SMS Secure AES-256

[optimumpro]

As many know, the developer of Textsecure has abandoned secure sms messaging in favor of over the internet messaging. In addition, his insistense on including Google proprietory blobs in his app and the requirement of having the spying Google services framework, totally negates security. Here is a fork of Textsecure, which is a pure sms application. No Google binaries are included. No GAPPS are needed. This app fully replaces stock messaging.

In addition, I have made the following changes: 256 bit symmetric AES encryption instead of 128 bit and 192 bit elliptic curve encryption instead of 160 (160 is weak). I have also increased the iteration when generating random numbers.

Credit: Original creator Moxie Marlinspike; Initial fork by Bastien Le Querrec and Carey Metcalfe

Application is attached. If you want to build it yourself, see below.

Source: http://d-h.st/OsQ7

To build, unzip the source code, make sure android sdk is in your path and execute ./gradlew build.

Edit: In source, open local.properties and put there your android sdk path

P.S. This app won't work with older versions of Textsecure, because you have different length keys and will fall back to unencrypted transmission. Same will apply if the other person has stock SMS. In other words, both users must have this app to communicate securely.

 

[setmov]

As many know, the developer of Textsecure has abandoned secure sms messaging in favor of over the internet messaging. In addition, his insistense on including Google proprietory blobs in his app and the requirement of having the spying Google services framework, totally negates security. Here is a fork of Textsecure, which is a pure sms application. No Google binaries are included. No GAPPS are needed. This app fully replaces stock messaging.

In addition, I have made the following changes: 256 bit symmetric AES encryption instead of 128 bit and 192 bit elliptic curve encryption instead of 160 (160 is weak). I have also increased the iteration when generating random numbers.

Credit: Original creator Moxie Marlinspike; Initial fork by Bastien Le Querrec and Carey Metcalfe

Application is attached. If you want to build it yourself, see below.

Source: http://d-h.st/JsjA

To build, unzip the source code, make sure android sdk is in your path and execute ./gradlew build.

P.S. This app won't work with older versions of Textsecure, because you have different length keys and will fall back to unencrypted transmission. Same will apply if the other person has stock SMS. In other words, both users must have this app to communicate securely.

Bravo

 

[CHEF-KOCH]

Thanks sounds promising after TextSecure drops his SMS encryption. I'm currently using Tinfoil-SMS.
The question is if you gonna release this for the mass or just only here on xda (maybe F-Droid build or another place)?!

And a compare between the binary (for future possible releases) and the source would be nice, something like this:

unzip -p suspectsmsecure.apk META-INF/CERT.RSA | keytool -printcert
unzip -p suspectsmsecure.apk META-INF/CERT.RSA | keytool -printcert | grep SHA-3
unzip -p knowngoodsmssecure.apk META-INF/CERT.RSA | keytool -printcert | grep SHA-3
jarsigner -verbose -verify suspectsmsecure.apk

To see all necessary stuff about the certs to compare the downloaded one.

 

[optimumpro]

Thanks sounds promising after TextSecure drops his SMS encryption. I'm currently using Tinfoil-SMS.
The question is if you gonna release this for the mass or just only here on xda (maybe F-Droid build or another place)?!

And a compare between the binary (for future possible releases) and the source would be nice, something like this:

unzip -p suspectsmsecure.apk META-INF/CERT.RSA | keytool -printcert
unzip -p suspectsmsecure.apk META-INF/CERT.RSA | keytool -printcert | grep SHA-3
unzip -p knowngoodsmssecure.apk META-INF/CERT.RSA | keytool -printcert | grep SHA-3
jarsigner -verbose -verify suspectsmsecure.apk

To see all necessary stuff about the certs to compare the downloaded one.

The source have been there from day one, see the OP. I don't think I am going to release it on Googleplay. Maybe F-Droid... .

 

[optimumpro]

Some reported F/C on entering passphrase for local encryption. I have just posted the fix. See the OP.

 

[rdsqc22]

Thanks for this! Think you could start a github repo for the fork or some such? Downloading the source code in a zip file from a forum is a bit less convenient, and means I can't use git to pull updates.

 

[wis3m0nkey]

The source have been there from day one, see the OP. I don't think I am going to release it on Googleplay. Maybe F-Droid... .

+1 for f droid and github or similar (though I wouldn't dabble with source code, would still like other devs contributing easily)

 

[jobella]

Nice, I'll give it a try.

 

[kazzxtrismus]

Yes please.. Interested in git / alternate host

 

[thomson.aa]

@optimumpro:

Thanks for pointing that out. Are you affiliated with SMSsecure? We will see how this project is holding up.

How did you make these AES and elliptic curve changes?

Regards

 

[optimumpro]

@optimumpro:

Thanks for pointing that out. Are you affiliated with SMSsecure? We will see how this project is holding up.

How did you make these AES and elliptic curve changes?

Regards

I am not affiliated with smssecure. I initially contacted them with a few changes, but they were not receiptive, which is their right. With regard to changes, there are a few java files where you change numbers from 16, which equals 128 bit to 32 and from 20 (160) to 24.

I have modified the app to my taste and shared it...

 

[wis3m0nkey]

F droid has SMSSecure 0.5.1, I wanted to confirm if it's a the same app?

 

[Wakamatsu]

F droid has SMSSecure 0.5.1, I wanted to confirm if it's a the same app?

Serious? Right above your post...

I am not affiliated with smssecure. I initially contacted them with a few changes, but they were not receiptive, which is their right. With regard to changes, there are a few java files where you change numbers from 16, which equals 128 bit to 32 and from 20 (160) to 24.

I have modified the app to my taste and shared it...

 

[wis3m0nkey]

Serious? Right above your post...

Oops thanks. I read the post but was comparing text secure and SMS secure (this app, while reading post I didn't know about existence of separate app on f droid)
Thanks for pointing it out.

 

[optimumpro]

Oops thanks. I read the post but was comparing text secure and SMS secure (this app, while reading post I didn't know about existence of separate app on f droid)
Thanks for pointing it out.

I posted this app on XDA before SMSSecure guys published theirs on F-Droid. Both apps are rock solid stable thanks to Moxie Marlinspike, the original author. My version is a bit tougher on encryption.

I have noticed that SMSsecure guys keep implementing some minor changes (icons et al) which don't involve encryption/sms transmission/user interface. I am not going to change graphics for the sake of version bumping.

So, I am stopping here unless there is a major change in encryption protocol...

 

[nutpants]

Thank you for sharing your changes.
I hope you will continue to provide this very useful service to the security conscious community.

 

[[email protected]]

Hello,

SMSSecure work very good on my HUAWEI Ascend Mate 7 but not on the HUAWEI P7 from my wife.
The list of contacts flash always ... what's happening with this ?
GO Sms is disable and SMSSecure is set as the default SMS application.
I don't understand why doesn't work !

 

[[email protected]]

Could you help me and reply to me ?

 

[nutpants]

Could you help me and reply to me ?

Try smssecure on fdroid.
Not as good of encryption but still very good.

 

[wis3m0nkey]

Hello,

SMSSecure work very good on my HUAWEI Ascend Mate 7 but not on the HUAWEI P7 from my wife.
The list of contacts flash always ... what's happening with this ?
GO Sms is disable and SMSSecure is set as the default SMS application.
I don't understand why doesn't work !

Flash as in contacts blink or does it mean all contacts get deleted?


Sent from my Xperia Z1 using Tapatalk