Gorilla for Android
in work …
Thanks to David Welton there is a way to port Tcl programs to the Android™ platform with Hecl. For further details to this script language for the Android platform see the site: http://www.hecl.org/
The following steps are planned:
- implementing the Twofish and sha256 algorithm in pure Tcl and as a C extension
- database access replacing Itcl calls by Hecl objects
- coding a command-line interface
- building a GUI with Android widgets
Download the SDK from http://dl.google.com/android/android-sdk_r12-linux_x86.tgz and follow the installation guide: http://developer.android.com/sdk/installing.html
The emulator (http://developer.android.com/guide/developing/tools/emulator.html) is called by
emulator -avd <name-of-virtual-device>to be found in .android/avd
Pressing F2 (the menu key) will unlock the system
The SDcard is to be found here: ~/.android/avd/test.avd/sdcard.img
it can be mounted via mount -loop or via adb push
For information see: http://www.hecl.org/
Download http://www.hecl.org/downloads/hecl-20100628.tgz and decompress it in a folder of your working directory, e.g. ~/hecl
Change to the Hecl folder and type:
ant android-install (or android-reinstall)to build Hecl. If the emulator is running then Hecl will should be automatically installed. But I got a permission error. So install the file manually:
$ adb install Hecl-debug.apk For having a look into the Android machine use:
adb shellYou will find org.hecl.android-1.apk in the folder /data/app
The package that gets sent to the emulator resides in
android/bin/Hecl.apk, and is basically a .zip file. This means that
it’s possible to modify the Hecl script contained therein and
repackage the .apk without recompiling anything:
- Go to the android directory.
cd android/ - Replace the script.hcl file in Hecl.apk with our modifications.
zip -r bin/Hecl.apk res/raw/script.hcl - Send it to the emulator.
/opt/android_sdk_linux_m3-rc22a/tools/adb install bin/Hecl.apk
With the Hecl script executed being res/raw/script.hcl.
To test script
Start the Hecl-Server with the main menu and follow this guide:
Running Hecl server on port ${port}.
You can telnet to this port to interact with Hecl after running this command: adb forward tcp:7405
Since the interpreter that you are accessing is a sub-interpreter, to run commands in the main interpreter, which has access to the Android GUI thread, you have to pass them with the
maineval command, like this: maineval { … code … }
To stop the telnet connection type: adb kill-server
ant packageCommandline
java -jar jars/j2se/Hecl.jarSystem.out.println(“message”; will be sent to the console.
see http://www.hecl.org/docs/creating_new_hecl_commands.html
in the main method of Hecl/commandline/Hecl.java a method
extend(interp) is called where the new command can be added:
We add our new command “hello”:
public static void extend(Interp ip) throws HeclException {
ip.addCommand("hello", new HelloCmd());
}The result is:
hecl> hello
Hello world - this is a new Hecl commandThe use of the encryption instance for sha256 needs to catch the exception NoSuchAlgorithmException which is thrown per definition. Thus we need to import the two following packages:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;We take the string password passed from the console and use it in the new defined class Sha256Cmd (/hecl/core/org/hecl/Sha256cmd.java) with the following three lines:
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(password.getBytes());
byte byteData[] = md.digest();We add the the new command sha256 to the file …/commandline/Hecl.java:
public static void extend(Interp ip) throws HeclException {
ip.addCommand("sha256", new Sha256Cmd());The result is after converting the byte array to hex format:
hecl> sha256 123456
Hex format: 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92Basic information: David Hook, Beginning Cryptography with Java, Indianopolis 2005
Preliminary steps:
- Add provider BouncyCastle
- Add Unrestricted Policy Files http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip
We start a little test call in Java for the 8-byte Blowfish cipher in ECB mode with input 0×0000000000000000 and key 0×0000000000000000:
Cipher cipher = Cipher.getInstance("Blowfish/ECB/NoPadding", "BC");Then we have:
dia[src]$ javac chapter2/SimpleSymmetricExample.java dia[src]$ java chapter2.SimpleSymmetricExampleinput text : 0000000000000000 cipher text: 4ef997456198dd78 bytes: 8 plain text : 0000000000000000 bytes: 8
According to http://www.schneier.com/code/vectors.txt the result should be:
cipher text: 4EF997456198DD78Let’s make a Twofish test in ECB mode (see: Twofish ECB test vectors, from http://www.schneier.com/code/ecb_ival.txt
input text : 00000000000000000000000000000000
cipher text: 9f589f5cf6122c32b6bfec2f2ae8c35a bytes: 16
plain text : 00000000000000000000000000000000 bytes: 16Equals to Bruce Schneier’s test result: 9F589F5CF6122C32B6BFEC2F2AE8C35A
So we can prepare for reading a pwsafe3 database. How to get access to a file working with java -jar Hecl.jar?:
Writing:
hecl> set fh [open test.txt w]
org.hecl.files.HeclChannel@15a3d6b
hecl> $fh write "noch eine zeile"
15
hecl> $fh flush
hecl> exit
dia[j2se]$ cat test.txt
noch eine zeileReading:
hecl> set fh [open test.txt r]
org.hecl.files.HeclChannel@1d520c4
hecl> set text [$fh read 4]
noch
hecl> $fh close
hecl> puts $text
nochSummary of methods for the stream object:
$filehandler close, read ?byte(s)?, readln, write string, writeln, flush
BouncyCastle provides a Twofish engine
…
pwsafe3 files can be read by help of new commands:
- sha256 message
- sha256hmac message key
- twofish::encrypt -ebc message key
- twofish::encrypt -cbc message key initialization-vector
db::getFieldValue recordnumber fieldnumber works
create api-8 avd
ant android-reinstall
adb install Hecl…
start Hecl server
$ adb forward tcp:7405 tcp:7405
$ telnet localhost 7405
Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
Escape character is ‘^]’.
> file.size /sdcard/jtcl.jar
5431436
> set fh [open /sdcard/jtcl.jar r]
org.hecl.files.HeclChannel@45051920
> $fh read 4
PK
> $fh readhex 4
0a000000
> $fh closePackage files and own commands are successfully compiled
A first test fails. adb logcat shows in regard to BouncyCastle classes the following error type:
...
I/dalvikvm( 668): DexOpt: not resolving ambiguous class 'Lorg/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers;'
D/dalvikvm( 668): DexOpt: not verifying 'Lorg/bouncycastle/jce/provider/JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL;': multiple definitions
D/dalvikvm( 668): DexOpt: not rverifying 'Lorg/bouncycastle/jce/provider/JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL;': multiple definitionsHints in different forums pointed to the fact that Android already has included a crippled BouncyCastle package which can’t be replaced by an updated and full BouncyCastle package, and so there would be always ambigousity for the Dalvik interpreter.
A solution in renaming the BouncyCastle package can be found here:
Spongy Castle aims to be a full replacement for the crippled versions of the Bouncy Castle cryptographic libraries which ship with Android. You can read more about the project here:
https://github.com/rtyley/spongycastle#readme
The downloaded scprov-jdk15-1.46.99.3-UNOFFICIAL-ROBERTO-RELEASE.jar has to be put into the folder /platform-tools/lib where ant will find and compile it into the dex.classes file.
If we add some preprocessor commands to GorillaCmds.java then we will have the SpongyCastle package ready for the Android compile run.
//#if android
import org.spongycastle.jce.provider.BouncyCastleProvider;
//#else
import org.bouncycastle.jce.provider.BouncyCastleProvider;
//#endifFinally we get the desired result like before with the Hecl commandline interpreter from the Hecl server, too:
> source /sdcard/gorilla.hcl
...
hmac 146b1e408d6bf297422f28d65cf0a4fa3deceec3a774da9e1c653719c7f222c4
myhmac 146b1e408d6bf297422f28d65cf0a4fa3deceec3a774da9e1c653719c7f222c4
=== Step 4: Hmac authentification of all data fields proved
+++ File is read successfullyThis was a proof of concept for granting access to a pwsafe database on Android. A Android Gui has to follow.
New page: Creating a PWGorilla GUI for Android with Hecl