device compromised?

Byku

invisible pro

If I were to guess that's probably what's causing high CPU/battery usage. I2P isn't really designed for phones.
Reinstall GOS, don't mess with the system apps, don't install any 3rd party apps for the time being and see how it goes (if you need VPN use the official Mullvad app for now but do not enable DAITA or it will drain your battery).

torpp

other8026 When I say the browser is slow, I mean the app is sluggish looks like low fps. The network speed, yeh could be anything but not the behaviour and redirects which even on worse connection like phone hotspot wasnt a problem. When first installing now I do not change random settings or turn off system apps
Let's just say this, if im actually hacked what is there to do besides reinstall and keep looking at the boot key? Let's say they are persistent but not a state actor or anything. How do you trust your network connection?

Byku I installed invisible pro because it has dns logs and some additional settings but I dont really use it anymore and it does indeed drain battery so when I looked at CPU i just did something normal like have the browser open with no vpn. Now I do not change settings or turn off system apps for no reason, all i do is turn off camera location and dark mode on on a first install. No point changing a VPNs settings if it isnt working fully (sealing off all traffic) so i dont

wuseman

torpp Let's just say this, if im actually hacked what is there to do besides reinstall and keep looking at the boot key? Let's say they are persistent but not a state actor or anything. How do you trust your network connection?

Only a state actor could make it persistent. Even Pegasus is cleaned up by a simple reboot of the computer. Hence why you're not hacked, but rather have some other issue. Invisible Pro is likely that issue.

torpp

wuseman I do not use it everyday anymore i only keep it to play around with. As i said im aware its a battery drainer.

Sigismund

Reading through this, I get an impression that you jumped to conclusions that you were hacked based on some arbitrary reasons, but what I see is a potential mix of hardware failures and some questionable software hygiene leading to issues.

I am more than sure that what you experience is not because your device was compromised on a level that wipe & reinstall would not fix it. And yes I do sometimes delve into the realms of phone malware, thou I'd not proclaim myself as an forensics expert in this particular domain.

torpp

Sigismund The only "hardware failures" i can observe is the phone uses much battery, and gets hot which might be a pixel 8 pro specific issue because of sensors. I installed third party apks on my first install but that has nothing to do with the current situation unless you are saying malware does persist through reinstalls and i should throw out the phone

wuseman

torpp
Maybe create a new thread now that we know you’re not hacked. Just an idea.

Sigismund

torpp unless you are saying malware does persist through reinstalls and i should throw out the phone

I said exactly the opposite.

torpp I installed third party apks on my first install but that has nothing to do with the current situation

There's more into the hygiene than just 3rd party apps. It is obvious by now you were not hacked and you made some questionable decisions leading to issues, which are difficult to fix just by replying to your posts. My advice, do a full wipe again, reinstall GOS from scratch and start over. Preferably without moving anything from previous installs.

torpp

Sigismund I've done a full wipe without installing anything

Fay_Wilmont Yes it has to do with remote debugging which is why im suspicious about it. After I disabling "background services" its not showing up but jdwp is and now i also see stetho_com.google.android.apps.messaging_devtools_remote/stetho_com.google.android.apps.messaging:rcs_devtools_remote
ssgqmig
magisk socket
and some others. JDWP i believe it has to do with remote (network) debugging not usb like i use, using jdwp in adb also freezes. JDWP and chrome devtools stood out because
they could give remote access using system apps and not anything I installed
I dont think they have anything to do with adb using usb
Now I wonder why these other devtools show up after chrome devtools is gone?

Fay_Wilmont

torpp hi i think my device is compromised (mostly from real life circumstances)

I'm sorry to hear that. If you feel this endangers yourself or those around you, please get rid of the device as soon as possible.

torpp i looked at the connections with usb on my pc and see "chrome_devtools_remote" and "jwdp-control"

I see those too, both on a device I've installed GrapheneOS on recently and haven't really used so far, and on my daily driver which is running Motorola's Hello UI.

The chrome_devtools_remote ... line (I don't know how to read the output of netstat -an so I don't know what it describes) shows up only after launching Vanadium (on the Pixel) and Chrome (on the Motorola). I would guess it has something to do with remote debugging, it's mentioned here in step 5:

https://developer.chrome.com/docs/devtools/remote-debugging?hl=en#adb

The JDWP in jdwp-control might stand for Java Debug Wire Protocol and have something to do with remote debugging as well. It is even mentioned in the output of adb --help.

Is there any reason why these two stood out to you and contributed to the thought that your device may be compromised?

wuseman

torpp
I don't understand what you're doing at this point. Maybe just use the phone now that you've reinstalled it and be more careful with which apps you install this time around?

n3t_admin

torpp magisk socket

Is your device rooted?

Oggyo

torpp I've done a full wipe without installing anything

I suggest that you follow the post-installation guide closely. See here - https://grapheneos.org/install/web#post-installation

Have you verified the boot hash after wiping? See here - https://grapheneos.org/install/web#verified-boot-key-hash
Have you passed the Auditor app attestation after wiping? See here - https://grapheneos.org/install/web#hardware-based-attestation

torpp

wuseman I try to understand where the phone is connecting to and what apps are running. I think "people" know what I am doing on the phone still after wiping it, not installing apps and even if apps were malware its familiar people not malware app owners.
n3t_admin No

wuseman

torpp
Just sell the phone and start over fresh. Or start making more sense so we can help you better.

torpp

Oggyo i know the boot key should not change and it has not
I used the auditor app with a qr code on a second phone.

NetRunner88

What Magisk is doing here ?

« Previous Page Next Page »