Some achievements are too easy, but that shouldn’t be construed as complaint. This one was pure fun.
Keeping in mind dire warnings of the dangers of rooting my iPod from security professionals I know and respect, I decided to root a spare iPod, so I wouldn’t have to worry so much about security for my primary one with all its precious info.
Once rooted, how would one secure such a device? Let’s throw a honeypot/monitoring/prevention tool at it, say Artillery.
First the rooting/jailbreaking. I used http://blog.iphone-dev.org/tagged/redsn0w to jailbreak my iPod, as it matched up with my iOS version in the list of jailbreaking software at http://en.wikipedia.org/wiki/IOS_jailbreaking. It was wicked easy. Just follow the instructions. At the end it installs http://cydia.saurik.com/ which is an alternate app store/package management suite. For the linux users out there, this is very familiar. There are three levels to the package categorization, User, Hacker, and Developer. If you want Python like I did, you need to choose Developer.
Next Python. If you install Python, it auto installs SSH. This is good. What’s bad is SSH is automatically turned on– I do wish there was a graphical (iOS) interface for turning SSH on and off, so I could turn it on when only on a dedicated wifi network. Anyway, log in quickly using these instructions: http://cydia.saurik.com/openssh.html and change your password to something secure. Better yet, change your password and then generate some keys to use for login, but that’s another post.
You will also need to install subversion from cydia, plus I recommend a text editor. I chose vim, but I think I’ll probably switch to a less painful vi-like editor soon.
Now the rest is basically the directions on http://secmaniac.com… .
iPod:~/Library root# svn co http://svn.secmaniac.com/artillery artillery/ iPod:~/Library root# cd artillery/ iPod:~/Library/artillery root# ls artillery.py config database readme remove_ban.py restart_server.py setup.py src iPod:~/Library/artillery root# ./setup.py
I did run into one problem which I haven’t solved yet:
iPod:~/Library/artillery root# Unhandled exception in thread started by <function ssh_monitor at 0x61d41c> Traceback (most recent call last): File &quot;/private/var/artillery/src/ssh_monitor.py&quot;, line 42, in ssh_monitor for line in fileopen1: UnboundLocalError: local variable 'fileopen1' referenced before assignment
So, I hacked it for the moment:
iPod:~/Library/artillery root# vim /var/artillery/config
and turned off brute force monitoring. I suspect I can just modify ssh_monitor.py and define fileopen1 in the correct sequence, but haven’t looked under the hood yet.
# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS SSH_BRUTE_MONITOR=OFF
Now to restart Artillery:
iPod:~/Library/artillery root# python /var/artillery/restart_server.py
Now, I didn’t really want to ban my laptop, so I opted instead to ban my other iPod by using Scanny http://itunes.apple.com/us/app/scany-network-port-scanner/id328077901?mt=8 :
Checking the ban list:
iPod:/var/artillery root# vim /var/artillery/banlist.txt
I see my IP in the banlist. No banning in place though, just constant honeypots. Maybe I need to add iptables… .
–edit–BSD, not linux… Different firewall rules, ala: http://modmyi.com/forums/iphone-ipod-touch-sdk-development-discussion/733566-iptables-iphone.html