@ariadne there is a useless use of cat in there...

What I like with apk (and alpine in general) is that as long as you have apk.static, busybox.static and /etc/apk/world you can recover from almost anything.

@q66 framework laptop still?

well this is bad

my laptop has just decided to grow scanlines

first i thought it was just the gpu driver crapping itself so i rebooted but it's on bios splash screen and everywhere

I don't register for discounts.
I don't install apps.
If your product requires an app, I'M NOT BUYING IT.

The new feature nobody wanted

#webcomic #krita #miniFantasyTheater

@GrapheneOS @elly I'm sure other android distros and even pmOS would benefit a lot from that work

@GrapheneOS @elly Have you considered fixing these issues upstream, if you are aware of them and know solutions to them?

Since we're on the topic of Cellebrite: #postmarketOS is NOT vulnerable to UFED.

Among devices that police seized from my friend was Xiaomi Poco F1 (xiaomi-beryllium) running postmarketOS build I pmbootstraped in late January 2024 (without LUKS2). Police seized the device 2 weeks after I gave it to said friend.

They tried to exploit it, but gave up. Mainline Linux kernel (6.6 at the time) did not have vulnerabilities in USB HID drivers (at least none in UFED's database).

To mitigate further against tools such as Cellebrite, we could enable USB authentication which prevents kernel modules from loading prior to user's consent.
Problem with that approach is that Desktop Environments have authentication implemented for Thunderbolt, but not for USB.
https://usbguard.github.io/

I really would like to see SELinux implemented as well, but it would be a Herculean effort because rules would need to be hand-written for Alpine.

@GrapheneOS @elly Can you share a few unfixed CVEs of those?

@elly Stay safe ^^

About 1.5 years ago my friend was (falsely) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

• Samsung Z Flip3 5G (SM-F711B)
• Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

Have fun!

Today Software Freedom Conservancy is launching our biggest fundraiser match challenge yet! With a whopping $211,927 from our generous matchers, every dollar you donate until January 15th 2026 will be doubled! This has been a huge year for us and we're so thankful to all the individuals who help sustain our organization.

You can become a sustainer and read more about what we've been up to here:

https://sfconservancy.org/sustainer/#YearInReview

@ptrc i thought it was windows e[xp]erience but whatever thanks for correcting me

@ptrc windows xul platform I see

we get signal. main screen turn on

Four bendy buses managed to enter a roundabout at the exact same time from four different directions in Oslo yesterday afternoon and get properly stuck, each bus blocking the exit for the one behind it. #BigBusStuck

You meet the users where they are.

You have literally no idea how much this paid off. The number of infected media players people downloaded in the age before Windows Media Player had more than three codecs is unimaginable

Who knows if I saved the entire firm doing this

I think it is time to cancel Xiaomi products, since HyperOS the bootloader unlock is nearly impossible.