how do i intrepet the output of the remote verification of the auditor app

Bakedpotato

horde The people stalking me tell me in various ways by reacting to what I do on the phone and dropping hints about what they see by insinuating things. Theyre not discrete at all.

I confirmed it by using the auditor thing. Under verified boot hash it doesnt match the boot hash provided by Graphene os.

horde

Bakedpotato can you send a screenshot of what Auditor is showing? use https://postimages.org/ and send link here

userofgos

Bakedpotato the Pinned verified boot key hash second from the bottom matches the hash on GrapheneOS' website here: https://grapheneos.org/install/web#verified-boot-key-hash

Bakedpotato Under verified boot hash it doesnt match the boot hash provided by Graphene os.

You were looking at the wrong verified boot key hash in the OP

Bakedpotato the key information on the page is ethier "pinned verified boot hash"

This is the correct hash to look at within Auditor.

However, you can also see the hash during the yellow boot screen upon first boot of the device after first installation of GrapheneOS and anytime thereafter if you press the lock button to pause boot.

areaman

To be honest, unless you are in a position where a nation-state is after you, this all sounds very implausable. It is unlikely that your phone and laptop are hacked in the way you describe. Targeted survelence hacking is very uncommon, requires significant tresources, and doesn't fit with them "droping hints". What makes you believe that you are being stalked in this way?

Bakedpotato

areaman not really nation state. Its script kiddys with way too much time on their hands and someone on darknet irc chatrooms to spoon feed them exploits. It baffles me how insecure various software is.

I mostly know theyve been watching me because they drop hints around my door or my balcony. They also spread bizzare stories about me because apparently they misinterpret things because theyre on drugs or theyre lying about what they see.

Johnnyloans

Bakedpotato

Could be as simple as they are logged into your gmail, home camera account, whatsapp, Facebook etc. Yo spy on you.

Or are you Hallucinating from a gas leak or health condition?

areaman

Let's be scientists. Rather than starting with a conclusion about hacking, start with observations. First work out what are objective observations of events. Next figure out all possible explinations for the observations. Then look at how to narrow down what is really happening. Script kiddies don't hack into modern cell phones, they were more of a thing in the 80s and 90s before anything had any real security. Now an exploit will get you $100k + on the dark web because they are so rare.

Bakedpotato

Johnnyloans I'm pretty sure they watch my screen and listen to my phone calls. It's hard to know how they do it because I dont have the knowledge.

Though on my computer they left signs like wiping my logs in /var/log and leaving scripts in my /bin folder like one named pastebin, i looked at it and it was some kind of python script that looked like it put stuff on a paste site. One time my hosts file was pointing to a random ip, which was really weird.

Xorg bounces to the top of htop frequently, I find it doesnt do that as much when I manage to wipe the system clean. But they seem to be infecting my usbs because dd will show the progress then freeze after a certain point and my live usbs act like they have malware by showing errors all the time. To counter the live usb thing I bought myself a dvd r drive and bought myself a dvd for my os because that's read only so they cant infect that so I'll always have a copy to use that's clean. Just when I ordered it, I ordered it from a place thats taking a long time to send it to me.

Bakedpotato

horde What exacly are you looking for on it? I had to use a library computer to use auditor because I dont trust my laptop. I printed off the results, I can take a photo of that but I'm not sure what you want to see. It's 6 pages long.

Bakedpotato

IMAGE LINK REMOVED

Here's a image of the second page with the hash which I thought was important. I think it was six pages because I did it twice thinking the app wasnt working.

horde

Bakedpotato as @userofgos said, your device is running genuine GrapheneOS.

See "Pinned verified boot key hash" in the picture you uploaded, it matches the one in https://grapheneos.org/install/web#verified-boot-key-hash

0508de44ee00bfb49ece32c418af1896391abde0f05b64f41bc9a2dfb589445b

which is for 9a.

I think why your "friends" are trolling you is because of simple opsec mistakes you probably done like here where your email is visible in "Alert mail". Please be careful and learn about opsec.

Bakedpotato

The verified boot hash is different from the hash on Graphene os's website. So I thought this confirmed the phone was infected with something. Is this the case? I've looked all over the auditor website and graphene os website and it doesnt say anything how to intrepet this output. Everything seems assumed.

userofgos

Bakedpotato did you not read my reply thoroughly?

Bakedpotato The verified boot hash is different from the hash on Graphene os's website.

No you are wrong. You are looking at the incorrect verified boot key hash

Bakedpotato So I thought this confirmed the phone was infected with something. Is this the case?

No, your device IS NOT infected. Your device is running the authentic GrapheneOS image for the Pixel 9a

Bakedpotato

I usually hide my email address from being seen publically though I made a mistake there. I tried to edit the post to remove the picture but there doesnt seem to be a way to edit posts on this forum. Can someone remove the picture from this post that can?

userofgos

Bakedpotato Can someone remove the picture from this post that can?

@MetropleX @other8026

MetropleX

Link removed.

Bakedpotato

Even though the auditor says the os is fine, someone still is able to hear all my phone calls and is also compermizing any computer that connects to the hotspot. Is there any other ways people can spy on phone conversations other than infecting the phone with spyware?

horde

Bakedpotato unless they have a device hidden in your house. But now this is considered offtopic

fernweh

If I understand this correctly, the Auditor is used to verify if the device has been tampered with since the initial audit. I don't think the raw data it provides is very useful to you.
It is very unlikely someone gained access to your phone via an exploit. Commercial tools fail to do so on latest Google Pixel and iPhone models, especially with GrapheneOS / lockdown mode for iOS.
To gain access to your device, an attacker needs physical access to your phone in unlocked state so they can install a malicious app with all permissions granted to exfiltrate data. Or they try to get you to install this app via social engineering. If this app existed on your phone, it would be listed as non-system app in the 'All Apps' settings menu. This list contains apps you (or the attacker) installed, default GrapheneOS apps and other pre installed software (SIM Toolkit, Wireless emergency alerts, Launcher, Keyboard, ...). In any case, disabling wifi and enabling airplane mode will prevent any app on your device from connecting to the internet. I also suggest using Signal (or WhatsApp if necessary) to call and message because of end to end encryption.
The issues you describe having on your computer do not indicate that your device is infected. In my hosts file are some comments with ip addresses, spikes in cpu usage are not unusual, my /bin folder contains some python scripts and live usbs can be difficult to use. All of this is normal.
If you are worried you can go overkill and switch to QubesOS.

I am really sorry you are going through this. The constant anxiety can be very harmful to your mental health. I think talking to a therapist can help you handle and resolve this phase in your life.

void0

They likely hacked the mic on your PC if you have definitive proof that they are in fact listening to your phone calls. Reinstall your operating system, login to your router and close any open ports, for good measure leave the router unplugged for 12 hours to rotate your IP address, consider removing any other smart devices in your home.

I don't believe your phone is hacked but perhaps one of the apps on your phone is running in the background with perms granted listening to everything, you can also just wipe the phone for good measure.

They likely have access to your accounts so after you are on a fresh machine change the passwords to everything and move on with your life. As a word of advice into the future, don't run scripts with root perms without reading them first lmao.