Nanodroid developer is back!

https://forum.xda-developers.com/apps/magisk/module-nanomod-5-0-20170405-microg-t3584928/page816

Hi everyone,

I know I've been inactive for about 2 or 3 months here.

Those who follow the git repository might already know that some groundbreaking work was going on since beginning of August.

A new beta release 22.6.91 (= 22.7-beta2) will drop this weekend. What's to expect:

- full support for Android 10 (many issues resolved)
- full support for Android 10 if deodexed in the Patcher
- flashing all Packages (except the Uninstaller, needs a few changes, still) through Magisk Manager, this includes the Patcher as well (yes, yes!)
- more. See ChangeLog.md for the full list.

I won't go into reading the past 10+ pages, if there are any unresolved issues or questions, feel free to post them again (or in case of issues even better: create a ticket over at gitlab, with logs included).


NanoDroid 22.6.91 (22.7-beta2)

As promised, a new beta release is now available for testing: 22.6.91 (= 22.7-beta2)

Highlights

Full Android 10 compatibility (many issues resolved)
Full Android 10 compatibility for Patcher (services.jar must be deodexed, though)
Support flashing of all modules (including the Patcher!) through Magisk Manager (requires Magisk 19.0 at minimum)
Fixed several issues
build-package previously only worked in GNU/Linux, will now work on *BSD and Darwin (= MacOS) aswell
Usual updates


Configuration Changes:

1) Full package switched from Oandbackup to OAndBackupX (you'll be auto-migrated)

2) You can now install Play Store and Aurora Store (+ Aurora Services) together by using
Code:

nanodroid_play=30

3) You can now install official F-Droid and Aurora F-Droid clients (+ F-Droid Privileged Extension / Aurora Services) together by using
Code:

nanodroid_fdroid=3

4) You can now choose which init scripts to install by removing unwanted ones from the list
Code:

nanodroid_init="10_sqlite 20_fstrim 30_logcat 40_external_sd 50_logscleaner"

5) You can now choose which shell utils to install by removing unwanted ones from the list (the column utility will always be installed, as it's required by nanodroid-overlay script)
Code:

nanodroid_utils="findfs findmnt hexdump lessecho lesskey lsblk lscpu lsipc lslocks lsns ncal whereis"

6) You can select all new/changed stuff from Setup Wizard aswell, of course

DOWNLOADS:
https://downloads.nanolx.org/NanoDroid/Beta


#nanodroid #installer #microg

Full Nanodroid ChangeLog since 22.6

## 22.7 (in-dev)

### Bug Fixes

* SetupWizard
* when selecting no apps create empty config file (working around an uncommon corner case)
* when one selects no apps but still activates "install apps", the installer would install all apps

* Patcher
* drop -Xnodex2oat`from `dalvikvm flags to avoid crashes on Android 10
* falsely listed as supported flag by dalvikvm --help

* Installer
* fix bootloops with recent Play/GmsCore on Android 10 due to changed privapp-permissions

* SysTest
* fix collecting dalvikvm information on some recent ROMs

* Installer, Patcher, SysTest, Uninstaller
* improved APEX compatibility
* improved Android 10 compatibility

* Google Package
* fix GoogleCalendarSync on SDK 21 - 29 @Spongebob
* fix installing swipe libraries in cases where LatinIME does not have it's libs linked to /system

* build-package Script
* Darwin compatibility
* BSD compatibility
* fix build-package clean not properly working

### General Changes

* Installer
* Installing through Magisk Manager is possible again (atleast 19.0 required, 20.4 highly recommended)
* setup variable nanodroid_init is now a list nanodroid_init="10_sqlite 20_fstrim 30_logcat 40_external_sd 50_logscleaner"
* all listed init scripts will be installed
* setup variable nanodroid_utils is now a list nanodroid_utils="findfs findmnt hexdump lessecho lesskey lsblk lscpu lsipc lslocks lsns ncal whereis"
* all listed utils will be installed
* the column util will always be installed (required by nanodroid-overlay)

* Full Package
* switch from Oandbackup to OAndBackupX

* Full, microG package
* setup variable nanodroid_play has new value 30 which will install both Play Store and Aurora Store
* use own DroidGuard instead of Official, as long as there's no release

* Full, F-Droid package
* setup variable nanodroid_fdroid has new value 3 which will install both official and Aurora Store F-Droid clients
* installs F-Droid priviledged extension and Aurora Services alongside

* Patcher
* Patching through Magisk Manager is possible (atleast 19.0 required, 20.4 highly recommended)
* remove restriction for Android 10
* use Android 7 - 9 patch for Android 10
* collect APEX information in log
* create BOOTCLASSPATH on-the-fly and log it
* experimental: use newly proposed Haystack patches, see https://github.com/Lanchon/haystack/pull/34
* various minor improvements

* SysTest
* check and log LD_CONFIG_FILE
* log loaded APEX modules

* Patcher, Uninstaller
* drop old code regarding NanoMod (= NanoDroid older than version 16.0)

* Setup Wizard
* updated for aforementioned changes
* other minor changes

* build-package Script
* a bit more info when BP_DEBUG=1 is passed over

* Documentation
* minor updates

### Updates

* automatic
* microG GmsCore (0.2.11.202414)
* microG Droidguard Helper (0.1.2) [custom build]
* note: SafetyNet attestation still does not work with microG!
* AnySoftKeyboard (1.10.1109)
* Aurora Droid (1.0.6)
* Aurora Services (1.0.6)
* Aurora Store (3.2.9)
* Bromite System WebView (84.0.4147.132)
* F-Droid (1.10-alpha0)
* Frost (2.4.5)
* K-9 Mail (5.717)
* KeePassDX (2.8.1)
* NewPipe (0.19.8)
* OAndBackupX (3.0.0)
* Odyssey (1.1.19)
* Open Camera (1.48.2)
* OpenLauncher (0.7.3)
* OpenVPN (0.7.15)
* OsmAnd+ (3.7.4)
* Privacy Browser (3.4.1)
* Simple Calendar (6.10.0)
* Simple Gallery (6.15.2)
* SmartPack Kernel Manager (12.8)
* Termux (0.96)
* Tor Browser (68.10.1)
* Twidere (4.1.4)

* manual
* Google Play (20.9.20)
* MPV (20200728-nightly)

* tools
* sqlite3 (3330000)
* smali (2.4.0) [SDK26+]
* baksmali (2.4.0) [SDK26+]
* file (5.38-5)
* dexpatcher (1.8.0-beta1) [SDK26+]
* aapt [from Substratum 1021]

#nanodroid #installer #microg

Firefox Relay: create email aliases to combat spam and improve privacy

Mozilla revealed Firefox Private Relay, an experimental service to protect email addresses through the creation of aliases, in May 2020. The service was invite-only at the time but it is now available to anyone who wants to give it a try.

Now called Firefox Relay, it is available globally. A Firefox Account is required to sign-up for Firefox Relay and Firefox users may install the companion extension to better integrate the service into the browser and improve the generation of aliases, e.g. when signing up for a new service.

https://www.ghacks.net/2020/08/22/firefox-relay-create-email-aliases-to-combat-spam-and-improve-privacy/

#Mozilla #Firefox #Relay #spam

How the Dark Web Drug Supply Has Responded to COVID-19

The darknet drug markets suffered initial disruptions in shipment speeds before recovering to become more efficient than legitimate supply chain systems.

Like legitimate supply chains, dark web drug markets depend on substance imports from China, and the coronavirus pandemic led to closure of Chinese chemical supply firms and factories.

Importantly, drug dealers depend of legitimate trade routes to sustain their illicit commercial activities. The fact that EU borders remained open did not make things better for most of the darknet and legitimate supply chains as shipping capacities took a nose dive.

Nonetheless, although the coronavirus-related restrictions seemed to freeze operations across the global drug supply chains, the situation in the dark web economy was different. Mexican drug cartels suffered from the pandemic’s economic ramifications as user buying power tanked – meanwhile, the darknet drug markets did not really suffer a serious dent in drug sales.

👀 👉🏼 (Tor-Browser)
http://tapeucwutvne7l5o.onion/how-the-dark-web-drug-supply-has-responded-to-covid-19

👀 👉🏼 Online Drug Markets Are Entering a 'Golden Age'
https://www.vice.com/en_us/article/dyz3v7/online-drug-markets-are-entering-a-golden-age

👀 👉🏼 Vaccine for COVID-19 and Other Scams on the Dark Web
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vaccine-for-covid-19-and-other-scams-on-the-dark-web/

👀 👉🏼 (PDF) From Dealer to Doorstep – How Drugs Are Sold On the Dark Net
https://www.swansea.ac.uk/media/From-Dealer-to-Doorstep-%C3%A2%C2%80%C2%93-How-Drugs-Are-Sold-On-the-Dark-Net.pdf

👀 👉🏼 (PDF) EMCDDA AND EUROPOL ANALYSE IMPACT OF PANDEMIC ON EU DRUG MARKETS
https://www.emcdda.europa.eu/system/files/attachments/13099/COVID19_DrugMarkets_EMCDDA_Europol_Final_web.pdf

#darknet #markets #drugs #europol #covid #study #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Internet use increases among poor Brazilians

A greater percentage of individuals on lower incomes is shopping online and paying for streaming services during the Covid-19 outbreak, according to new research.

There has been a significant increase in online access to financial offerings and government services in Brazil among low-income citizens, according to a study on the role of the Internet during the Covid-19 outbreak.

The study carried out by Cetic.br, research arm of the Brazilian Network Information Center (NIC.br) suggests that Internet access through all devices has gone up significantly and online traffic in Brazil has reached record levels in the last five months, peaking at 13,5 Tbps.

https://www.zdnet.com/article/internet-use-increases-among-poor-brazilians/

#SouthAmerica #Brazil #internet

Stealing Data With CSS: Attack and Defense

Summary: A method is detailed - dubbed CSS Exfil - which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Due to the modern web's heavy reliance on CSS, a wide variety of data is potentially at risk, including: usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers. The technique can also be used to de-anonymize users on dark nets like Tor. Defense methods are discussed for both website operators as well as web users, and a pair of browser extensions are offered which guard against this class of attack.

👀 👉🏼 Want to check if you are vulnerable?
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester

💡 👉🏼 Want to protect yourself?

👉🏼 Install the Chrome plugin:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo

👉🏼 Install the Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection

👀 👉🏼 Methods of Exploitation and Proof of Concept
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense

#css #attack #defense #exploitation #vulnerability
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bellingcat's free online open source research toolkit

Version 5.3 (August 19, 2020)

The list includes satellite and map services, photo and video review tools, web archiving sites, and more.

Content (All links lead to GoogleDocs):

💡 Maps, Satellites & Streetview
💡 Location Based Searches
💡 Image & Video Verification
💡 Social Media
💡 Transportation
💡 Date & Time

💡 WhoIs, IPs & Website Analysis
💡 People & Phone Numbers
💡 Archiving & Downloading
💡 Company Registries
💡 Data Visualization
💡 Online Security & Privacy
💡 Finding Experts
💡 Miscellaneous
💡 Guides & Handbooks

https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/mobilebasic#h.6igzqqftqvh4

#Bellingcat #toolkit #research #collection
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

me and my shadow - take control of your data

💡 What are digital traces?

Through your computer, mobile phone, and other digital devices, you leave behind hundreds of digital traces (also called data traces) every day: bits of information about you that are created, stored, and collected.

When your digital traces are put together to create stories about you or profiles of you, these become your digital shadows. These can give others huge insight into your life; and they can also be totally wrong. Either way, once they're out there, they are almost impossible to control....

👀 👉🏼 https://myshadow.org/

#shadow #data #digital #traces #yourdata #toolkit #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Dutch ISPs Unblock Pirate Bay Proxies, Because They Can

Dutch ISPs Ziggo and XS4ALL have unblocked dozens of Pirate Bay proxies and mirrors. While the companies must block the torrent site itself, the latest court order supersedes the injunction which covered the site's proxies. Anti-piracy group BREIN characterizes the ISPs move as "shenanigans" and "downright silly."

The Pirate Bay is blocked in dozens of countries around the world. In most cases, ISPs are ordered to take action after a relatively short court proceeding.

In the Netherlands, however, the process took more than a decade, and it’s still not completely over yet.

https://torrentfreak.com/dutch-isps-unblock-pirate-bay-proxies-because-they-can-200822/

#Europe #Netherlands #ISP #PirateBay #piracy

NSO Group Closes Cyprus Office of Spy Firm

NSO recently closed the Cyprus office of phone network exploitation company Circles and fired a number of staff, according to two former NSO employees.

Controversial phone hacking company NSO Group has closed the Cyprus office of Circles, a surveillance firm that previously merged with NSO, and fired a number of staff, according to two former NSO employees.

Cyprus is a hotbed for surveillance companies that sometimes set up shop in the country and then sell their technology from the region.

"They fired all the Cyprus office," one of the former NSO employees told Motherboard.

"All Cyprus site was closed recently; all of the people fired," the second former employee added. Motherboard granted the sources anonymity as they weren't authorized to speak to the press about internal company issues, and to avoid retaliation from NSO.

https://www.vice.com/en_us/article/ep48kp/nso-group-cyprus-circles-bulgaria-ss7

#Israel #Cyprus #NSO #spy #firm

The Digital First Aid Kit!

The Digital First Aid Kit is a free resource to help rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. It can also be used by activists, human rights defenders, bloggers, journalists or media activists who want to learn more about how they can protect themselves and support others. If you or someone you are assisting is experiencing a digital emergency, the Digital First Aid Kit will guide you in diagnosing the issues you are facing, and refer you to support providers for further help if needed.

👀 👉🏼 https://digitalfirstaid.org/en/index.html

👀 👉🏼 Digital Security Helpline
https://www.accessnow.org/help/

#data #digital #firstaid #security #help #toolkit #guide #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Belarus blocks over 50 news websites amid large protests

MINSK, Belarus (AP) — Authorities in Belarus have blocked more than 50 news media websites reporting on how the country has been shaken by two weeks of protests demanding that authoritarian President Alexander Lukashenko resign after 26 years in power.

The Belarusian Association of Journalists reported the shutdowns Saturday, which included sites for the U.S.-funded Radio Liberty and Belsat, a Polish-funded satellite TV channel focusing on neighboring Belarus.

On Friday, the state publishing house stopped printing two top independent newspapers, the Narodnaya Volya and Komsomolskaya Pravda, citing an equipment malfunction.

https://apnews.com/7d92cfccbc7cbed1aaab40fd6f0b6e0b

#Europe #Belarus #free #press #protests

Welcome @ our BlackBox Security Group and News Channel :)

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google Has a Plan to Disrupt the College Degree

Google's new certificate program takes only six months to complete, and will be a fraction of the cost of college.

Google recently made a huge announcement that could change the future of work and higher education: It's launching a selection of professional courses that teach candidates how to perform in-demand jobs.

These courses, which the company is calling Google Career Certificates, teach foundational skills that can help job-seekers immediately find employment. However, instead of taking years to finish like a traditional university degree, these courses are designed to be completed in about six months.

https://www.inc.com/justin-bariso/google-plan-disrupt-college-degree-university-higher-education-certificate-project-management-data-analyst.html

#US #Google #education

Google wants to shut down dezoomify

A free and open source software that offers zoomable images from Google Art service

https://github.com/lovasoa/dezoomify/issues/435


#dezoomify #Google #art

Censorship: Google and YouTube shut down accounts of the Cuban government

Censura: Google y YouTube cierran cuentas del gobierno cubano

https://www.elperiodico.com.do/2020/08/21/censura-google-y-youtube-cierran-cuentas-del-gobierno-cubano


#Google #Cuba

Umami

Simple, fast, website analytics alternative to Google Analytics

https://umami.is

https://github.com/mikecao/umami


#Google #analytics #alternatives

Gcam-Services-Provider

This app "simulates" the Google Play Services that Gcam requires, allowing the camera app to be used on devices without Google Play Services. The app does not have a Ui for the simple reason that it is not needed.

https://github.com/lukaspieper/Gcam-Services-Provider


#gcam

According to a report in Android Police, Android 11, the next version of the world’s most popular mobile operating system, will prevent apps from using third-party camera software to take photos. Instead, the phone’s default built-in camera app will have to be used.

When taking photos, current versions of Android allow apps to display a pop-up camera picker from which the user can select their preferred camera app. However, this option has been removed in Android 11. 

This means users who installed popular camera apps such as VSCO, Adobe Lightroom or A Better Camera, will have to revert to their phone’s built-in camera software when taking photos or video from within another app. Users will still be free to use any camera app they wish by launching it directly. Only the camera picker option is affected.

The new restriction exists to prevent apps from grabbing your location without permission. Even if an app has been denied access to your location data, it’s still possible to circumvent this restriction when using third-party camera apps.

The problem arises because camera apps typically embed location data within their image files, and without the new restriction there’s no way to prevent this information from being returned to the calling app along with the photo. 

While I can understand Google’s reasoning here, the current solution feels like an unnecessary inconvenience that doesn’t completely solve the problem. Disabling the camera picker doesn’t prevent images, complete with embedded location data, from being uploaded from the gallery instead.

Anyone updating to a new version of Android will surely be surprised and frustrated to find such a convenient feature removed, so I hope a more elegant solution can be found sooner rather than later. A simple way for advanced users to re-enable the camera picker would probably do just fine.

https://www.forbes.com/sites/paulmonckton/2020/08/22/google-android-11-camera-picker-privacy

https://www.androidpolice.com/2020/08/20/android-11-camera-apps-chooser


#Google #camera #gcam #Android #Android11

How to stop the onion denial (of service)

As you might have heard, some onion services have been experiencing issues with denial-of-service (DoS) attacks over the past few years.

The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against. During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it. This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.

For the past two years, we've been providing more scaling options to onion service operators, supporting more agile circuit management and protecting the network and the service host from CPU exhaustion. While these don't fix the root problem, they provide a framework to onion service operators to build their own DoS detection and handling infrastructure.

Even though the toolbox of available defenses for onion service operators has grown, the threat of DoS attacks still looms large. And while there is still a bunch of smaller-scale improvements that could be done, we believe that this is not the kind of problem that a parameter tweak or small code change will make it disappear. The inherent nature of the problem makes us believe that we need to make fundamental changes to address it.

In this post, we would like to present you with two options that we believe can provide a long-term defense to the problem while maintaining the usability and security of onion services.

The intuition to keep in mind when considering these designs is that we need to be able to offer different notions of fairness. In today's onion services, each connection request is indistinguishable from all the other requests (it's an anonymity system after all), so the only available fairness strategy is to treat each request equally -- which means that somebody who makes more requests will inherently get more attention.

The alternatives we describe here use two principles to change the balance: (1) the client should have the option to include some new information in its request, which the onion service can use to more intelligently prioritize which requests it answers; and (2) rather than a static requirement in place at all times, we should let onion services scale the defenses based on current load, with the default being to answer everything.

👀 👉🏼 https://blog.torproject.org/stop-the-onion-denial

#tor #onion #DoS #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

What Happens If Uber and Lyft Flee California? Look at Austin

The ride-hail services are threatening to stop service in the Golden State to protest a judge's ruling. They did something similar in Texas in 2016.

Rafael Rodriguez remembers the moment he learned Uber and Lyft were leaving Austin. “It was Mother’s Day, and I was with my girl in a restaurant,” he says. “I said, ‘Now I’m not paying for that piña colada.’” Today, he laughs about it. But in 2016, the situation was worrying. Rodriguez was a full-time driver for the ride-hail companies. Just two days later, the platforms ditched the Texas capital, frustrated that they had lost a ballot measure that forced them to fingerprint potential drivers for background checks. Rodriguez was out of a job.

https://www.wired.com/story/uber-lyft-flee-california-austin/

#US #California #Uber #Lyft