DeviceDocumentationChecklist » History » Version 10
Denis 'GNUtoo' Carikli, 08/01/2020 01:28 AM
Mention privacy risk with PIT
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. DeviceDocumentationChecklist |
|---|---|---|---|
| 2 | |||
| 3 | h2. Introduction |
||
| 4 | |||
| 5 | There is a lot of data and information on supported devices that is scattered around the Repicant wiki, git repositories and even Wikidata. So it's a good idea to have a checklist on what to add. |
||
| 6 | |||
| 7 | When we will have migrated to Mediawiki, we could automatically generate part of that list as we will be able to tag pages with Cathegories. |
||
| 8 | |||
| 9 | h2. Checklist |
||
| 10 | |||
| 11 | Not everyone has all the Replicant supported devices, and at some point you might want to add support for a new device that no one else will have. In that case it's best to at least fill up the following pages as having the devices make it way easier to fill in the information: |
||
| 12 | * [[RecoveryInstallationWithHeimdall]] |
||
| 13 | * [[BackupTheEFS]] |
||
| 14 | |||
| 15 | 10 | Denis 'GNUtoo' Carikli | In addition if you can send a patch for the "data repository":https://git.replicant.us/replicant/data/ to add the PIT if your device has a PIT. Additionally you can just push the commit if you have push access. |
| 16 | |||
| 17 | It would be a really good idea to try to look if there is some "unknown data at the end of the PIT":https://git.replicant.us/replicant/data/commit/?id=577bdec650ed20cbabedce90269c68003977f85a like for the GT-I9300 and the GT-I9305. We found this issue thanks to people that uploaded their PIT in that repository. The issue with unknown data is that it could contain privacy sensitive data. It could also be a legal issue if it contain code but it's way more likely to contain data. Some devices like the GT-I9100 or GT-N5100 don't have that issue. |
||
| 18 | |||
| 19 | For instance you can easily check the GT-N5100 with the following command: |
||
| 20 | <pre> |
||
| 21 | hexdump -C PIT/GT-N5100/stock/16G.pit | tail -n 4 |
||
| 22 | </pre> |
||
| 23 | |||
| 24 | And that gives: |
||
| 25 | <pre> |
||
| 26 | 00000950 a7 3d c9 d0 2c 16 cc 29 64 05 8f 48 00 00 00 00 |.=..,..)d..H....| |
||
| 27 | 00000960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| |
||
| 28 | * |
||
| 29 | 00002000 |
||
| 30 | </pre> |
||
| 31 | |||
| 32 | Here we see that the address of last where data is being displayed is 0x00000960, and that it only contains 00. The asterisk and the 00002000 address is a notation that express the fact that between 0x00000960 and 0x00002000, there are only 00. |
||
| 33 | |||
| 34 | If your device (also) has more classical partition tables like GPT or MBR, it is also a good idea to send a patch adding them to this repository as well. With the PIT, GPT and/or MBR anyone can write documentation on the partition table of the device. In the future that documentation could even be generated from that data. |
||
| 35 | 3 | Denis 'GNUtoo' Carikli | |
| 36 | 9 | Denis 'GNUtoo' Carikli | In addition it might be a good idea to boot that device under Replicant and publish the output of the mount command as root. This way we will know for sure which partitions are mounted, which is important for debugging boot issues and checking if there aren't obvious security issues that could happen if partitions that should not be mounted are mounted in the wrong location. We can also find out that information by looking at various fstab files in the Replicant source code but as it is scattered around, it is faster and more reliable to just run the mount command as root to find out how partitions are mounted. |
| 37 | 6 | Denis 'GNUtoo' Carikli | |
| 38 | 4 | Denis 'GNUtoo' Carikli | If your device has a modem and has a modem data partition, it is also a good idea to add the list of files and their permissions to the wiki like in the [[GT-I9300EFSContent]] page. This enables to restore the file permissions. Note that while publishing the file names and permissions look safe, the file content might contain privacy or security sensitive information like the IMEI. |
| 39 | |||
| 40 | 8 | Denis 'GNUtoo' Carikli | It might also be a good idea to contribute to [[ImagesIdentification]] page that explains how to identify various Replicant releases for specific devices. Earlier Replicant images don't have the Replicant stored anywhere. Because of that users might know they are running Replicant 6.0 but will not know if they run Replicant 6.0 0001, Replicant 6.0 0002 or Replicant 6.0 0003. However these older images export some information like the build date, so it's possible to correlate that information to the precise Replicant release. Helping filling the missing information for the Replicant 6.0 0003 release would help users understand if they are running the latest version or if they can/should upgrade. Older releases than that are less important. |
| 41 | |||
| 42 | 3 | Denis 'GNUtoo' Carikli | Additionally some projects |
| 43 | * "tacdb.osmocom.org":https://tacdb.osmocom.org : This project collects the TAC (the first 8 digits of the IMEI) with an "F-Droid application":https://f-droid.org/repository/browse/?fdfilter=osmocom&fdid=org.osmocom.tacdatabaseclient . The resulting data is under the "CC-BY-SA v3.0 unported license":http://creativecommons.org/licenses/by-sa/3.0/. |
||
| 44 | 7 | Denis 'GNUtoo' Carikli | * "terminal-profile.osmocom.org":https://terminal-profile.osmocom.org/ : This projects collect information on what the modem allows the SIM card to do. For instance it might allow the SIM card to redirect calls. We use its data as part of our freedom privacy and security evaluations of specific devices (like [[GalaxyS3I9300PrivacySecurityEvaluation]]). It is under the "CC-BY-SA v3.0 unported license":http://creativecommons.org/licenses/by-sa/3.0/ license. It requires special hardware (like simtrace or simtrace2) to trace the communication between the SIM card and the modem. |