Creating a "black phone" : hacking | Torhoo darknet markets

Hm, interesting. Yeah it's possible they are separate, but tbh I think the antennae are often going to be assisting each other to pick up and transmit signals, especially on more advanced and recently produced phones.

Anyway, the problem is that you have not removed the mobile data/telephony antennae or modem. The modem often has proprietary firmware that allowsw direct access to various other things on the phone, as in, root access to your keyboard for keylogging, all sorts of things can be remotely monitored and controlled via the cellular network infrastructure and the antennae/modem.

You'd have to remove that, too.

But then, you have a phone with no wifi, no cellular connectivity, no microphone, and no GPS. Then...what exactly are you going to use it for? are you going to just, connect via usb to a router or other device like a desktop, laptop, netbook etc, for connectivity? at that point, wtf is the point of not just using that other device...?

Just defeats the purpose lol. You can't create an "anonymous phone" that can be remotely backdoored and hacked and which all data transmitted is mass collected for surveillance purposes anyway. The cell networks are a nightmare and cannot really be connected to without endangering the device that connects to them.

You would have a way better bet, removing the cellular modem, cellular antennae, removing GPS antennae if it's separate from the wifi antennae, snipping the mic and cameras too, and then using it as a wifi phone with replicant or grapheneOS, and making sure to use randomized MAC address. That makes more sense to me.

For connectivity, wifi hotspots could be used but that offers a lot of opportunity for surveillance by the hotspot operators... you could also look into open source GSM mobile hotspot devices, and just connect the phone to that. There are a couple manufacturers that make mostly open source/free hardware/firmware/software mobile hotspots; get a GSM SIM card in that bitch, which you bought with cash from some provider that hopefully doesn't log too much, and then connect the phone either by cable, or by wifi less ideally. If you connect via a cable, you could totally remove the wifi antennae from the phone too, and just use the mobile hotspot device.

You could try to use something like pinephone running qubes+whonix, and route the usb connection to the mobile hotspot through a virtual machine qube.

Regardless of which way you go specifically...This ensures the mobile phone modem is at least somewhat separated from the rest of the device. However, there are still various proprietary firmwares involved, and thus potential backdoors etc. Phone connectivity and functionality might be tempramental and touch-and-go, too.

When you are burning your sim cards for the mobile hotspot device, you are going to want to totally wipe that device and change the IMEI for it. This way, you can't be tracked between sim cards. I'm not sure how you would do that...you'd want to look into the firmware for the device's options etc. You'll also want to try and switch different networks when you switch out the sim cards. This could all be pretty difficult. You won't want to buy them with a card or bank account, so your options are limited to what you can get with cash in your area. That alone might narrow down your metadata profile fingerprint enough to start the process of tracking you down. You'll want to avoid being able to be identified when buying these sim cards on surveillance cameras, by the cashier, etc.

I would also setup vpn/tor/i2p to completely route all traffice on the phone via those, so you aren't leaking any data to the network providers.

Tbh...it might just be less fucked up to use a damn laptop with qubes+whonix, and just log in only when you are somewhere you are comfortable connecting on the network and aren't going to be surveilled on camera etc when you're working. the phone shit is really easy to fuck up and get yourself compromised.

You could still use a totally neutered replicant/pinephone/grapheneOS FDE phone with no connectivity or antennae etc, to keep some data on. it could connect to a portable thermal label printer via usb, and you just use it print the labels for your customers while you're on the go. Just don't keep a lot of customer info on that thing, wipe the disk on a regular basis like every month or so? Then, you can easily ship shit out for the day without having to do that all at the location you have the qubes+whonix/TAILS device for managing your vendor accounts. This could be useful for separating your products from the main device you use to communicate with customers and take orders, etc. That way, if the place with the vendor account device gets raided, itll be fully encrypted and off unless you're literally in the middle of using it. Of course, if the place with your product/label printer gets raided, you're fucked anyway because they found your main stash etc.

I feel that, if you just check your vendor accounts once per workday, you're going to be just fine on that front. It's probably best to just keep that off and encrypted and somewhere low key and secure whenever not in use, and always keep it separated from your product and the label printer. That way, there's really no way to prove what you were using that device for, or that it is connected to dn activity at all in fact.

You may want to look into getting a safe for your product stash that has a means of destroying the product (incineration, or perhaps soaking the product and flushing it down the toilet) without having to open the safe. many safes are fireproof, so you could rig one of them to incinerate the contents with thermite or other means, if you want to DIY things. The crucial thing, is that it is possible to destroy the contents from the outside with some kind of button/signal. You might want to use a device that is triggered by a radio signal or something like that, so that you don't have to run a cable in and out and compromise the integrity of the safe.

Hilariously, LE will spend a lot of time trying to open the safe, only to be frustrated with no evidence afterwards. Then, they just have an empty safe, a label printer, an encrypted device with a small amount of customer info unable to be decrypted, and an encrypted device as "evidence"; they will probably wait for you to fuck up and give them actual evidence, or rely on someone's testimony (not an airtight legal case in most countries) or they will just drop the case. if you backed up your GPG keys and kept them on a TAILS stick hidden away somewhere hat wasn't raided, and have the ability to re-up your stash, you could even start up your operations again immediately without more than a few days or a week of interruptions. Of course, you might want to lay low instead.

This is how I would do it, anyway. Of course, I'd never be involved with something so illegal!