Android Scripting Layer (Encrypted SMS communication)

Posted on September 15, 2010 by

4



Recently I (Stephen A. Ridley) have been doing quite a bit more security research on embedded systems and mobile platforms like phones. This naturally means more development in these areas. A while back I ran into SL4A or Scripting Layer for Android which was (at the time) called ASE  or Android Scripting Environment. (Apparently they changed the name for googlability). Anyway, this software is neat because it lets you write scripts in Python, Perl, JRuby, Lua, BeanShell, JavaScript, Tcl, and shell scripts and will give you native access to “phone functions”.

I have been developing and  building quite a bit of Dalvik Java recently (you can even execute native ARM elfs on Android with some trickery ;-). I’d always liked the idea of SL4A but never had any practical use for it, but recently I thought of a project that would lend itself well to the Scripting Layer: Encrypting SMS messages!

Introducing: Blowfish_SMS.py!

The idea was basically to write a tool that would allow you to send and receive encrypted SMS messages between friends with whom you’ve pre-negociated a secret key (either by voice or in person).  Telco’s and Wireless carriers keep records of all your SMS’s. Why not protect this data? You don’t need to have anything to hide, it merely a matter of being comfortably private. The reason that the scripting layer lends itself to this so well is because paranoids (like myself) generally want to “trust” the application by reviewing it first. The plaintext nature of Python scripts works really well for this (because it saves the trouble of disassembling and analyzing the binary…and most of us are lazy). People who want to use Blowfish SMS, can merely view, edit (or even modify) the contents of the script directly on their phone before executing it.

Read all about the project and see screenshots here.

Read all the code and stuff here.

You cipherpunks may complain and notice this, but whatever. Ok, back to actual work now!  (oh and we have a few blogposts from many months ago that we have yet to post. Stay tuned for that. Thanks!)

Posted in: Android, phones, tools