proxy70

(2024-03-18) The Graphene Saga: part 2
--------------------------------------
...and probably the last.

I got tired of this circus pretty quickly. I have published whatever I've
found so far in the LuxDocs section, but... I really need a second Pixel 
device to keep going with this research. Because I still depend upon several 
applications that are incompatible with root, and GrapheneOS does nothing to 
help me with masking the root, on the contrary, making things much harder. 
In fact, one of Magisk modules broke the boot partition, so I had to 
reinstall the vanilla Graphene from scratch.

However, as I hinted before, the main problems of the project are not
technical, they are human. The devs don't understand not everyone can afford 
losing ~1GB of traffic for OTA updates twice a week, and then additional 10 
minutes of time for the "app optimization" process. The devs don't 
understand not all users are that stupid to not allow them root access, at 
least with ADB. The devs don't understand how modern OEM manufacturing 
really works and "regulations" don't. They seem to be living in a fantasy 
world where people only need a "more secure stock" without actually giving 
back control over their own devices to them, only making the permission 
model more granular and protecting against the exploits no one will ever be 
able to execute in the real world.

The sad part is, there doesn't seem to be anything better at the moment.
DivestOS lags behind by a major version but essentially suffers from the 
same issues. CalyxOS is too opinionated and endorsing some dubious things 
like WhatsApp, Signal and Cloudflare, and also repeats the same silly mantra 
as Graphene and Divest ("Running any Android device with root permissions 
severely undermines the security of the device"). LineageOS is probably the 
freest of them all (when speaking of Pixel 6) but lacks all the security 
advantages of all the above three. I plan on trying it out on the Mi 8 Pro 
though (because anything is much better than the stock MIUI spyware), but it 
can only happen in two weeks. And _if_ I manage to get an ADB root not 
visible by the rest of the OS there, then I'll consider moving from 
GrapheneOS to Lineage on the Pixel as well. And then I'll be able to 
continue the research on my main subject.

The main subject, as you might have seen in LuxDocs, is now stalled at the
stage of finding where the IMEI SHA checksums are stored. Because the IMEIs 
themselves are stored in the devinfo partition in the plain ASCII form 
(although the partition itself is binary), and this partition, contrary to 
my expectations, really controls everything over the EFS. Of course, if 
either IMEI doesn't match its checksum, the device reports both of them as 
000000000000000 to both the OS userspace and the network. And I could 
partially do this search in the offline mode as I dumped the modem firmware 
image along with everything EFS-related while I still had the root access. 
But, of course, I should have dumped everything I could.

Moral of the story: technical superiority isn't everything. Human
understanding of what really matters is much more important.

This week is going to be quite tough but I really hope I get rewarded on the
end of it. So I'll definitely have something interesting to write about next 
time.

--- Luxferre ---