Smathermather's Weblog

Remote Sensing, GIS, Ecology, and Oddball Techniques

Arming an escaped convict– giving Artillery to a Jailbroken iPod Touch

Posted by smathermather on March 26, 2012

Some achievements are too easy, but that shouldn’t be construed as complaint. This one was pure fun.

Keeping in mind dire warnings of the dangers of rooting my iPod from security professionals I know and respect, I decided to root a spare iPod, so I wouldn’t have to worry so much about security for my primary one with all its precious info.

Once rooted, how would one secure such a device? Let’s throw a honeypot/monitoring/prevention tool at it, say Artillery.

First the rooting/jailbreaking. I used http://blog.iphone-dev.org/tagged/redsn0w to jailbreak my iPod, as it matched up with my iOS version in the list of jailbreaking software at http://en.wikipedia.org/wiki/IOS_jailbreaking. It was wicked easy. Just follow the instructions. At the end it installs http://cydia.saurik.com/ which is an alternate app store/package management suite. For the linux users out there, this is very familiar. There are three levels to the package categorization, User, Hacker, and Developer. If you want Python like I did, you need to choose Developer.

Next Python. If you install Python, it auto installs SSH. This is good. What’s bad is SSH is automatically turned on– I do wish there was a graphical (iOS) interface for turning SSH on and off, so I could turn it on when only on a dedicated wifi network. Anyway, log in quickly using these instructions: http://cydia.saurik.com/openssh.html and change your password to something secure. Better yet, change your password and then generate some keys to use for login, but that’s another post.

You will also need to install subversion from cydia, plus I recommend a text editor. I chose vim, but I think I’ll probably switch to a less painful vi-like editor soon.

Now the rest is basically the directions on http://secmaniac.com… .


iPod:~/Library root# svn co http://svn.secmaniac.com/artillery artillery/

iPod:~/Library root# cd artillery/
iPod:~/Library/artillery root# ls
artillery.py  config  database    readme    remove_ban.py  restart_server.py  setup.py  src
iPod:~/Library/artillery root# ./setup.py

I did run into one problem which I haven’t solved yet:


iPod:~/Library/artillery root# Unhandled exception in thread started by <function ssh_monitor at 0x61d41c>
Traceback (most recent call last):
File &amp;quot;/private/var/artillery/src/ssh_monitor.py&amp;quot;, line 42, in ssh_monitor
for line in fileopen1:
UnboundLocalError: local variable 'fileopen1' referenced before assignment

So, I hacked it for the moment:


iPod:~/Library/artillery root# vim /var/artillery/config

and turned off brute force monitoring. I suspect I can just modify ssh_monitor.py and define fileopen1 in the correct sequence, but haven’t looked under the hood yet.


# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
SSH_BRUTE_MONITOR=OFF

Now to restart Artillery:


iPod:~/Library/artillery root# python /var/artillery/restart_server.py

Now, I didn’t really want to ban my laptop, so I opted instead to ban my other iPod by using Scanny http://itunes.apple.com/us/app/scany-network-port-scanner/id328077901?mt=8 :

Checking the ban list:


iPod:/var/artillery root# vim /var/artillery/banlist.txt

I see my IP in the banlist. No banning in place though, just constant honeypots. Maybe I need to add iptables… .

–edit–BSD, not linux… Different firewall rules, ala: http://modmyi.com/forums/iphone-ipod-touch-sdk-development-discussion/733566-iptables-iphone.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: