GrapheneOS
Kali NetHunter


GrapheneOS has a reputation for currently being one of the most secure and private solutions possible for a phone. Naturally upon hearing about it I had to check it out. Here’s a list of the currently supported devices as of the end of Febuary 2021.

I’ve improved my Nethunter setup quite a bit as well so thought an update was due.

GrapheneOS

With some time into it grapheneOS can really increase anonymity, privacy and security, without the cost of massive functionality. I currently have mine setup with an always on VPN, end to end encrypted communications, tor browser and the ability to switch from VPN to Orbot and proxy all traffic over tor. Permanent add blocking and hardened browsers. Off-line maps so location data and gps can be turned off without losing navigation capacity. Peer to peer decentralized file synchronization along with IPFS-lite.
guardian project/haven
The guardian projects repository can also be imported to whichever FOSS android market you prefer, and though tangential to graphene their application Haven is pretty cool.
https://github.com/guardianproject/haven



Configured with Orbot and your signal account Haven is a multi sensor security system which will securely text you if alarmed as well as having its own onion service you can login to. Haven uses many of the phones sensors to keep real time awareness of its environment, such as picking up any sounds, vibrations, changes in light or movement. Triggering the alarms starts recording from the interfaces and sends an encrypted text via signal. All of these sensors can have their sensitivity adjusted to prevent false alarms. Some of them can be very sensitive without dialing it down. I recommend calibrating it a bit ‘live’ else you might come back to a phone with 100% full data of videos like myself while testing it.
Kali Linux NetHunter
[wifite2 demo]
current wifi capabilities with only the onboard chip
- A plethora of WEP attacks
- WPA Handshake Capture and offline crack
- WPA PMKID Hash Capture and offline crake
- WPS Brute-Force PIN attack
- WPS offline Pixie-Dust attack
- WPS offline NULL PIN attack
with on the go cable and second ap

- WIFI signal jamming [additional antenna via usb needed]
- Implant and use all the tools with remote access over ssh
In this accelerated screen recording wifite is enabled by disconnecting from any networks, switching the firmware and then starting the program on interface wlan0 (index 0 the first WiFi adapter, the onboard WiFi chip. Wifite automatically scanning for a few seconds capturing a list around 150 potential targets, then Initialize an attack against against a personal WiFi network I started for the purpose.
Lets improve it. What’s?
better than ssh: Mosh
Easier to type on: iPad
Rubber Ducky’s?

With all the fantastic work on Rucky I couldn’t leave they/them out.
The source code: https://github.com/mayankmetha/Rucky
You can download Rucky directly from the NetHunter app store. Of course this is all FOSS. You can download the NetHunter app store from :
https://store.nethunter.com/en/
And conveniently check the pgp signature via QR code to when downloading before install. Rucky does require root and a USB HID patch for use.

with the lovely color scheme on my device
At https://ducktoolkit.com/ on your phone or any browser you can select from an array of payloads based upon your target, encode the payload, disguise the signatures on your device and load it straight into the app, Rucky. These tools are almost getting easy to use but the barrier of the difficulty to getting this setup in the first place and customizing/configuring it for use seems to still be keeping at bay hoards of teenagers who might otherwise in their lack of experience attempt to use them nefariously.