Arming an escaped convict– giving Artillery to a Jailbroken iPod Touch

Some achievements are too easy, but that shouldn’t be construed as complaint. This one was pure fun.

Keeping in mind dire warnings of the dangers of rooting my iPod from security professionals I know and respect, I decided to root a spare iPod, so I wouldn’t have to worry so much about security for my primary one with all its precious info.

Once rooted, how would one secure such a device? Let’s throw a honeypot/monitoring/prevention tool at it, say Artillery.

First the rooting/jailbreaking. I used to jailbreak my iPod, as it matched up with my iOS version in the list of jailbreaking software at It was wicked easy. Just follow the instructions. At the end it installs which is an alternate app store/package management suite. For the linux users out there, this is very familiar. There are three levels to the package categorization, User, Hacker, and Developer. If you want Python like I did, you need to choose Developer.

Next Python. If you install Python, it auto installs SSH. This is good. What’s bad is SSH is automatically turned on– I do wish there was a graphical (iOS) interface for turning SSH on and off, so I could turn it on when only on a dedicated wifi network. Anyway, log in quickly using these instructions: and change your password to something secure. Better yet, change your password and then generate some keys to use for login, but that’s another post.

You will also need to install subversion from cydia, plus I recommend a text editor. I chose vim, but I think I’ll probably switch to a less painful vi-like editor soon.

Now the rest is basically the directions on… .

iPod:~/Library root# svn co artillery/

iPod:~/Library root# cd artillery/
iPod:~/Library/artillery root# ls  config  database    readme  src
iPod:~/Library/artillery root# ./

I did run into one problem which I haven’t solved yet:

iPod:~/Library/artillery root# Unhandled exception in thread started by <function ssh_monitor at 0x61d41c>
Traceback (most recent call last):
File &amp;quot;/private/var/artillery/src/;quot;, line 42, in ssh_monitor
for line in fileopen1:
UnboundLocalError: local variable 'fileopen1' referenced before assignment

So, I hacked it for the moment:

iPod:~/Library/artillery root# vim /var/artillery/config

and turned off brute force monitoring. I suspect I can just modify and define fileopen1 in the correct sequence, but haven’t looked under the hood yet.


Now to restart Artillery:

iPod:~/Library/artillery root# python /var/artillery/

Now, I didn’t really want to ban my laptop, so I opted instead to ban my other iPod by using Scanny :

Checking the ban list:

iPod:/var/artillery root# vim /var/artillery/banlist.txt

I see my IP in the banlist. No banning in place though, just constant honeypots. Maybe I need to add iptables… .

–edit–BSD, not linux… Different firewall rules, ala:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.