Mutt
Professional
- Messages
- 1,167
- Reaction score
- 835
- Points
- 113
Copperhead OS Review
The main feature of the Copperhead OS firmware is significantly advanced hacking prevention tools. Copperhead OS includes an improved implementation of the OpenBSD memory allocator (malloc), which randomizes the pages allocated to an application and fills the returned memory pages with garbage. This process makes use -after-free attacks very difficult to implement. OpenBSD malloc also places labels at the end of the allocated memory areas, which are checked when it is freed. This allows you to combat Heap overflow attacks.
When building Copperhead OS, compiler tools are used to prevent stack breaks. In particular, the _FORTIFY_SOURCE mechanisms in GCC (Android <7.0), -fsanitize = bounds, -fsanitize = object-size in Clang (Android 7.0), the -fsanitize = integer mechanism to protect against integer overflow. These tools are used by Google in AOSP, but the authors of CopperheadOS have extended their use for many more functions of the C standard library (and, equally important, they have committed to the upstream).
To protect against code modification, CopperheadOS uses the trusted boot mechanism first introduced in Android 4.4 and does not rely on pre-optimized application code in the / data / dalvik-cache directory. The latter is needed to quickly launch applications and is generated during the first boot of the smartphone (the message "Optimizing applications ..."). However, it can also be used to inject malicious code into the system: there is no point in replacing the application itself in the / system section - the trusted boot mechanism will refuse to load the smartphone after modifying the system partition, but no one has any suspicions about the optimized code in / data / dalvik / cache will cause.
The Copperhead OS kernel is compiled with the PaX patch, which includes several mechanisms to prevent attacks:
- PAX_RANDMMAP - more advanced, in comparison with the standard Android kernel, implementation of the address space randomization mechanism (ASLR), which makes it difficult for buffer overflow and heap attacks;
- PAX_PAGEEXEC - a mechanism for protecting data pages from execution, which kills the application as soon as it tries to execute code in the data area (there is such a mechanism in the Android kernel, but it acts more gently);
- PAX_MPROTECT - Prevents application code from being modified at runtime;
- PAX_MEMORY_SANITIZE - resets the memory page when it is freed (only for kernel space);
- PAX_REFCOUNT - a system for automatically freeing unused objects in memory, preventing attacks like “Use-after-free (only for kernel space);
- PAX_USERCOPY - buffer overflow protection by checking object size (only for kernel space);
- PAX_KERNEXEC - protect memory pages from execution (only for kernel space).
CopperheadOS includes many other limitations. By default, the default camera application does not indicate the location of the shooting in the metadata of the picture, and the screen does not display notifications that can reveal important confidential information (In Android and iOS, they allow the display of such push notifications, with the option to turn off).
Applications running in the background cannot access the clipboard (which affects the functionality of some required applications from GooglePlay).
The MAC address of all network interfaces is randomized by default.
The WebView system component, which renders web pages in third-party applications and in most browsers, uses the "IsolatedProcess" feature to close each WebView instance into its own separate sandbox.
Chromium itself, on which WebView is based, includes a number of restrictions and settings aimed at protecting against information leaks: correcting errors in the address bar, preloading web pages, contextual search, metrics, and auditing of hyperlinks are disabled. The default search engine is DuckDuckGo Anonymous Search.
Tor Tools
Copperhead OS is just the basic part of the firmware. Several more tools work on top of it: Orbot, orWall, F-Droid, My App List and Google Play, included in the basic delivery not so much because of access to the application market (the F-Droid store performs its functions here), but because of Signal. which uses Google services to receive push notifications.
The two main and important components here are, of course, orWall and Orbot. The first is a build of Tor for Android, which can work either as a local SOCKS proxy, redirecting all traffic to Tor, or in root mode, when traffic is wrapped in Tor by the Iptables firewall, which avoids any leaks.
Press and hold the power button.
However, by default, the firmware does not use either method, but relies on orWall, a kind of firewall wrapper that makes it possible to wrap traffic in Orbot selectively, for each individual application. With this, you can easily control who will use Tor, who will go directly, and who will be denied access to the Internet at all.
The OrWall tool completely blocks all internet connections until the firmware is finally downloaded. This avoids any data leaks in cases where you intend to access the Internet exclusively through Tor or completely block Internet access for an untrusted application.
My App List is another pretty interesting app in this firmware. Initially, it was created as a convenient way to save a list of all applications installed through the F-Droid market, but the developers of Tor used it to quickly install recommended programs. They prepared in advance a list of applications that might be useful to the average user and uploaded it to My App List.
The My App List contains:
- Amaze File Manager
- XMPP clients Сonversations and Xabber
- Book Reader Cool Reader
- VoIP clients CSipSimple and Linphone
- Mozilla Firefox Browser
- Mail client K-9 Mail
- Twidere Twitter client
- Online maps OsmAnd
- VLC media player
Installing Copperhead OS
At the moment, the Copperhead OS firmware is only available for the Nexus 5X and 6P, but its installation is significantly different from installing the same CyanogenMod or any other custom firmware. In fact, this is just a set of scripts for Linux that downloads the latest version of CopperheadOS from the official site, downloads additional software, integrates it into the firmware, signs it and installs it on the device using the Fastboot utility.
For this reason, to install the firmware you will need:
- Linux distribution
- Java JDK
- OpenSSL
- Cpio utilities, Git, g ++, GCC
- Installed ADB and Fastboot
Installing Copperhead OS Using Ubuntu
Code:
$ sudo apt-get install android-tools-adb android-tools-fastboot
$ sudo apt-get install openjdk-7-jdk
$ sudo apt-get install build-essential git
$ sudo apt-get install libssl-devNow you need to activate USB debugging on your smartphone. This can be done in the settings:
Settings -> About Phone, 5 Build Number taps.
Further:
Settings -> Developer Options -> Allow USB Debugging , and Enable OEM unlock .
After that, connect the device via USB and execute this command:
Code:
$ sudo adb devicesIn response, the phone should display a dialog box asking about the trust of the PC, of course you have to agree with it.
Now you need to download the scripts and start the firmware process:
Keep in mind! After this operation, all data on the device will be deleted!
Code:
$ git clone https://github.com/mikeperry-tor/mission-improbable/
$ cd mission-improbable
$ ./run_all.shThe script will guide you through all the steps of the installation.
Conclusion
The firmware from the creators of Tor is undoubtedly an interesting idea. Using it in the right way, you can get a really untraceable phone on the Internet.
But it should be borne in mind that your mobile device will remain unprotected from tracking by mobile networks and Side channel attacks, for example, the ability to intercept passwords by analyzing changes in Wi-Fi in the signal.
