While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I ...

2025-01-15 02:48:09

While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I went a few levels deep.

First, I downloaded and installed Android SDK on my laptop.

Then, I used apksigner to check the signatures on accrescent[.]apk

Then I moved the .apk to my phone and installed.

I used Accrescent to install AppVerifier.

I used AppVerifier to verify the .apk for Zapstore (nprofile…tdq0)

Always remember, it is best to double check the certificate hash from a different source than where you are getting the .apk. For example, if you got the file from zapstore.dev you should crosscheck their Nostr account and make sure it is the same there. While it is always possible someone could compromise both, it is less likely.

The result:

Author Public Key

npub1vvfa8adk5k8ndfmfxwdh3xja7mx6zalgd6l0f9dlzgpdza6y67ysk70whc

Show more details

Published at

2025-01-15 02:48:09

Kind type

1 Short Text Note

Event JSON

{ "id": "593e9d5ecf86ee8186db042f5db3c504e964fed4a56641e3a9203323466568d6", "pubkey": "6313d3f5b6a58f36a769339b789a5df6cda177e86ebef495bf1202d17744d789", "created_at": 1736909289, "kind": 1, "tags": [ [ "p", "78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d", "", "mention" ], [ "r", "https://image.nostr.build/f60e1e9db145188e8a45f065282ccc247e06a4fd823558cfb55e9f436aa39428.jpg" ], [ "r", "zapstore.dev" ], [ "r", "https://image.nostr.build/0d994380d648681f745c9b72d953a6da1c0f6cc5bd7119fa5eb5cb13755c9ccc.jpg" ], [ "imeta", "url https://image.nostr.build/f60e1e9db145188e8a45f065282ccc247e06a4fd823558cfb55e9f436aa39428.jpg", "x 03f42888ece48fc859c89aa5ab6ac68fc901d65db46648321c9255dfdb3ac7a5", "size 24005", "m image/jpeg", "dim 1079x347", "blurhash Q25=62_3D%xuIU?b~qRjWBIURjt7t7WBWBRjWBof009F-;M{xu9F00t7of", "ox 03f42888ece48fc859c89aa5ab6ac68fc901d65db46648321c9255dfdb3ac7a5", "alt " ], [ "imeta", "url https://image.nostr.build/0d994380d648681f745c9b72d953a6da1c0f6cc5bd7119fa5eb5cb13755c9ccc.jpg", "x 29c9303ec0ae9be82f4748d18b1b8ae490fc928c36115aadad770a55af7b0c70", "size 50557", "m image/jpeg", "dim 1080x817", "blurhash #96ah]-pD}ETRkr.xbNc9WR%WVofoffQayWBj[of4,I.%5$cjYS+NF$%?J%MxaR%WCazaej]WVRi?1$*ImNga#nLs=NHEIM_R*ogoJj@f+j?oLt7EHNZxcw@odXBR%xF%4", "ox 29c9303ec0ae9be82f4748d18b1b8ae490fc928c36115aadad770a55af7b0c70", "alt " ] ], "content": "While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I went a few levels deep.\n\nFirst, I downloaded and installed Android SDK on my laptop.\n\nThen, I used apksigner to check the signatures on accrescent[.]apk\n\nhttps://image.nostr.build/f60e1e9db145188e8a45f065282ccc247e06a4fd823558cfb55e9f436aa39428.jpg\n\nThen I moved the .apk to my phone and installed.\n\nI used Accrescent to install AppVerifier.\n\nI used AppVerifier to verify the .apk for nostr:nprofile1qqs83nn04fezvsu89p8xg7axjwye2u67errat3dx2um725fs7qnrqlgzqtdq0\n\nAlways remember, it is best to double check the certificate hash from a different source than where you are getting the .apk. For example, if you got the file from zapstore.dev you should crosscheck their Nostr account and make sure it is the same there. While it is always possible someone could compromise both, it is less likely.\n\nThe result:\n\nhttps://image.nostr.build/0d994380d648681f745c9b72d953a6da1c0f6cc5bd7119fa5eb5cb13755c9ccc.jpg", "sig": "cc8f1ac5f492a7adec26a99f9ab69ef7ac7f6e6887e1a9c890e230116282acdf0e8a19f3720925461c688215c40ffbf71c70d1f5579f305aa8dd4a0d3dbb61fc" }

a_priori on Nostr: While I didn't build my own CPU from raw silicon, I did verify instead of trusting. I ...