• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[ROM][OFFICIAL] RattlesnakeOS [Android 9.0]

Search This thread

dantheman78

Senior Member
Jul 31, 2011
81
198
Intro
This is a bit different than most postings here, as I'm not providing any binaries to install on your phone and instead providing a simple tool, rattlesnakeos-stack, to build your own OS based on AOSP on a regular basis, with your own signing keys, and your own OTA updates. This probably will be interesting to a small subset of users as it does cost money to run this infrastructure in AWS.

What is RattlesnakeOS
RattlesnakeOS is privacy focused Android OS based on AOSP for Google Pixel phones. It is my migration strategy away from CopperheadOS (hence the name similarity) which is no longer maintained.

Features:
  • Based on latest AOSP 9.0 (Android P)
  • Support for Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL
  • Monthly software and firmware security fixes delivered through built in OTA updater
  • Maintain verified boot with a locked bootloader just like official Android but with your own personal signing keys
  • Latest Chromium browser and webview
  • Latest F-Droid client and privileged extension
  • Free of Google’s apps and services

What is rattlesnakeos-stack
Rather than providing random binaries of RattlesnakeOS to install on your phone, I've gone the route of creating a cross platform tool, rattlesnakeos-stack, that provisions all of the AWS infrastructure needed to continuously build your own personal RattlesnakeOS, with your own signing keys, and your own OTA updates. It uses AWS Lambda to provision EC2 spot instances that build RattlesnakeOS and upload artifacts to S3. Resulting OS builds are configured to receive over the air updates from this environment. It only costs a few dollars a month to run (see FAQ for detailed cost breakdown).

overview.png


How do I set this up?
Head over to the github repo and take a look at the README for full setup, build, and flashing instructions.
 
Last edited:

stebomurkn420

Senior Member
Feb 27, 2012
1,555
1,775
31
Pitsburg
Yeah, feel free to put this wherever. The entire point of this is to not trust random uploaded binaries and automate the process of creating your own builds, with your own keys, with OTA updates.

I appreciate the concept, just not the right place for it I feel. Hopefully mods can move the thread before further confusion is created and someone tries to flash your build scripts. Lmao.
 

dantheman78

Senior Member
Jul 31, 2011
81
198
I wonder why this great project of yours isn't getting more love. For me personally it's because of AWS.

Thanks for the kind words. No worries, I'm definitely not expecting this project to be for everyone, but just wanted to share it in case anyone else was interested. I decided to go the cloud provider route as I don't have a beefy enough machine to do builds myself, and this option provides a cheap way to do automated builds by spinning up and down servers as needed. Also, it allows for hosting OTA updates which is nice.
 

dantheman78

Senior Member
Jul 31, 2011
81
198
@dantheman78 do you plan to include any of the hardening found in ROMs like CopperheadOS?

@guttsy - probably not unfortunately. Not because I wouldn't like to implement it and have this functionality, but because I know that it's not reasonable for me to maintain especially across releases of new version of Android. Fortunately, there were a lot of great privacy/security features added with the Android P release that overlapped with some of the features of CopperheadOS (e.g. not allowing sensor/camera/mic access in background, mac randomization, etc.)
 
  • Like
Reactions: guttsy

dantheman78

Senior Member
Jul 31, 2011
81
198
@dantheman78 I'd be amazing if you included the option to build with MicroG and signature spoofing support.

It wouldn't be difficult to do this, although it looks like there isn't an official patch for Android P yet (https://github.com/microg/android_packages_apps_GmsCore/tree/master/patches). While I think MicroG is a neat project, I'm personally not sold on it from a privacy/security perspective. I'd much rather minimize data being sent to Google altogether and avoid unnecessary attack surface by adding software with elevated permissions like this. That said, I'd still be open to a contribution to the project to add it as optional (off by default) flag.
 
  • Like
Reactions: koivth and the.D

guttsy

Member
Feb 10, 2012
17
5
@guttsy - probably not unfortunately. Not because I wouldn't like to implement it and have this functionality, but because I know that it's not reasonable for me to maintain especially across releases of new version of Android. Fortunately, there were a lot of great privacy/security features added with the Android P release that overlapped with some of the features of CopperheadOS (e.g. not allowing sensor/camera/mic access in background, mac randomization, etc.)
Good points. Do you have any experience with Wireguard VPN? There appears to be a 9.0 branch for the Pixel 2 XL kernel module and I'm wondering whether it's stable and performant enough (in terms of CPU time / battery drain) compared to OpenVPN to make it worth investigating how to build it for RattlesnakeOS.
 
  • Like
Reactions: Meowdib

dantheman78

Senior Member
Jul 31, 2011
81
198
Good points. Do you have any experience with Wireguard VPN? There appears to be a 9.0 branch for the Pixel 2 XL kernel module and I'm wondering whether it's stable and performant enough (in terms of CPU time / battery drain) compared to OpenVPN to make it worth investigating how to build it for RattlesnakeOS.

I have used the wireguard userland implementation and I'm a fan of it. I had someone attempt to contribute optional support for the wireguard kernel module on github, but the author of wireguard chimed in and said that the kernel module currently required root still (https://github.com/dan-v/rattlesnakeos-stack/pull/6#issuecomment-400511271). This was a while ago though and I'm not sure if this is still accurate or not. Anyways I'd definitely consider adding optional kernel support for wireguard if it doesn't require root.
 
  • Like
Reactions: w1ll1m and Meowdib

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Intro
    This is a bit different than most postings here, as I'm not providing any binaries to install on your phone and instead providing a simple tool, rattlesnakeos-stack, to build your own OS based on AOSP on a regular basis, with your own signing keys, and your own OTA updates. This probably will be interesting to a small subset of users as it does cost money to run this infrastructure in AWS.

    What is RattlesnakeOS
    RattlesnakeOS is privacy focused Android OS based on AOSP for Google Pixel phones. It is my migration strategy away from CopperheadOS (hence the name similarity) which is no longer maintained.

    Features:
    • Based on latest AOSP 9.0 (Android P)
    • Support for Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL
    • Monthly software and firmware security fixes delivered through built in OTA updater
    • Maintain verified boot with a locked bootloader just like official Android but with your own personal signing keys
    • Latest Chromium browser and webview
    • Latest F-Droid client and privileged extension
    • Free of Google’s apps and services

    What is rattlesnakeos-stack
    Rather than providing random binaries of RattlesnakeOS to install on your phone, I've gone the route of creating a cross platform tool, rattlesnakeos-stack, that provisions all of the AWS infrastructure needed to continuously build your own personal RattlesnakeOS, with your own signing keys, and your own OTA updates. It uses AWS Lambda to provision EC2 spot instances that build RattlesnakeOS and upload artifacts to S3. Resulting OS builds are configured to receive over the air updates from this environment. It only costs a few dollars a month to run (see FAQ for detailed cost breakdown).

    overview.png


    How do I set this up?
    Head over to the github repo and take a look at the README for full setup, build, and flashing instructions.
    6
    I'm confused, why not just compile for us and post the builds? This seems more like something that should go in the guides section of the pixel XL forum?
    4
    I think this is misleading.
    2
    Good points. Do you have any experience with Wireguard VPN? There appears to be a 9.0 branch for the Pixel 2 XL kernel module and I'm wondering whether it's stable and performant enough (in terms of CPU time / battery drain) compared to OpenVPN to make it worth investigating how to build it for RattlesnakeOS.

    I have used the wireguard userland implementation and I'm a fan of it. I had someone attempt to contribute optional support for the wireguard kernel module on github, but the author of wireguard chimed in and said that the kernel module currently required root still (https://github.com/dan-v/rattlesnakeos-stack/pull/6#issuecomment-400511271). This was a while ago though and I'm not sure if this is still accurate or not. Anyways I'd definitely consider adding optional kernel support for wireguard if it doesn't require root.
    2
    @dantheman78 I'd be amazing if you included the option to build with MicroG and signature spoofing support.

    It wouldn't be difficult to do this, although it looks like there isn't an official patch for Android P yet (https://github.com/microg/android_packages_apps_GmsCore/tree/master/patches). While I think MicroG is a neat project, I'm personally not sold on it from a privacy/security perspective. I'd much rather minimize data being sent to Google altogether and avoid unnecessary attack surface by adding software with elevated permissions like this. That said, I'd still be open to a contribution to the project to add it as optional (off by default) flag.