WARNING: Do NOT use TaiChi any way!!!!!!

86 posts
Thanks Meter: 191
 
Post Reply Email Thread
4th December 2019, 09:42 AM |#11  
Senior Member
Flag Krasnoyarsk
Thanks Meter: 213
 
More
Basically the very good warning/justification is in the second post of the original TaiChi thread by @M66B.

together with the post 45, it can be assumed:
it is a system level application
it does have closed, obfuscated code
it did not passed any external audit*
it does contain some controversial sentences in T&Cs

* - perhaps as the result of being written by a single person (in theory - we cannot know if there is someone behind)

Now it is each user individual choice: use it or not. If you do trust the developer, "do not have anything to hide" - feel free to use it.

Personally, if I'd be interested then yes: I would use it. After setting it up on a dummy old phone for a month and checking traffic very carefully. single encrypted packet would eliminate it from use.

But again, it is a personal choice of each individual user to give access to all and any private information stored and obtained by the phone (voice, video recording capabilities are obvious) to the developer who does not trust the users enough to deobfuscate/open the code.

It is just a mutual trust: you trust them as much as they trust you, isn't it?
The Following User Says Thank You to spamtrash For This Useful Post: [ View ] Gift spamtrash Ad-Free
4th December 2019, 07:37 PM |#12  
Senliast's Avatar
Member
Thanks Meter: 25
 
More
Yeah, Xposed is close-source, and where is it now? Google wrote a permanent detection system for that, SafetyNet, and you cannot install Xposed and pass SafetyNet, half of apps will not work, except EdXposed, it could pass SafetyNet, but even that got recently detected by Google and now you must do various tricks / hacks with black list to pass SN with it. May be, TaiChi is close-source because the developer of it wants to protect that against Google?

P.S. About this spying / tracking / data stealing - some parts of Android are also close-source, and are maintained by Google. Actually, 60% of whole software is close-source. On your PC, the whole software is close-source. Windows is close source. So, you trust your data to such companies like Google, M$, but to a no-name guy that writes mods for Android - no? I just don't get your opinion 😅
The Following 7 Users Say Thank You to Senliast For This Useful Post: [ View ] Gift Senliast Ad-Free
5th December 2019, 12:19 AM |#13  
Quote:
Originally Posted by spamtrash


Basically the very good warning/justification is in the second post of the original TaiChi thread by @M66B.

together with the post 45, it can be assumed:
it is a system level application
it does have closed, obfuscated code
it did not passed any external audit*
it does contain some controversial sentences in T&Cs

* - perhaps as the result of being written by a single person (in theory - we cannot know if there is someone behind)

Now it is each user individual choice: use it or not. If you do trust the developer, "do not have anything to hide" - feel free to use it.

Personally, if I'd be interested then yes: I would use it. After setting it up on a dummy old phone for a month and checking traffic very carefully. single encrypted packet would eliminate it from use.

But again, it is a personal choice of each individual user to give access to all and any private information stored and obtained by the phone (voice, video recording capabilities are obvious) to the developer who does not trust the users enough to deobfuscate/open the code.

It is just a mutual trust: you trust them as much as they trust you, isn't it?

Yes, you are right.

Using these Xposed framework is the choice of users.

Just to remind, there are many similar virtual Xposed.

I personally prefer and recommend using open-source or unrestricted Xposed frameworks.
5th December 2019, 12:36 AM |#14  
Quote:
Originally Posted by Senliast

May be, TaiChi is close-source because the developer of it wants to protect that against Google?

To be sure, no.

The author's reason is (Translated from Chinese):

Quote:

Do you really think open source is a good thing? For individuals, open source may mean security, but many families have been destroyed by others doing all kinds of things (Translate notes: Pornography, gambling, drugs are mentioned in the context) with your open source code. You just need to say, I open source, it's none of my business.

But this is a totally wrong theory.

No, just a little bit. He's right. "I open source, It's none of my business."

It's true that open source software is easy to be used by bad people.

But what should be punished is only those who use it to do bad things, right?

For example, I sold you a knife. The name of the knife is open source software. Should I be punished if you kill people with this knife?

If, according to him, the one who finds that IOS system can't fix bugs (checkm8) and makes open-source jailbreak software should be jailed
According to him, anyone who discovers a CVE vulnerability and makes an open source POC should be jailed.
According to him, anyone who ... and makes an open source software should be jailed.

You may ask, why?

Answer: your open-sources software may be used by bad people, causing many families to be destroyed.

Quote:
Originally Posted by Senliast

P.S. About this spying / tracking / data stealing - some parts of Android are also close-source, and are maintained by Google. Actually, 60% of whole software is close-source. On your PC, the whole software is close-source. Windows is close source. So, you trust your data to such companies like Google, M$, but to a no-name guy that writes mods for Android - no? I just don't get your opinion

It's about software framework, not software or module or system.
The Following User Says Thank You to mlgmxyysd For This Useful Post: [ View ] Gift mlgmxyysd Ad-Free
5th December 2019, 04:32 AM |#15  
Quote:
Originally Posted by Senliast

Yeah, Xposed is close-source

Note that Xposed is not commercial production.

But TaiChi is.

Quote:

Shenzhen Dimen Space Network Technology Co., Ltd
http://taichi.dimenspace.com/
Website record(in China) No.44030502003828

Commercialization means that the main purpose is to make money, so it will bring more risks.
The Following 5 Users Say Thank You to mlgmxyysd For This Useful Post: [ View ] Gift mlgmxyysd Ad-Free
13th December 2019, 08:13 AM |#16  
Forum Moderator
Flag Chennai
Thanks Meter: 3,864
 
More
MOD EDIT:

Thread cleaned.

Guys, There is no need for harsh language. Please keep the exchange civil and respect each other.

Thanks for your cooperation.
The Following 2 Users Say Thank You to TNSMANI For This Useful Post: [ View ] Gift TNSMANI Ad-Free
18th December 2019, 07:37 PM |#17  
Senior Member
Thanks Meter: 71
 
More
So what's the conclusion? Is someone going to do intensive research on the behavior of this framework and hunt for exploitation of vulnerabilities?
19th December 2019, 04:07 AM |#18  
Quote:
Originally Posted by d3vyarth

So what's the conclusion? Is someone going to do intensive research on the behavior of this framework and hunt for exploitation of vulnerabilities?

Probably not because there's too much obfuscation, and...closed-source
19th December 2019, 06:35 AM |#19  
Senior Member
Thanks Meter: 71
 
More
Please read it.
Attached Files
File Type: pdf privacycon2019_serge_egelman.pdf - [Click for QR Code] (277.1 KB, 180 views)
24th December 2019, 01:17 PM |#20  
nri_tech1183's Avatar
Senior Member
Thanks Meter: 41
 
More
What guarantee you give for edxposed as well? It isnt officially from xposed team right?
And edxposed already posing issues with Safetynet and Taichi works simply great.


And as far as data leaks etc, once you step into the world of android you are already in the risk zone. By this time all your data is already sold across the globe. Its too late to bother now. So just be at peace.
24th December 2019, 10:31 PM |#21  
Senior Member
Thanks Meter: 30
 
More
Quote:
Originally Posted by nri_tech1183

What guarantee you give for edxposed as well? It isnt officially from xposed team right?
And edxposed already posing issues with Safetynet and Taichi works simply great.

EdXposed is a Riru module and it is open-source.
EXposed aka TaiChi is closed-source.
Post Reply Subscribe to Thread

Tags
xposed

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes