Hellaphone: Replacing the Java in Android presented at DEF CON 20

by John Floren,

Tags: Security

Summary : Android is the only widespread open-source
phone environment available today, but actually
hacking on it can be an exercise in frustration, with
over 14 million lines of code (not counting the
Linux kernel!), build times in the hours, and the
choice of writing Java or C++/JNI. Add in security
debacles like the CarrierIQ affair or the alleged
man-in-the-middle attacks at the last DEF CON
and Android starts to seem less attractive.
We wanted a phone thats easy to hack on,
with a quick development turnaround time. By
killing off the Java layer of Android and only
loading the underlying Linux system, we found
a useful, relatively light-weight platform for
further development. We then adapted the
Inferno operating system to run on our phones,
eventually getting a graphical phone environment
in under 1 million lines of code, including a phone
application, an SMS app, several text editors, a
shell, a compiler, a web browser, a mail client,
and even some games. The actual core of the
Inferno OS is small and simple enough for one
person to read, understand, audit, and hack on;
applications are similarly simple and easy to write.
This talk discusses in greater depth our motivations
and the methods we used to adapt Android
phones to new and excitingly broken purposes.
If the Demo Gods are kind, there will also be a
demonstration of the Inferno phone environment.