It’s coming along, but it doesn’t seem to be as easy as I’d have hoped. Sort of have a working example but I don’t want to release it until I can definitely identify what needs to be patched and why and other things like exactly by how much etc for things to be injected. Just a little output of some of my notes from the tests I’ve been running. Nothing to mind blowing but some notes incase someone is interested, slash incase I lose the piece of paper;

Things you must patch to successively inject code:

Length of file in bytes (0×20)
Absolute offet of string table (0×34)
type of checksum? (0×38)
number of fields in field table (0×44)
Absolute offet to field table (0×48)
number of methods in method table (0×4C)
absolute offset of method table (0×50)
another checksum? (0×54)
absolute offset of class definition? (0×58)

Fishdroid? Andro-Fish? Wait that sounds like a suppliment...

Just randomly thinking on my drive back from Boston, I was thinking about the Android applications I have been working on lately. SMS logging is nice, but really - it store them already and it’s a pretty fine and dandy job of doing it… Why not create something with a bit more functionality? I was trying to think of something a bit different, when an example came to my mind of something (some) people already do in other communication protocols. Encrypt that message, why didn’t I think of this before? Doh! It should be clear to someone who has a crypo-bug to want to do something crypto related…

Anyway, the basic idea is an application similar to FiSH for iRC. You would be able to send your key to others, and receive keys. This would allow you to essentially keep people out of your SMS’s, both your service carrier, nosy neighbors, that pesky thief who picked up your phone… Anyone - I guess, even yourself if you forgot the password? The idea behind the password and keys would be the same as the current password applications released. A sqlite database that is encrypted off of a initial user password, thus giving access to your key (generated by random touches maybe? like that “awesome” blackberry move-your-mouse-generation-key-method) which could from there unlock the keys shared by other contacts. This could allow you to encrypt and decrypt messages without having to worry about the smsBroadcast not being allowed to be disabled. Which by the way, is a rather annoying idea… Yes, yes I know Google it could let people do bad things and run up people’s bills, but I still find it a little too protective.

A second quick idea came to me as a “social push” network type of application. In a stroke of genius, ok - not genius, more like I went by a trooper who nicely pulled over four cars in front of me and not myself, gave me the idea. Sort of a “point of interest” application that receives pushes from people within the area. If you where using your phone as a gps, you could receive a notification that, “Oh gosh! A speed trap is on I-95 South between exit 19a and 19b!” Just to you know, continue driving safely… Something with a nice tag line of “Burnt-Pig” made me chuckle a little…

Don’t worry about the inject idea’s folks, I’m still working away on that - though I don’t really want to burst any information before it’s fully matured and I have a nice working example of it. On a last little side note, I noticed a Power Management application came out. It looks nice - I think I’ll be running it and see how it performs, seems solid enough and didn’t crash within the first three minutes like most applications. I’d like to see the data that it actually collects… Two slightly annoying things are that right away it changed my brightness settings on the phone - and it seems to try to change the phones orientation when i tilt the screen different ways. Nice idea but sort of ugly in practice, at least for this application. Nice to see developers are really getting dirty with all the code and everything isn’t just a pure clone now!

Been doing some experimentation with some extremely interesting results. Looks like inlining a program is possible, though it does get a little messy… I’ve been doing mostly everything by hand and guessing - but it looks like I might be able to write up a program to do it for me. I don’t have a whole lot of time right now as I’m time crunched with some exams, so I can’t do into explicit detail, though if you understand the DEX file system and the Android OS it’s rather similar to injecting in to normal java vm’s. This process is well described here.

Hopefully I’ll have some time later to post to tests and results of what I’ve been doing and how it’s being done.