Can You Make This Work on the A1200?

[JamesK]

Hi All,

There is a great little java password safe application which is open source at the following address:

http://www.javawi.de/

Overall it seems to run ok on the A1200 but the import/export options do not work on the phone.

I have tried the trick of installing it to the SD and hacking the JAVA registry to make the application a "trusted third party" app, however the import and export functions still do not work on the phone.

Can anyone with J2ME know-how have a look at the software (or the source code) and see if they can get it working on the A1200?

I might be missing something, but I can't find any application for the A1200 that will allow me to encrypt a text file that resides on the SD card.

Any help, ideas or pointers to other software would be much appreciated!

All the best,

JamesK

[mischka]

Nice app!

There is another one called secret codes. Look at this too

[JamesK]

Hi,

Thanks for the reply.

Secret Codes is a nice little app, but I've been in contact with the author and discovered that the crypto used is fairly weak.

/technical mumbo-jumbo on/

Secret Codes uses your password to seed the random number generator on the Phone, this is then XORed with your plain text to give the resulting crypto-text.

/technical mumbo-jumbo off/

The bottom line is that this method of encryption is not very strong. It is similar to the encryption used by the Germans in the Enigma machine during WW2.

I have suggested to the author that he considers using a strong crypto algorithm, such as those found in the free bouncy-castle API set which can be found here: http://www.bouncycastle.org/

The author has said that he will be looking into this in the future.

The main issue for me at the moment is that I am battling to find an application that will import/export records to a PC for backup. The idea of having all my important data exclusively on the phone is something that makes me nervous.

Thanks again for the pointer and the great forum!

Any other ideas regarding crypto applications for the phone would be much appreciated!

Regards,

James

[swifty]

this works on A780.

for the mobile:
http://www.penguinpower.de/parser/pa...r/index.en.htm
Filetor is a MIDlet to create, edit and delete files and directories. File can also be encrypted.
There are two 256 bit algorithms: AES and Twofish. They provide the best security.
The library of BouncyCastle is used.
The data is sored files in the normal filesystem.

Files from BookAtor are fully compatible with them from FileAtor.

for the desktop:
http://www.penguinpower.de/parser/pa...r/index.en.htm

[JamesK]

Hi,

Thank you for the link.

I have looked at this before but couldn't get it to work on the A1200 or E6.

However your post prompted me to revisit this application.

By installing the application on the SD card (not the phone), then hacking the JAVA registry file to make it a "Trusted Third Party" application, and finally by enabling the appropriate permission settings, I was able to get the application working.

While this application is not elegant and is HUGE for a java app (over 400kb) it is none the less working!

Big thanks to the author for releasing the app!
And thanks to swifty for prompting me to retry the app!

I would still be interested from anyone who may have suggestions for a more elegant (read smaller) solution and ideally something that can be natively installed on the A1200/E6.

Thank you to every one for your help so far in this search.

Regards,

JamesK

[JamesK]

Hmm, after a bit more investigation, it seems that there is only partial success to be had with FileAtor.

In summary, to get the app to work on the phone you need to install it to the SD card, hack the java registry to make the app trusted and then set file read/write permissions to "once per application".

The application then does run, however...

- Encrypted text files appear to be limited in size (precisely how much I am not sure).
- On every execution of the program you are prompted with a message confirming that you want the app to have read/write access to your file system.
- The app occasionally duplicates items in the menu structure

So the quest for a simple password safe with import and export capabilities still continues.

Any other suggestions, pointers, ideas are welcome!!

Thanks for the efforts so far.

Regards,

JamesK

[CLOVIS KKK]

JamesK

I just tried Safe. I can look at FileAtor later today.

About Safe
1 - it seems that the export function has a bug or it was made for a specific hardware. I can look at it and suggest a change to the author so it can run in E6 and A1200 but it will take some time.

2 - I don't recomend this program if you need real security.
It stores the password in the form of a Hash (MD5).
Hash functions are fast.
To break the security in this program you don't need to break the cryptography.
You can even use brute force to test all passwords (with dictionaries if you want to be faster) and just make a hash of that password and compare with the stored one.
And, there is a better approach to break security of this program because it uses MD5. Of course....make a hash of a password and store it isn't recommended at all in security systems (it is better then clean).

MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began to recommend using other algorithms, such as SHA-1. In 2004, more serious flaws were discovered making further use of the algorithm for security purposes questionable

Here is the original paper
http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf

[CLOVIS KKK]

2 - I don't recomend this program if you need real security.

Of corse, it is sufficient for most personal use.

[CLOVIS KKK]

FileAtor seems to be secure.

I did not read the source to see how it creates the keys or how it uses the passkey, but it seems to be secure.

I will need to try a little more because it is rising many errors on my a1200. have you tested on a1200?

[CLOVIS KKK]

I would still be interested from anyone who may have suggestions for a more elegant (read smaller) solution and ideally something that can be natively installed on the A1200/E6.

There's no way to avoid the question without hacking reistry.txt (to manufacturer).
It is for security reasons. Imagine that you install a java game or instant messaging and it starts send all your files to the developer?

The only way is by using Motorola's certificate. Only Motorola has it.

commercial products can use a Third Party certificate. This way you will be asked the question once for each session.