Adaptive personal trust and security system for Windows and Android.
Tether is a high-security personal trust platform focused on adaptive authentication, phone-based trust validation, panic lockdown systems, and layered recovery mechanisms.
The system creates a secure trust relationship between a Windows machine and an Android device, where the phone acts as a continuously validated trust anchor.
⚠️ ALPHA DEVELOPMENT STATUSThis software is under active development. It should not be relied upon for production-critical security environments. See Security Notice for details.
- Secure device pairing
- Phone-based trust validation
- Recovery device support
- Proximity authentication
- Instant lockdown triggering
- Trust revocation
- Session invalidation
- Emergency isolation workflows
- Connection integrity monitoring
- Trusted device verification
- Secure channel validation
- Trust continuity checks
- Multi-layer recovery mechanisms
- Safe fallback procedures
- Recovery hardening logic
- Core Service (
Tether.CommunicationService) - Authentication Engine (
TetherCredentialProvider) - Overlay UI (
Tether.OverlayUI) - Desktop Configuration UI (
Tether.DesktopUI) - Trust State Manager
- Recovery Manager
- Secure Communication Layer
- Trust Companion App (
apps/android-companion/app) - Secure Pairing System
- Proximity Validation
- Panic Trigger Interface
- Event Bus
- Shared DTOs
- Shared Constants
- IPC Constants
- Logging
- C# (.NET 8)
- WPF / XAML
- C++
- Windows Credential Provider API
- Windows Security APIs
- DPAPI (
CryptProtectData) - Named Pipes (IPC)
- Kotlin
- Jetpack Compose
- Android SDK (API 33+)
- Bluetooth Low Energy (BLE)
- Android Keystore / StrongBox
- BLE (GATT)
- RSA + AES encrypted communication
- Named Pipes
- Global Event Handles
Install:
- Visual Studio 2022
- Desktop Development with C++
- .NET Desktop Development
- Windows SDK 10.0.22621.0 or later
- .NET 8 SDK
- Git
Install:
- Android Studio (latest)
- JDK 17+
- Android SDK API 33+
- Physical Android 12+ device for BLE testing
- CMake
- MSBuild
git clone https://github.com/your-org/Tether.git
cd Tethercd services/communication-service/Tether.CommunicationService
dotnet restore
dotnet build --configuration Release
dotnet publish \
--configuration Release \
--runtime win-x64 \
--self-contained trueOutput:
bin/Release/net8.0-windows10.0.22621.0/win-x64/
Open:
TetherCredentialProvider.vcxproj
in Visual Studio 2022
or build from the command line:
msbuild TetherCredentialProvider.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64Output:
x64/Release/TetherCredentialProvider.dll
The credential provider must be registered before Windows will load it.
cd apps/desktop-ui/Tether.DesktopUI
dotnet restore
dotnet build --configuration ReleaseOutput:
bin/Release/net8.0-windows/
cd Tether.OverlayUI
dotnet restore
dotnet build --configuration ReleaseOutput:
bin/Release/net8.0-windows/
cd apps/android-companion
./gradlew assembleReleaseOutput:
app/build/outputs/apk/release/app-release.apk
For development:
./gradlew assembleDebugcd shared/Tether.Shared
dotnet restore
dotnet build --configuration Releasecd services/event-bus/Tether.EventBus
dotnet restore
dotnet build --configuration ReleaseAll .NET projects reference these through ProjectReference, so build order is handled automatically.
sc.exe create "TetherCommService" `
binPath= "C:\Dev\Tether\services\communication-service\Tether.CommunicationService\bin\Release\net8.0-windows10.0.22621.0\win-x64\Tether.CommunicationService.exe" `
start= autoStart it:
sc.exe start "TetherCommService"Verify:
sc.exe query "TetherCommService"The service requires:
- SYSTEM privileges
- BLE access
- Registry access
- Named Pipe creation
regsvr32.exe C:\Dev\Tether\x64\Release\TetherCredentialProvider.dllor
regedit.exe /s TetherCredentialProvider\register.regRegistry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Authentication\Credential Providers\
{c8c8d282-f4f1-451d-96fc-a8b1f783117b}
To unregister:
regsvr32.exe /u C:\Dev\Tether\x64\Release\TetherCredentialProvider.dll
regedit.exe /s TetherCredentialProvider\unregister.regRegistry:
HKLM\SOFTWARE\Tether\CredentialProvider
| Value | Type | Description |
|---|---|---|
EncryptedPassword |
REG_BINARY |
DPAPI-encrypted Windows password |
PasswordHash |
REG_SZ |
SHA-256 hash of password + salt |
PasswordSalt |
REG_BINARY |
64-byte random salt |
TrustedPhonePublicKey |
REG_SZ |
Base64 X.509 public key |
Provisioned |
REG_DWORD |
1 if paired |
Automatically configured by:
Tether.DesktopUITether.CommunicationService
- Open the Android app.
- Display the QR code or public key.
- Open
Tether.DesktopUI. - Paste the public key into PHONE PAIRING PROFILE.
- Select PAIR PROVISIONED PHONE.
- Open
Tether.DesktopUI. - Navigate to CRYPTOGRAPHIC VAULT CONFIGURATION.
- Enter the Windows password.
- Select COMMIT CRYPTOGRAPHIC LSA VAULT.
The password is encrypted using machine DPAPI before being stored in the registry.
- Start
Tether.CommunicationService. - Launch
Tether.DesktopUI. - Lock Windows (
Win + L). - Open the Android companion.
- Ensure Bluetooth is enabled.
- Tap Unlock.
If provisioning is correct, Windows should unlock automatically.
Windows Service:
C:\ProgramData\Tether\Logs\
Credential Provider:
- DebugView
- Event Viewer
- OutputDebugString
Android:
Logcat
Tag: TetherBle
regedit.exeNavigate to:
HKLM\SOFTWARE\Tether\CredentialProvider
cd tests/PipeTest
dotnet run -- "PHONE_UNLOCKED"dotnet build Tether.slnx --configuration Releasemsbuild TetherCredentialProvider\TetherCredentialProvider.vcxproj `
/p:Configuration=Release `
/p:Platform=x64cd apps/android-companion
./gradlew assembleReleaseThe credential provider executes inside:
LogonUI.exe
Recommended workflow:
- Attach Visual Studio to
LogonUI.exe. - Run Visual Studio as SYSTEM (or equivalent elevated context).
- Set breakpoints in
TetherCredential.cpp. - Lock the workstation.
Alternatively:
- Use
OutputDebugString() - Capture output using DebugView
Tether is under active development and should not be considered production-ready.
Before deployment, review the project's security assessment and threat model.
- Fork the repository.
- Create a feature branch.
- Follow the project's
.editorconfig. - Run tests.
- Submit a pull request.
Tirth Saraiya