Google Glass Analysis – Sending Directly to Glass

So how does android talk directly to glass?

$ blucat devices
#Searching for devices
+,F88FCA255988, "Joseph Glass's Glass", Trusted:false, Encrypted:false
$ blucat services
#Listing all services
+,F88FCA255988, "Joseph Glass's Glass", Trusted:false, Encrypted:false
-,"Glass Identity", "", btspp://F88FCA255988:14
-,"Handsfree", "", btspp://F88FCA255988:13

Looking at the apk file GlassBluetooth.apk shows this line:

public void onCreate()
    logger.i("Starting Glass bluetooth service.", new Object[0]);
    this.tasks.put(new ConnectivityLogger(this), Boolean.valueOf(false));
    this.tasks.put(new Tethering(this), Boolean.valueOf(false));
    this.tasks.put(new GlassIdentityProfile(this), Boolean.valueOf(false));
    this.tasks.put(new PairingPolicy(this), Boolean.valueOf(false));
    this.tasks.put(new HandsFreeProfile(this), Boolean.valueOf(false));
    this.companion = new CompanionSocketServer(this);
    this.tasks.put(this.companion, Boolean.valueOf(false));

This points in interesting directions. The IdentityProfile starts a service that we are interested in:

public void onBluetoothAdapterEnabled()
      this.listenSocket = HiddenBluetoothAdapter.listenUsingInsecureRfcommOn(14);

So this was leading me in circles so I started looking at how SMS messages work and found this line in CompanionSmsManager:

 TimelineNano.TimelineItem localTimelineItem = 
CompanionUtils.getCompanionSmsTimelineItem(localContext, str1, str2, str3, l1, bool3, bool2);
              if (!this.forwarder.forward(localTimelineItem))
                break label430;
              localFormattingLogger2.d("Successfully forwarded notification id=%s with timestamp =%s to Glass.", arrayOfObject2);

Where it’s defined as CompanionSmsManager.SmsTimelineForwarder forwarder;

Then I found CompanionMessagingUtil

And then googling that found that someone already did this:

I put my test app here but it doesn’t work yet: