[Request] USB trigger

[InvisibleMan101]

Thank you for all your work & dedication. Is it possible to implement:

• Duress Password Wipe
• USB extraction wipe

Not sure if these are something that might be in the works moving forward but thanks again either way.

[x13a]

You have to explain logic behind "Duress Password Wipe".

[InvisibleMan101]

You have to explain logic by "Duress Password Wipe".

My apologies, enter a certain password on the lock screen and have device wipe itself or initiate factory reset.

[x13a]

I suppose it can not be done. Maybe something will change in Android 13. But USB trigger is likely to be implemented)

[InvisibleMan101]

I suppose it can not be done. Maybe something will change in Android 13. But USB trigger is likely to be implemented)

That's okay I just assumed that maybe if you needed to wipe your device or give a political adversary your password then this function would be of some use but perhaps maybe not as it may get you in more hot water if it ever came to that point and if a password that when entered wiped your device then perhaps that feature may not serve much purpose if everything else is working that this project provides and the device is encrypted.

What you have made for now is more than enough. Thank you again for your work, looking forward to USB trigger :)

[x13a]

It is an Android limitation, not my. I have done something similar for linux in the past. You can set maximum failed password attempts to 1 and be very carefull.

[InvisibleMan101]

It is an Android limitation, not my. I have done something similar for linux in the past. You can set maximum failed password attempts to 1 and be very carefull.

Thank you that makes perfect sense. Yes like in Linux similar with the nuke password wipe option. But your right hopefully something changes in Android 13 to remove the limitation.

[gostaex]

Duress Password Wipe This is already implemented in this program. The password is called negation and it works. Maybe just add some code. https://github.com/nekohasekai/lockup

[gostaex]

Please tell me how to use the notification label and tile functions

[x13a]

This is already implemented in this program.

I will take a look, thanks.

how to use the notification label and tile functions

After you enable Notification in Wasted, you have to grant read notifications permission. Then you can send a message with authentication code and boom) You can test this with unchecked Wipe data option.

Tile is useful when you device is locked, cause it can be used from the lock screen. After you click on the tile (it is an Android buttons you get when swipe down from top of the screen, with functions like disable Wi-Fi and so on) this tile become active and where are delay for 2 seconds. If you click again this will cancel trigger, else run lock/wipe routine.

[gostaex]

Thank you understood. and there is also a shortcut button. He should appear.

[x13a]

Yes, make a long click on the app's icon and you will see a Panic shortcut. You can drag it to a home screen or so.

[gostaex]

Yes, everything worked out. label works. But with the tile, nothing happened. There is no label on the plate. Or you just need to swipe a few times

[x13a]

[gostaex]

Yes thank you. Understood. Thank you very much for your work.

[x13a]

@gostaex , in the next release Tile will mimic to "Airplane mode" be carefull.

[gostaex]

Fine. Yes, this is an interesting idea. And what about injecting a function from lockup when a password reset occurs. There the author uploads his code under a free license.

[x13a]

Now implementing USB trigger. After it will see.

[InvisibleMan101]

Fine. Yes, this is an interesting idea. And what about injecting a function from lockup when a password reset occurs. There the author uploads his code under a free license.

I did notice actually in the latest android release of LOS on one of my test devices that lockup does not work. I think this was version 12 and possibly onward even when you enter a duress password it just doesn't do anything at all but on android 11 and below no issues and it works as it should.

[gostaex]

It's clear. I tried like on version 11. Working. But it starts to work only after at least a complete unlocking of the device.

[x13a]

about days you can choose. I can’t find any of that

Make a long click on "Wipe on inactivity", you will get a chooser dialog.

the tile doesn’t show

The tile now mimics to "Airplane mode". Do not forget to activate it in Triggers.

[x13a]

@InvisibleMan101 , @gostaex

Duress Password is implemented as companion app here: Duress.

For now it is matching by password length, not by password itself.
It is generic, to use it with Wasted you have to set:

• action to: me.lucky.wasted.action.TRIGGER
• receiver to: me.lucky.wasted/CodeReceiver
• authentication code to the code from Wasted
• password length to your actual password len plus at least two!

Do not forget to activate Broadcast trigger in Wasted.
It will trigger on any password with the length you set. If your actual password is 4, than you set Duress to 6. When you write any 6 chars password it will trigger.

[x13a]

what it does because it is greyed out

You have to record a video of what are you doing and the Wasted app triggers screen.

[x13a]

what’s the difference with the airplane tile wipe?

The difference between Tile and Shortcut is that tiles are available when your device is locked too, while shortcuts are only available after you unlock it. Depending of your threat model you can choose what is right for you. Tile can be clicked by anyone who has phisical access to your device.

[x13a]

Read notifications permission, which you can find in Settings > Notifications > Device and app notifications, is required for a Notification trigger. Broadcast trigger is using broadcasts. This is an Android functionality to communicate between different apps on the same device. The example is Duress app is using broadcast to trigger Wasted.

[x13a]

it says no such app

This links will be available after someone from F-Droid and Play Store will review and approve it. For now you have to use releases from GitHub: https://github.com/x13a/Duress/releases

[x13a]

was trying it in the work profile

Thank you for letting me know. I will take a look what can be done to make it work in the work profile too.

[InvisibleMan101]

Read notifications permission, which you can find in Settings > Notifications > Device and app notifications, is required for a Notification trigger. Broadcast trigger is using broadcasts. This is an Android functionality to communicate between different apps on the same device. The example is Duress app is using broadcast to trigger Wasted.

So just to triple check, if you send that authentication code from certain messaging apps with Duress setup with your settings and broadcast and notifications are on for Wasted this should wipe the device once it reads that code?

I tried this using briar messenger and couldn't get a code, is there certain messaging apps which this will and will not work with?

[x13a]

I haven't tested it with Briar, but Signal and Telegram worked for me.

[x13a]

You have to activate Notification trigger and gave Wasted access to notifications in Settings > Notifications > Device and app notifications > Wasted.

[ghost]

It is activated, is it the way like I wrote before like sending a msg with signal? I tested it but didn’t check the wipe data box, maybe that’s the reason it didn’t do anything? Tried it also with box checked but nothing.

[x13a]

On your video this is not notifications permission I was talking about. Use search to find Device and app notifications.

https://img.webnots.com/2021/12/Notifictions-Menu.jpg

[ghost]

This is so weird, I use lineage on a pixel 3a XL, android 11 and there is no such thing as privacy-Device and app notifications, even search doesn’t find it. ??

[x13a]

Download the app named Vibe. It has a bottom button, that will open this menu for you.

On Tue, Mar 15, 2022, 20:14 Florlorez87 @.***> wrote:

This is so weird, I use lineage on a pixel 3a XL, android 11 and there is no such thing as privacy-Device and app notifications, even search doesn’t find it. ??

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1068242314, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T2PURGEF24ICDFJNPLVADANVANCNFSM5MMPPNGQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>

[ghost]

Yes now it worked, perfect. Thank you for all the help you really helped me with whenever I got stuck, thx.

[ghost]

Question: the USB trigger which you are working on, what’s the idea? Is it like that if any usb gets connected that it’s triggered: like let’s say a powerbank?

Or is it like a configured usb?

[x13a]

I can not say for now how (and when) it will be implemented. Priority is to resolve BFU for Sentry, Wasted and Duress. If any attached USB device has a unique fingerprint, then it will be possible to implement some kind of a whitelist. Or we can use the unlock device state as a bypass for the trigger, but it may result in unexpected wiping. Without access to the recent forensics hardware it is difficult to say what is the good way for this. Because it can give a false feeling of safety. After the first unlock Android stores encryption keys in memory. Is it enough to trigger on USB attach or the data can be extracted without it? What data can be extracted from the recent devices like Google Pixels and Samsung S series from a live, locked (AFU) system? Does disabling USB data signaling is helping here to mitigate risks? I am saying that there are many questions..

On Tue, Apr 12, 2022 at 12:08 PM Florlorez87 @.***> wrote:

Question: the USB trigger which you are working on, what’s the idea? Is it like that if any usb gets connected that it’s triggered: like let’s say a powerbank?

Or is it like a configured usb?

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1096408556, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T3R4OA4P5FH2UNFOQLVEU4PBANCNFSM5MMPPNGQ . You are receiving this because you commented.Message ID: @.***>

[terra1122]

I've been trying for some time to use Duress with this to no avail. Wasted installed in work profile using shelter, have tried both Duress installed in normal profile and work.. no good. Android 12, CalyxOS. I've confirmed Wasted works by using the Shortcut however no luck with Duress.. Any help?

[ghost]

Did you check this?

[terra1122]

Yep permissions are correct as far as I can tell with Duress. My 'Device & App' notifications are empty and I can't see a way to add things there.

I have tripple checked that the codes entered are correct.

[terra1122]

I’m not sure about it but I had the same issue before, I did copy paste the code, but duress didn’t work. Then I entered it one by one with keyboard, then it worked. Try different codes maybe that will fix it.

I'm not sure how you're able to copy and paste, I don't have that option although it would make things easier. I have tried many times different codes, all entered manually.

[terra1122]

So after further testing I can everything working perfectly, except when using work profiles and shelter. Is there a permission that i'm missing with Shelter?

[x13a]

So after further testing I can everything working perfectly, except when using work profiles and shelter. Is there a permission that i'm missing with Shelter?

Please explain what is not working for you?

[terra1122]

So after further testing I can everything working perfectly, except when using work profiles and shelter. Is there a permission that i'm missing with Shelter?

Please explain what is not working for you?

When using a work profile via shelter, I can't get Duress to trigger wasted. Works just fine without the work profile however.

[x13a]

I will take a look, thanks

On Mon, Jun 13, 2022, 13:31 terra1122 @.***> wrote:

So after further testing I can everything working perfectly, except when using work profiles and shelter. Is there a permission that i'm missing with Shelter?

Please explain what is not working for you?

When using a work profile via shelter, I can't get Duress to trigger wasted. Works just fine without the work profile however.

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1153748771, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7TZUS3OPBQW4OM3EKHLVO4EW3ANCNFSM5MMPPNGQ . You are receiving this because you commented.Message ID: @.***>

[x13a]

This functionality has been removed. Now for this you have to open app settings in Android and clean it's data.

On Sat, Jul 2, 2022, 17:31 Florlorez87 @.***> wrote:

Thank you for the new updates! Especially the minutes and hours wipe when no activity function just made it perfect. and the broadcast code can be copied by longpress but I couldn’t seem to figure out how to generate a new code?

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1172908009, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T2PYMOFLMPVEIAVCQDVSBHE7ANCNFSM5MMPPNGQ . You are receiving this because you commented.Message ID: @.***>

[x13a]

Implemented in USBKill . Any discussion on USB trigger now there. Consider as alpha version.

[x13a]

It is downloadable from https://github.com/x13a/USBKill/releases

On Tue, Jul 5, 2022 at 12:51 AM Florlorez87 @.***> wrote:

Thank you again, I will just wait until it’s downloadable as app, cant seem to download it like wasted or duress.

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1174413634, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7TYBKSUJEGDWEUGJJ7LVSNMEVANCNFSM5MMPPNGQ . You are receiving this because you modified the open/close state.Message ID: @.***>

[x13a]

Reopening, maybe will merge it here. Have not make a decision yet.

[xyz-nobody]

Test under GrapheneOS

Thanks, it works perfectly unless you have Sentry.

As soon as I install Sentry on the smartphone, USBKIll does not work anymore. However the Broadcast is configured

maybe it comes from the default active usb policy (which I can't unselect in the app anyway since grapheneos has its own)?

but without Sentry everything works

[x13a]

Hmm, I am using it with Sentry..

On Tue, Jul 5, 2022, 19:37 XYZ Nobody @.***> wrote:

Test under GrapheneOS

Thanks, it works perfectly unless you have Sentry.

As soon as I install Sentry on the smartphone, USBKIll does not work anymore. However the Broadcast is configured

— Reply to this email directly, view it on GitHub https://github.com/x13a/Wasted/issues/6#issuecomment-1175260926, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMXH7T5JFV4Q543PIY5C4OTVSRQENANCNFSM5MMPPNGQ . You are receiving this because you modified the open/close state.Message ID: @.***>