Hellaphone: Replacing the Java in Android

Presented at DEF CON 20 (2012), July 28, 2012, 1 p.m. (50 minutes)

Android is the only widespread open-source phone environment available today, but actually hacking on it can be an exercise in frustration, with over 14 million lines of code (not counting the Linux kernel!), build times in the hours, and the choice of writing Java or C++/JNI. Add in security debacles like the CarrierIQ affair or the alleged man-in-the-middle attacks at the last DEF CON and Android starts to seem less attractive. We wanted a phone that's easy to hack on, with a quick development turnaround time. By killing off the Java layer of Android and only loading the underlying Linux system, we found a useful, relatively light-weight platform for further development. We then adapted the Inferno operating system to run on our phones, eventually getting a graphical phone environment in under 1 million lines of code, including a phone application, an SMS app, several text editors, a shell, a compiler, a web browser, a mail client, and even some games. The actual core of the Inferno OS is small and simple enough for one person to read, understand, audit, and hack on; applications are similarly simple and easy to write. This talk discusses in greater depth our motivations and the methods we used to adapt Android phones to new and excitingly broken purposes. If the Demo Gods are kind, there will also be a demonstration of the Inferno phone environment. *Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND-2012-3785 A

Presenters:

• John Floren - Senior Member of Technical Staff, Sandia National Labs
  John Floren is a Senior Member of Technical Staff at Sandia National Laboratories, where he works in High Performance Computing and security research. He occasionally puts odd operating systems on inappropriate systems, so far having helped port Plan 9 to the IBM Blue Gene series and Inferno to cell phones.

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Floren
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - John Floren - Hellaphone Replacing the Java in Android - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=EpTTU4lcR1Q

Similar Presentations:

• Black Hat Europe 2015 / AndroBugs Framework: An Android Application Security Vulnerability Scanner
• Black Hat USA 2015 / THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware
• Black Hat USA 2013 / How to Build a SpyPhone