением, когда телефон окирпичивается не очень работает в наших условиях можно случайно получить телесные повреждения. Гораздо эффективней в этом случае тихое удаление "рабочих" приложений и их контекта и спокойная разблокировка телефона.

Ну и само собой еще не понятно как это супер устройство пройдет проверку cellebrite premium и graykey.

Ща чуваки по нашим замечаниям себе TO DO лист напишут и будут дальше копать.
 
Dread Pirate Roberts сказал(а):
okay, let's talk money. how would your company survive without help from the FBI and other 3 letter guys? this project seems too big for just two students.
have you estimated the time frames for the project (and multiplied them by 3)? have you estimated the expenses (and multiplied them by 3)?
Since we're working on this project alongside our studies, we don't have a set time frame for completion and likely won't have one for a while. Right now, we're focused on gauging demand, gathering feedback on potential features, and making sure we're not missing anything critical.

We're self-funded, investing from our own pay, and handling all the coding and development ourselves. This means progress might be slower, but we're committed to building a thoughtful and reliable product. Your input on features or other aspects is invaluable as we refine our plans, so feel free to share any ideas or suggestions.
 
en1gma сказал(а):
Cool dudes:)
There is no product yet, they are just testing the demand.

Firstly, nothing is said about the operating system on which this miracle will work. The standard Android or Graphene OS.
Or maybe they'll make their own Frankenstein. Then the main vulnerability is the update server with the assembly signing key. If three-letter departments take over such a server, that's it. They'll make their own assembly, sign it, and that's it, phones will turn into bugs.

All traffic through TOR is, firstly, slow, and secondly, it attracts unnecessary attention. I can imagine how long it will take to download the system update.

The password under duress, when the phone is bricked, does not work very well in our conditions, you can accidentally get bodily harm. Much more effective in this case is the quiet removal of "working" applications and their context and quiet unlocking of the phone.

Well, of course it is still not clear how this super device will pass the cellebrite premium and graykey tests.

Now the guys will write a TO DO list based on our comments and will continue digging.
Thank you for your feedback! It's incredibly valuable as we refine our ideas and identify potential challenges.

To clarify, we're not planning to use existing systems like GrapheneOS. Instead, we're building our own operating system based on Android. This gives us the flexibility to tailor features and security measures specifically to our goals. We understand the risks associated with updating servers and signing keys, and we're exploring ways to mitigate these vulnerabilities.

Traffic routing and usability are also key considerations. While TOR provides strong anonymity, we recognize the trade-offs in speed and the potential for increased scrutiny. We're looking into alternative options or providing configurable settings to strike the right balance for different users.

Your suggestion about handling duress situations more subtly is excellent. We're going to explore solutions like silent removal of applications and data that won't raise suspicion while maintaining the phone's usability.

Regarding Cellebrite and GrayKey, we're fully aware of the challenges and are considering methods to resist such forensic tools. This is a complex issue, but it's an important area we'll continue to prioritize as development progresses.

We truly appreciate your feedback, it's helping us identify critical areas to focus on and refine our approach. Please keep sharing your thoughts as we move forward!
 
Seichs сказал(а):
Thank you for your feedback! It's incredibly valuable as we refine our ideas and identify potential challenges.

To clarify, we're not planning to use existing systems like GrapheneOS. Instead, we're building our own operating system based on Android. This gives us the flexibility to tailor features and security measures specifically to our goals. We understand the risks associated with updating servers and signing keys, and we're exploring ways to mitigate these vulnerabilities.

Traffic routing and usability are also key considerations. While TOR provides strong anonymity, we recognize the trade-offs in speed and the potential for increased scrutiny. We're looking into alternative options or providing configurable settings to strike the right balance for different users.

Your suggestion about handling duress situations more subtly is excellent. We're going to explore solutions like silent removal of applications and data that won't raise suspicion while maintaining the phone's usability.

Regarding Cellebrite and GrayKey, we're fully aware of the challenges and are considering methods to resist such forensic tools. This is a complex issue, but it's an important area we'll continue to prioritize as development progresses.

We truly appreciate your feedback, it's helping us identify critical areas to focus on and refine our approach. Please keep sharing your thoughts as we move forward!
100% honest answer, 0% help from chatGPT
Who the hell uses dots at the end of the sentence?

Either it's a honeypot, or just a project without future. Why not just use graphene or lineage at least? TBH it's like sell your mercedes and buy chinese car :)
 
Seichs сказал(а):
Hello xss.pro community!

Посмотреть вложение 100998

My name is Seichs, and I am happy to introduce my new project - Secrypt Phone . We are developing a modified Google Pixel 8 with a specially customized operating system.

Key features of Secrypt Phone:

  • Security First : We remove cameras, microphones and several other sensors from the device to ensure maximum protection of your privacy.
  • Strong encryption and Titan M2 security chip : Protects your device and data from sophisticated physical attacks, keeping your information safe.
  • Verified Boot : Ensures that the operating system has not been modified, maintaining the integrity of your device.
  • P2P functionality : The phone works on a peer-to-peer (P2P) principle and uses servers only to establish a handshake, ensuring direct and secure communication.
  • Connect via Tor network : Your phone connects to the Internet via the Tor network, providing anonymity and additional protection when browsing the web and communicating.
  • Automatic Power Off Switch : The phone automatically turns off after a set period of inactivity, preventing unauthorized access.
  • Duress PIN : An emergency PIN that automatically erases your entire phone and data if you are forced to provide access under duress.
  • Obfuscated PIN layout and privacy screen : Allows you to enter your PIN in public without anyone peeking. Alternatively, an integrated fingerprint sensor for added convenience and security.
  • Open Source and Certification:
    • Open Source : Open source code allows you to check for back doors and other security risks.
    • Attestation : Hardware verification of the authenticity and integrity of the phone's software, providing full control over the device.
  • Exclusive device : Secrypt Phone with pre-installed Secrypt OS is sold directly from us. The phone comes with pre-installed Secrypt Chat messenger - a secure and convenient communication application.
  • No Data Storage : No user data is stored. Users are not required to create an account to use the phone and the app.
  • Safe activation process:
    • The application comes with a physical activation code generated by us.
    • After activating the application, you can enter your username and password.
    • You will then receive 8 words that you need to save. These words are needed to reset your password.
    • Without these 8 words, you will never be able to change your password, and we cannot do it for you either.
  • Sealed Packaging : Secrypt Phone comes in a sealed box to ensure the integrity and safety of the device upon delivery.
Why not to use Graphene OS? It's actually opensource & FREE, it has very similar functionality, and the biggest strong side about it, that it has a large community, which is useful for tech support.

This thread looks like re-inventing the bicycle. That's very interesting field for sure, but to make it actually profitable for yourself, you gotta create and implement functionality, that wasn't created before. Making custom security oriented firmware requires large third party involved audits, and lot's of other important procedures, which can take a lot of time and money. But in the same time it's absolutely must-have if you wanna look trustworthy and gain customer respect. I wish you luck guys, and hopefully you would consider doing something unique in this industry.
 
blackhunt сказал(а):
Yeah, exactly, that’s the main issue. Even if the software is super secure, if personal or financial info is collected during the purchase, it totally undermines privacy. The only way is to have anonymous purchases, like using crypto (e.g., XMR) with no buyer information recorded. Without that, a 'secure phone' is just a fancy name))), not truly secure. Privacy starts the moment you buy it.
It’s best to go to the Golden Triangle to buy a mobile phone, hehe😇
 
To enhance credibility, establishing a community group would be a good start. That said, the project in its current state is complete bullshit. There isnt a single feature that differentiates it from the free alternatives—let alone even matches them. You seriously need to rethink the entire concept from the ground up. Consider developing your own hardware if you want this to be remotely appealing to this kind of users. As it stands, this is nothing more than a poorly executed imitation, with the added bonus of potentially allowing for Backdoors. I can guarantee you wont find a single user willing to touch this—even if you give the device away for free in exchange for a review—unless the entire project is transparently documented and released as open source.
 
Вы перепишите все драйвера? а это закрытые части кода - НЕТ
Вы выпустите свои СИМ карты? а это одна из основнох дыр в безопасности -НЕТ
Сейчас компания которая эксплуатирует бэкдор в камерах творит чудеса, контроль любых камер, это контроль и изображения и акустики и не важно какой пароль, контролирует автомобили, внутри тоже стоят камеры .....Контролирует всё где стоят камеры, в частности телефоны
Вы никогда не сделает безопасный телефон на базе смартфона, с любой операционной системой.
Вряд ли люди которые не разбираются в безопасности могут сделать безопасныей телефон
Они строят дом на песке, при этом показывают какие надежные окна, какая прочная крыша, и какой крутой замок во входной двери.
Спасёт только кнопочный, если нужна какая то связь + внешнее шифрование голоса
 
Последнее редактирование:
jeki сказал(а):
Сейчас компания которая эксплуатирует бэкдор в камерах творит чудеса, контроль любых камер, это контроль и изображения и акустики и не важно какой пароль, контролирует автомобили, внутри тоже стоят камеры .....Контролирует всё где стоят камеры, в частности телефоны
с этого места поподробнее, пожалуйста :D
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх