Uncategorized

CopperheadOS: continuing with new team

Re: https://firmwaresecurity.com/2018/06/04/copperheados-company-problems/ and https://firmwaresecurity.com/2018/06/21/canebrakeos-based-on-copperheados/

it looks like CopperheadOS is continuing:

#CopperheadOS will be:

1) Continuing with contingency plans for our customers. No more SPOF.

2) Keeping our original licensing – free for personal use, non-commercial requires licensing agreement

3) Source code will be available on Github soon, though we may move platforms.

— CopperheadOS (@CopperheadOS) July 11, 2018

Copperhead's new team have successfully patched all builds with July's update and will be providing them to our customers shortly.

— CopperheadOS (@CopperheadOS) July 11, 2018

This is unequivocally false. #CopperheadOS will be continuing with proper contingency plans for our customers. https://t.co/i0WWhjIXQG

— CopperheadOS (@CopperheadOS) July 11, 2018

#CopperheadOS source code will be added back on Github in due time. We have some house cleaning to do.

— CopperheadOS (@CopperheadOS) July 11, 2018

https://copperhead.co/android/

https://github.com/copperheados

Uncategorized

CanebrakeOS: based on CopperheadOS

https://github.com/CanebrakeOS

CanebrakeOS from CopperheadOS

Comment from discussion th3-R3ddit_U53r’s comment from discussion "CopperheadOS dead, what now?".

Uncategorized

CopperheadOS and AndroidHardening project

Re: https://firmwaresecurity.com/2018/06/04/copperheados-company-problems/

An archive of some of my Android hardening work is available at https://t.co/KelvcbRZtC.

For now, the userspace code remains under the same non-commercial license and this won't be changed without an agreement being reached with Copperhead.

I stripped out the legacy branding.

— Daniel Micay (@DanielMicay) June 12, 2018

I no longer have an income and won't be working on this anymore. I just wanted to make sure there was an archive of some of the work. It's not all there due to lots not being ported to 5.x/6.x/7.x/8.x. Incomplete features that were in development or stalled also aren't there.

— Daniel Micay (@DanielMicay) June 12, 2018

https://github.com/AndroidHardening

Uncategorized

CopperheadOS company problems

Copperhead as a company doesn't share the goals and vision of this project and will not be involved in future endeavors. There is an attempt by James Donaldson to gain control over this project to pursue typical infosec industry rent seeking but can assure you it won't succeed.

— Daniel Micay (@danielmicay) June 4, 2018

CopperheadOS is a mix of code written before the company was founded, on my own time and on company time. It isn't possible to continue development due to the conflict. To be fair, here's their attempt at a coherent story:

(A) https://t.co/TiOsAqeD6n
(B) https://t.co/w3uDPIWcNG

— Daniel Micay (@danielmicay) June 4, 2018

Spent almost four years working on this only to have it destroyed by my completely selfish, narcissistic and untrustworthy business partner.

If you want it to continue, feel free to contact james.donaldson@copperhead.co and demand that he step down.

Sorry for letting you down.

— Daniel Micay (@danielmicay) June 4, 2018

https://copperhead.co/android/
https://github.com/copperhead

Uncategorized

copperheadOS: Samsung missing security features needed for Android Verified Boot

Tweets from CopperheadOS, a security-centric Android-based distribution, are a good source of Android security news, since they’re stretching the boundaries of the open source android release.

Samsung Galaxy S9 / S9+ is missing hardware-backed key rollback resistance, per-profile encryption keys (lacks file-based encryption), A/B updates and Android Verified Boot 2.0.

It's very telling that anything Google doesn't make into a hard requirement doesn't get implemented.

— CopperheadOS (@CopperheadOS) April 12, 2018

Uncategorized

CopperheadOS on Android Verified Boot 2.0 docs

Documentation on using AVB (Android Verified Boot 2.0) on the Pixel 2 landed with some modifications:https://t.co/RBTcHinewf https://t.co/oFO4dnxhJ1

No longer need to find the flash handler for 'fastboot flash avb_custom_key' in the bootloader disassembly to make use of it…

— CopperheadOS (@CopperheadOS) January 12, 2018

https://android.googlesource.com/platform/external/avb/#device-specific-notes

Here's the pull request documenting it to make this far easier to the next person trying to figure it out: https://t.co/9O3dD93vtk.

— CopperheadOS (@CopperheadOS) January 6, 2018

https://android-review.googlesource.com/c/platform/external/avb/+/582100

Uncategorized

CopperheadOS: business model concerns

CopperheadOS is “A security and privacy focused mobile operating system compatible with Android apps.“.

It appears the company is having problems trying to monetize an open sourced operating system. I hope they can solve things, they’re doing interesting security things with Android.

https://t.co/OUf86TcH7Y Since they built illegitimate businesses on the *official releases*, it doesn't matter that any checks we implement will be open source code…

— CopperheadOS (@CopperheadOS) November 14, 2017

Users on devices that were sold illegally will be able to contact us to purchase a commercial license to have the device whitelisted. Many of these devices will have been sold with potentially malicious apps / device managers installed and we'll be able to help with that too.

— CopperheadOS (@CopperheadOS) November 14, 2017

https://t.co/h8hjRbvOT5

No, they steal our work and use it against the terms of the licensing forbidding commercial usage. They download our Nexus releases, flash them onto phones, add their apps and sell them to organized crime.

Why should we keep offering downloads for them?

— CopperheadOS (@CopperheadOS) November 12, 2017

They can take our sources and even our unaltered releases and sell refurbished phones as new to organized crime. Our license forbids it and we're willing to enforce that in court but they have bigger legal issues than us.

It's not possible to expect people to act in good faith.

— CopperheadOS (@CopperheadOS) November 12, 2017

The only thing we're committed to doing is honoring our update / support commitments to customers. We're not locked into doing this for the rest of our lives if we decide it's not working out and the way we do it is in flux and needs to change based on what does and doesn't work.

— CopperheadOS (@CopperheadOS) November 12, 2017

Giving everything away for free under permissive licensing wasn't ever going to work out.

Our expectation of being able to make money on support and custom work on open source software was extremely far from the mark.

Rather than giving up, we've kept adapting to keep on going.

— CopperheadOS (@CopperheadOS) November 12, 2017

We've enabled over-the-air updates again to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices. https://t.co/jJTI6fpy5b

— CopperheadOS (@CopperheadOS) November 11, 2017

https://copperhead.co/android/
https://github.com/copperheados/

Firmware Security

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Tag Archives: CopperheadOS

CopperheadOS: continuing with new team

CanebrakeOS: based on CopperheadOS

CopperheadOS and AndroidHardening project

CopperheadOS company problems

copperheadOS: Samsung missing security features needed for Android Verified Boot

CopperheadOS on Android Verified Boot 2.0 docs

CopperheadOS: business model concerns