Skip to content

Releases: pq-cybarg/tetherand

Tetherand v0.1

29 May 20:16
@pq-cybarg pq-cybarg
v0.1
2391679

Choose a tag to compare

View all tags
Tetherand v0.1 Latest
Latest

Tetherand v0.1

Tetherand is a reverse-tethering, privacy-chain, and threat-detection app
for the Solana Seeker, designed for use at security conferences where the
local cellular and Wi-Fi environment can't be trusted.

It does four things:

  1. Reverse-tether to a laptop so the phone uses the laptop's internet
    instead of its own cellular modem — over USB-ADB, USB-AOA,
    Bluetooth-RFCOMM, or LAN-TCP.
  2. Route traffic through a privacy chain you compose yourself —
    WireGuard, Mullvad (with post-quantum tunnels and DAITA traffic
    shaping), NymVPN's Sphinx mixnet, and Tor with its full bridge stack
    (obfs4, meek, webtunnel, conjure) including the post-quantum NTor
    handshake when upstream Arti exposes it.
  3. Detect cellular and Wi-Fi threats on-device — IMSI catchers, evil
    twin access points, BLE trackers, app permission drift — and surface
    them in a Threat tab with a one-tap panic button.
  4. Lock the device down for the conference via a single toggle that
    captures a pre-event attestation snapshot, freezes the trusted-app
    baseline, runs a honeypot, arms an accelerometer tamper-watcher, and
    exposes a four-button incident-response runbook (Acknowledge,
    Isolate, Evacuate, Burn).

There is also a contributory AI Guard layer for AI-era threats
(deepfake calls, prompt-injection text, synthetic-media provenance,
OSINT exposure), which runs entirely on-device with no cloud LLM calls
under any circumstances.

What's in this release

  • tetherand.apk — full bundle, 8 of 9 native libraries embedded.
  • 64 combination zips at dist/bundles/ — every subset of the 6 native-
    library groups (wg, tor, nym, pt, pts, sdr) packaged
    individually so you can pick the minimum bundle that does what you
    need. The empty bundle is included as a verification-of-absence
    artefact.
  • bin/SHASUMS.txt and dist/bundles/COMBOSUMS.txt — master hash
    indices.

How to verify a download

Every artefact ships with two sidecar hashes computed by independent
cryptographic constructions:

shasum -a 256 <file>            # must match the .sha256 sidecar
openssl dgst -sha3-256 <file>   # must match the .sha3-256 sidecar

Both must match. Using two unrelated hash families means that even if
an attacker found a collision attack against one of them, they would
need an independent collision against the other to forge a replacement
artefact — a problem with no known general solution.

What's not in this release

  • The Snowflake pluggable transport binary is not bundled — its upstream
    dependency graph currently breaks under Go 1.26 and is awaiting a fix.
  • The LTE control-channel decoder for the SDR path ships its loader
    but not the live decode logic.
  • The four-model on-device AI bundle (~2.4 GB) is delivered separately
    through the in-app delta-update path, not in this APK.
  • A small set of Hardened Mode extras are tracked for a follow-up
    release: the front-camera selfie-on-failed-unlock, ultrasonic-beacon
    microphone listener, decoy profile, dead-man's switch, and Seed Vault
    freeze.

Source

Twelve milestones built in order, each with its own design document
under docs/superpowers/specs/ and per-milestone implementation plan
under docs/superpowers/plans/. Read them in order if you want to
follow the architecture top-down.

Assets 199