PH4NTXM
Operational Security Research & Adversarial System Modeling

PH4NTXM Operating System

Operational Security Research & Adversarial System Modeling
DOCUMENT FEATURES LICENSING CONTACT & ACCESS OPSEC SUITE GITHUB
PH4NTXM Desktop Environment

SYSTEM DOCUMENT

OVERVIEW

PH4NTXM is a Linux live system with embedded identity engine.

Each session is stateless. Disposable. Self-contained.

Persona-driven identity, runtime enforcement, and controlled execution govern all behavior.

Execution occurs entirely in memory.

Identity regenerates per session. No hardware traits, identifiers, or historical artifacts persist.

System enforces coherence across layers. Behavior is plausible. Observed without exposing operator risk.

WHY PH4NTXM?

Standard systems assume continuity. Identity persists. Signals accumulate. Fingerprints form.

Observation and correlation turn persistence into vulnerability.

Even well-configured systems leak patterns across network, timing, and identity layers.

PH4NTXM removes continuity. It does not hide. It regenerates per session.

Each session is independent. No historical linkage. No persistent identity. No trust in prior state.

Goal is non-correlation. Observed behavior cannot be linked across sessions.

DESIGN GOALS

PH4NTXM built around strict constraints. No persistent state. No stable fingerprints. Behavior plausible across layers.

Identity, network, and system characteristics derived per session. Synchronized across layers. Controlled variability.

Goals take priority over convenience, compatibility, or desktop expectations.

THREAT MODEL

PH4NTXM assumes continuous observation. Passive and active entities. Network inspection. Infrastructure monitoring. Post-execution analysis.

System prevents correlation across sessions. Stable identifiers eliminated. Behavioral signals randomized.

Security applies within defined execution model. Unsafe practices or compromised environments outside scope.

OPERATIONAL CONSIDERATIONS

Determinism takes priority over recoverability. Certain actions irreversible. State in memory only.

Controlled teardown, strict network enforcement core. Not to be bypassed or relaxed.

Operators must understand constraints. Operate within intended model.

SOURCE MODEL & CONTINUITY

PH4NTXM open-source. Code available for inspection, audit, contribution.

Transparency, collaboration, verification aligned with architecture.

Contributions must respect core principles. Preserve behavioral consistency. Maintain foundational guarantees.

INTENDED AUDIENCE

PH4NTXM for operators, researchers, and professionals managing attribution, correlation, inspection risk.

Not a general-purpose OS. Not a casual privacy tool. Operational discipline required.

DOCUMENTATION ACCESS

This document communicates system intent. High-level design only.

Implementation, configuration, operational guidance provided under controlled access.

Separation preserves effectiveness. Sensitive details not exposed.

FEATURES

0. BOOT MODES

PH4NTXM selects a deterministic boot mode at startup: LINUX, WINDOWS, or LONEWOLF.

Selection occurs before any subsystem initializes. All identity surfaces built from a single model.

Prevents cross-layer inconsistencies. Reduces correlation risk.

LONEWOLF enforces full isolation. Network fully contained.

All traffic routes through Tor. Clearnet blocked.

DNS contained. IPv6 disabled. Fail-closed enforced.

1. IDENTITY ADAPTION

Shows active system identity across hardware, network, and applications.

Values derive from session identity graph. Match the selected boot mode.

Read-only. Validation only. No side effects.

2. HARDWARE ADAPTION

Hardware identity derived from seed + profile. DMI/SMBIOS injected with minor session variation.

LONEWOLF: mostly entropy-driven. Identifiers randomized.

3. GPU ADAPTION

GPU identity aligned with system class. Renderer, vendor, and OpenGL extensions consistent.

LONEWOLF: entropy-driven, minimal exposure.

4. CPU & MEMORY ADAPTION

CPU and memory derived from seed + hardware profile. Minor realistic variation allowed.

LONEWOLF: entropy-driven, non-deterministic.

5. CPU THERMAL ADAPTION

Compute modulated by thermal sensors with hysteresis to prevent static fingerprints.

6. DISPLAY & SCREEN ADAPTION

Resolution, refresh rate, and multi-display awareness match GPU and system profile.

LONEWOLF randomized within soft constraints.

7. BROWSER VIEWPORT ADAPTION

Derived from display + seed. Stable offsets in LINUX/WINDOWS.

LONEWOLF: entropy-driven, non-deterministic.

8. CLOCK FUZZING

Applied at boot. Minor runtime jitter. System stability maintained.

9. RAM SEEDING ENGINE

Persona-shaped memory allocation. Sparse entropy for low-level artifacts.

10. PACKET TRANSFORMATION ENGINE

LINUX/WINDOWS: deterministic TCP/IP transformation.

LONEWOLF: fully Tor-handled.

11. NETWORK DRIFT

LINUX/WINDOWS: deterministic drift shaping.

LONEWOLF: relies on Tor for latency handling.

12. NET GHOST STACK

LINUX/WINDOWS: multiple interface simulation.

LONEWOLF: minimal, Tor-aligned.

13. SYSTEM HARDENING

Kernel, network, and runtime hardening applied across all boot modes.

14. POST-QUANTUM CRYPTOGRAPHY

Hybrid PQC-first stack. Session-scoped keys. Transport aligned with identity.

15. FIREWALL GUARDS

Continuous enforcement. Normal + lockdown modes. Tampering auto-recovery.

16. HARDENED BROWSER

Persona-aligned. Fingerprint surfaces suppressed.

17. IDENTITY

Read-only hostname, machine ID, MACs, clock. Accessible via GUI/CLI. Matches session identity.

18. LOCKDOWN

User-triggered network lockdown. Drops all connections instantly.

19. NUKE KERNEL

Secondary minimal kernel in memory. Activated for fast shutdown.

20. PANIC BUTTON

Shuts processes. Drops network. Triggers Nuke kernel.

21. USB REMOVAL NUKE

Removable USB acts as emergency trigger. Removal triggers Nuke termination. Dead-man switch behavior.

22. SYSTEM WRAPPERS

/sys, /proc, /dev mapped to boot-mode state. Full coherence.

OPSEC SUITE

OVERVIEW

PH4NTXM OpSec Suite provides on-demand diagnostics across system layers.

Modules cover network, kernel, processes, radio, and overall system state.

All modules are read-only. No background telemetry. No persistent footprint.

Operators can quickly assess integrity, detect anomalies, and manage sensitive data within the live session.

ACCESSING THE SUITE

Launch from the PH4NTXM Menu:

  • PH4NTXM Menu → PH4NTXM OpSec Suite

Each module can also be run individually from the terminal:

  • ph4ntxm-opsec-id
  • ph4-shred
  • ph4ntxm-opsec-network
  • ph4ntxm-opsec-kernel
  • ph4ntxm-opsec-process
  • ph4ntxm-opsec-radio
  • ph4ntxm-opsec-connwatch

PH4NTXM OPSEC ID

Generates full system identity and security report.

  • Hostname, machine ID, boot mode
  • Hardware info, DMI status
  • GPU / graphics
  • Network stack: TTL, TCP timestamps, window scaling
  • Interface MACs
  • DNS config and Tor service status

Purpose: Snapshot of system identity and security. Read-only.

PH4NTXM OPSEC SHREDDER

Military-grade file destruction. DoD 5220.22-M compliant.

  • Mark files or directories for shredding
  • Recursive wiping
  • Metadata sanitization (3 rounds default)
  • Customizable overwrite passes (1–7)

Purpose: Ensure sensitive data cannot be recovered.

PH4NTXM OPSEC NETWORK

Inspect system network state.

  • Routes and gateways
  • DNS config and external resolvers
  • IPv6 exposure
  • Active connections
  • Suspicious traffic and namespaces

Purpose: Detect leaks, public connections, and anomalies. Score per run.

PH4NTXM OPSEC KERNEL

Evaluate kernel security.

  • Loaded modules, unsigned or suspicious
  • Kernel hardening status
  • Sysctl security parameters
  • Lockdown mode check

Purpose: Detect misconfigurations, weak protections. Kernel score per run.

PH4NTXM OPSEC PROCESS

Inspect processes for anomalies.

  • Deleted, ephemeral, or memfd-based executables
  • Processes from untrusted paths
  • List suspicious processes

Purpose: Detect unusual or malicious process activity. Score per run.

PH4NTXM OPSEC RADIO

Audit wireless interfaces.

  • Bluetooth and Wi-Fi state
  • Modem activity
  • Monitor mode detection
  • Nearby Wi-Fi networks

Purpose: Detect RF leaks or insecure wireless. Score per run.

PH4NTXM OPSEC CONNWATCH

Monitor inbound TCP connections in real time.

  • Track source IPs and repeated connection attempts
  • Record targeted ports
  • Live stats in runtime memory
  • Loopback traffic ignored

Purpose: Real-time operational awareness. Score per run.

REMEDIATION

Some modules provide optional remediation. Reduces exposure and restores safer states.

Elevated privileges may be required.

SUMMARY

PH4NTXM OpSec Suite provides session-scoped, read-only diagnostics.

Secure shredding, anomaly detection, network, kernel, process, and radio assessment.

Fast evaluation of system integrity. No persistent footprint. Live session only.

LICENSING

LICENSING MODEL

PH4NTXM is released as an open-source project under the GNU General Public License v3.0 (GPLv3).

This allows anyone to use, study, modify, and redistribute the system, provided that all derivative works remain under the same license terms.

The goal is to ensure transparency, verifiability, and long-term accessibility of the platform without introducing restrictions on use.

UPDATE MODEL

Updates are public. Available to all users. No restrictions.

They may include security fixes, behavioral tweaks, and system refinements. Aligned with platform goals.

No enforced schedules. No access limits. Operators track, adopt, or modify updates as needed.

DISTRIBUTION

PH4NTXM is distributed publicly. Independent builds, verification, and reproducibility supported.

Operators are responsible for building, deploying, and running the system in their environment.

TRADEMARK & IDENTITY

PH4NTXM name, branding, and visual identity remain protected.

Modified versions must not imply official status or affiliation unless explicitly authorized.

PH4NTXM is provided without warranty. Use, modification, and deployment are at operator’s own risk.

CONTACT & ACCESS

SOURCE ACCESS

PH4NTXM is open-source. Full source, build instructions, and docs publicly available.

https://github.com/PH4NTXMOFFICIAL/PH4NTXM

Operators may inspect, build, modify, and deploy according to their operational needs.

CONTACT

CONTACT ENDPOINT:
PH4NTXMOFFICIAL@proton.me

COMMUNICATION GUIDELINES

Privacy-preserving practices are strongly recommended for sensitive communication.

  1. Use a privacy-respecting email provider.
  2. Encrypt messages with the public PGP key when appropriate.
  3. Include only minimum necessary information.
  4. Avoid personal or identifying details.
  5. Strip metadata from attachments when possible.

PUBLIC PGP KEY

Copy the full block. Partial keys are unusable.

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGoGk7EBEADgjAqR5eyAxJHp0CQCzhq4ZnGciAwgRYDsrzba1tZBAyfYUaA/ /0Nge0Z1UXqkeMCCi5fuDYshTlN/8OvWVi76PNCCrrGAtvDiZAjY/rKqTZddg+7K irINgIrZGtfEnEjCDdtBTFPWwtsWiMjuRh1zHlKZ9mMeXQR5G1INE0UPYpE5Yf40 Aio0TTCpazf40js8qjX5eTFC+H2DjwJT2t4IWlv1qoU2mKedsppkjUl1VBGBQtCG PSviBEg+DRJWfqk6vvHYAOAkSCJRcZAQCN4uftFHT98XNXVEqQSE7NI9l3PT0e1V /kCJvcN8inMDV6uUcuhDXb0IaI+jumPbbq6lgWnSDEP4Cz34dMVyVqr0PGGFiDbH T/cp8wl54CCxfFQsLS7zWHVsZ6mvuomoXtkBgICZ4GyuduqLwXwJVU9k7U5OukUP aezp7rvMp3VnNkFFUO/nxOAie4DSRXkfMFPr99lIp9bXdPRqSpa992zsIb8pPkq1 8gJHL5rUSKCHnUpR8Cxaa686OV+Vkz5JGkPtckWU4AhrVJD8ouJCMJxUoJ1c7svG oUvQdsH/++AVmds2NnhCqaPQmKObD+91HHwWpsMZqPYooyWaNZzQjHyOOO4PWzzg mNKmBzQyVq5azTSO2f61ko3Jdj1QHIqvFiVnag6DUZCep7xl/paAW8p0VQARAQAB tCNQSDROVFhNIDxQSDROVFhNT0ZGSUNJQUxAcHJvdG9uLm1lPokCTgQTAQoAOBYh BIqK6qCk3Rpx2F376A7X8GBGd5hwBQJqBpOxAhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAAAoJEA7X8GBGd5hwHuQP/1/YyyxSamvp+n/BE2qluhCIzt3Zm/gdwx8x bp/n/i7qZg2MgUIxhy6LQMvc49+N7aCw4A0HpCWsbnJpEKr0bCkj2yboatzbDEQ6 r8nGLmtyahCZQx6/4XZUOcDgRS8nB2W3cAW3jG5suQ73tBLCOxKgYtIAKX9l2Png CEOLWYxN6e+5hPPliyG7xD3n4VlrmfQ8VzFTjyppxRXNGM+DsPQaxwuYAN4FmDjA bFbrEW1W6qo1C4jF/dMOw6ElRGzESNyrGkeligO9NVlqRRzjn1YdXXyV+EbtJyEM mfK60Omqh46dUhl1JCEJTHqILDYZtof/0SZ3aXwKtA+OosoRCG+axYEJhC67XgLy 6PYt4zEv0SH5XM8xzgWDQZMihTcMqtb0wCGMQCvmaOed8WNsl0UERgHvdFcQRya7 0BUzXuBTNlE5Y7qAj3Pa1s1UdDXq3xxXiH6ZtrG9TbpU1Egnehn/xwR65jA2ktfA dgj65DxdGWVnw6EEovjUIauLPYfmVeouhgkrbblDPQynCf+eqQzQipSWSRVU7qkr 06uloZiDnC2ClSxWedHbrprNxN8bSBIvmRadA3H3DPgy/TYZeJ1yJ3csAGRPQa4V LlsdJvYj7N7K2uBEnojJnemFA11zhXftSuXUYb6upzeHCKYl4C4LWSR1JyKa/K2n pXZd3RAfuQINBGoGk7EBEAC2x40y8VoSUnFerAZfJe5tCNtB47Drx9x351CgnUP3 GePGDYqrybH6AmaqHuey1G0uBw9R1TVvgpM4g3VBlZ/aGIRIujiJUZY47FrrmFtz QB/ykt7MluQ/SNU6CDFl7YnZl2gTbEu/2VnVBuh4MJ7+CKl3dhmcONfN8EOZqAXV jCYZ7MEMjvYp1YYrZh+7eg5QDVejcEUrcJYWgk2Koae7pC3iU5HSZXmr3GPZdu6e d7RfUbmjx5OUa3zqy0ZAien8bCGTXcqm1wK+ZNVy0YmlzayrWsMxo6DMppdoKrYI CHk0S9k58d2UV4yCzaG2DXBJFpiSf0DM/V1QndqA/elWmRjAoNUVIuBkHkjxeFrh QDPLbxY/QQyL8cuconTppUPs8hRhm6DJK0vLu/3gyN5PBSAEn1p7bVqQmZ8Cj+3R qeWawJqpOP4o7+eKBqP46zj3c56ijFq7zZ5TkwyLCUg5XqczSaI7vFPYsbBoCR9v spexAeA9SI5woS8tf6WqcB/W/Rlt1Hc0eUIZTwUXodObJABBhwnP1HT372qd30js 4m20jBWewBDzXX9j3sy50p8OY/l4Rnw8qzkVu58u+hIJRKVVQwoQnPAfxBbnI+Pn r6H1dKXbof+O87sPJlgkS8ArZ2gbkc7odxbWCdWfZP+co/+yb++53TRth2Bqd2qL 4QARAQABiQI2BBgBCgAgFiEEiorqoKTdGnHYXfvoDtfwYEZ3mHAFAmoGk7ECGwwA CgkQDtfwYEZ3mHCmEA/+IvpKkKcqNV7Fb3fiOQ90U9skp4GrFYAIo66uXFH+44bL MwMC9kxqynPiLoh0LWBMeU8A9cXtK0w6axVpQmcPWBw1WJcWMKq5m1pa1cmg1G3K jeO2iuijrjtIS1WKAzwq5ccfCxH3RGl0Vg/4ImTJ7lNISCBUB9kHOF9U68U8x9Zu 58Ti1yGccyRiVdsFmt28ntZktOB+9tShtqT39uP4lN21cWZCMpu98145AvkAZ5XV Un4CzC6t9r7ix8C6KDtkTlTpw/7aSclbmqYEbaosfKqlTcFisSS6L1RJnGFODthe KTmTFnnGI58HWZiNzxV42eSiNIGDLJ+SDffn6D7pUSwljpccJ/TbGpSol4WkMVA4 8iXUBRCSGUjo/e5FGgI8UON75kIzQakH+/54eQ+aeNMvlD0uu+y4xfTBWuiOswdF LHZMAMPBLp5e89KRnwvJj1DZLk5kvvOjGKkksV9R+kNB7kZGtUkKViGbqxs3gSnm ificeV7Hn9Ng5mDxyRLHyTDv5YU802h8ZZ8j4q705/JP0vK60pmKmwPqepotlCYo bWEktPPljx0DW1hkpJcIRS8FUgpZFiCvsja7EaTwNJAwhvhB3sK43tJX1iTZmM1m S7UCNVnN77FzVylQI62ftci5aUeiDmXglBhJDOyNkII/JGI1L0riM+C1MjaNm6U= =Lk5Z -----END PGP PUBLIC KEY BLOCK-----

Encrypted communication is preferred.

PH4NTXM Signature