Datagrams on hexproof

MetaMask Demonic Mobile: seed phrase survives autolock on Android

Sat, 16 May 2026 00:00:00 +0000

A MetaMask Android user enters their password, the wallet unlocks, they put the phone down. Thirty seconds later the autolock fires and the password screen returns. MetaMask’s UI indicates the keys are no longer reachable. The password the user just typed is in the process heap. So is the 12-word BIP39 mnemonic — in indexed form after every unlock, in contiguous plaintext from any session in which the user has viewed their seed phrase. MetaMask’s onboarding requires every new wallet to view and confirm it.

Cerberus is stalkerware. Google Play hosts it.

Thu, 30 Apr 2026 00:25:00 +0000

A notification appears on the victim’s locked phone with whatever text the abuser typed. The victim taps it. Fifteen seconds later, the front camera silently takes a photo, the phone records where it is, and any other actions the abuser set up run too. The victim sees none of it.

The lock-screen notification is one of many triggers. Cerberus runs whenever the phone does almost anything — turns on, turns off, gets unlocked, joins a different network, installs an app, crosses a place the abuser marked, picks up movement. Each run schedules the next one. Even if the abuser hasn’t logged in for weeks, Cerberus is still running all day — recording when it was set to, saving any photos or recordings to upload later, and picking up where it left off after a restart. The 44 remote commands the abuser can send from cerberusapp.com are on top of that.

Cerberus Anti-theft is stalkerware: a reverse engineering

Thu, 30 Apr 2026 00:24:00 +0000

There is an app on Google Play called Lock Screen Protector (com.lsdroid.lsp). It requests accessibility service permissions — the most sensitive permission on Android. Once granted, it reads all screen content, performs gestures, and takes screenshots. It monitors for the power dialog and dismisses it — the phone cannot be turned off. It blocks the notification shade — airplane mode cannot be enabled. When someone tries to power off the device, it captures a screenshot and sends the JPEG bytes to another app: Cerberus.

The Fossil Record of Harness Engineering

Wed, 08 Apr 2026 00:00:00 +0000

Every AI coding tool solves the same fundamental problem: fitting the right information into a fixed-size context window so an LLM can write correct code. Claude Code (v2.1.88, source maps), Aider (v0.86.3, Apache 2.0), Cursor (leaked prompts, v1.0-2.0), Windsurf (leaked prompts, Waves 1-11), and GitHub Copilot (vscode-copilot-chat v0.43.0, MIT) solve it five completely different ways.

Tobi Lutke named the discipline “context engineering” – “the art of providing all the context for the task to be plausibly solvable by the LLM.” Mitchell Hashimoto pushed further to “harness engineering” – “anytime you find an agent makes a mistake, you take the time to engineer a solution such that the agent never makes that mistake again.” Each architecture is a fossil record of the constraint its team built around. Claude Code: cost. Aider: model portability. Cursor: edit speed. Windsurf: autonomy. Copilot: model plurality. What follows is how each team engineered their harness, examined through source code, leaked prompts, and open-source repositories.