-
Notifications
You must be signed in to change notification settings - Fork 0
Hardened Mode
Hardened Mode is the one-tap DEFCON lockdown profile. When engaged, it puts the Seeker into a posture suitable for spending several days inside a hostile cellular and Wi-Fi environment.
Tapping the master switch on the Threat tab triggers, in order:
- Pre-event attestation snapshot. Captures a JSON of the build fingerprint, every installed package's signing certificate hash, every device-admin and accessibility service in use, and the system + user CA store contents. Stored encrypted on the device.
- App-audit baseline freeze. Records the current set of trusted apps. Any new app installed while Hardened Mode is on triggers a high-severity alert.
- Six-port honeypot. Binds 8080, 8443, 8000, 9000, 1080, and 3128 on the loopback and LAN interfaces. Any inbound connection attempt is logged as a high-severity alert. Conference Wall-of- Sheep teams and Wi-Fi Pineapples reliably probe these ports.
- Accelerometer tamper-watcher. After five minutes of stillness, the watcher arms. Any subsequent burst above 1.5 m/s² fires a critical alert. Catches "evil maid" attacks where someone picks up an unattended phone in a hotel room.
- Clipboard scrubber. Watches every clipboard change for known prompt-injection scaffolds ("ignore previous instructions", chat- template markers, common jailbreak prefixes). Surfaces hits as a high-severity alert. Does not auto-clear the clipboard; the user gets a banner and a button.
A twelve-item user-action checklist appears in the same card. Items that Tetherand can't toggle without root are surfaced as amber-tinted prompts:
- VPN always-on with block-without-VPN
- NFC disabled
- Bluetooth disabled (allowlist excepted)
- SIM PIN required
- All saved Wi-Fi forgotten
- Force LTE-only (no 2G/3G)
- Biometrics disabled (PIN only)
- Android Lockdown Mode active
- and four more
Toggling Hardened Mode off captures a second attestation snapshot and shows the diff against the pre-event one — package additions and removals, signing-certificate changes, new device admins, new accessibility services, new CAs in the user trust store. This is the "did anything tamper with my phone over the weekend" check.
The runbook lives next to the master switch as a card with four buttons. Each runs a deterministic action:
| Button | What it does |
|---|---|
| Acknowledge | Logs the decision and continues. Use for low-confidence alerts you've decided to ignore. |
| Isolate | Opens the Android Airplane-mode settings shortcut. Stops using the phone for sensitive operations. |
| Evacuate | Confirms the pre-snapshot is preserved and reminds you to plug into your laptop to run ./backup.sh before continuing. |
| Burn | Two-tap confirmation. Opens the Privacy Settings shortcut at the Reset > Factory data reset path. Tetherand is not a device owner so it cannot wipe directly — this routes you to the system reset flow. |
Hardened Mode also exposes a Quick Settings tile labelled DEFCON Mode. Pull down the notification shade twice, edit the tile list, and drag the tile into your active row. Tapping it from the shade has the same effect as the master switch on the Threat tab.
Hardened Mode is aggressive enough that some legitimate apps will behave oddly:
- The honeypot binds ports that Android does not consider "in use", so other apps trying to bind the same ports will hit a bind-failure. Most apps recover gracefully.
- The tamper-watcher will fire if someone picks up your phone — which is exactly the point — but it means leaving the phone in your pocket and moving around will not trigger it (motion before arming).
- The clipboard scrubber prints a logcat warning every time the clipboard changes, which can be noisy if you copy-paste frequently during the conference.
You can leave Hardened Mode engaged through normal use; it does not disable the privacy chain or the tether. It only adds defenses on top.
Use
Features
Build
Project