Thursday, August 9, 2012

iPhone Home - Remote Access to iPhone

Often I have wanted a reliable way to access the contents of my phone remotely (incase I misplace my phone or if my phone gets stolen).  While there are other apps to determine the location of the phone, remotely lock or wipe, etc...  But I still want MORE!  So I decided to try this on my own.

Lets start by simply SSHing into the iPhone...  NOPE!  Wait, you mean to say that you can’t SSH directly into an iPhone connected only to mobile broadband? Yes, it’s sad but true.  Fortunately, we already know how to bypass those pesky firewalls using Reverse SSH!

By following the tutorial “Bypassing Firewalls - Reverse SSH Tunneling” the iPhone can be forced to phone home.  On jailbroken iPhones, this can be achieved manually by running the following command in the terminal or by running the script provided previously.  Currently, there is no way to accomplish such a task on a non-jailbroken device.


Commands
ssh -f -N -R 1337:localhost:22 user@remote.example.com -p 22
Note: Ensure sshd is running on the iPhone

This will establish a SSH tunnel to a remote server, open port 1337 on the server, forward all the traffic to port 1337 back through the previously established tunnel, and finally to redirected to port 22 on the phone.  
Note: As long as you have host firewall, port 1337 will not be visible from outside your server.

Now we need to access the phone.  On the server, we run the following command. (Remember to use the remote users credentials when logging in)

ssh remote_user@localhost:1337

That’s it!  We are now able to remote into the phone regardless if it is on WiFi or mobile broadband.  

Now that we can remote into the phone using the method above, lets go ahead and make this all automated and schedule some reconnections.  When we are done, the phone will attempt to establish a connection with the server every 10 minutes.  First we need Public/Private Key Authentication.

Public/Private Key Authentication

iPhone Configuration
[root@iphone /]# ssh-keygen -t rsa            
[root@iphone /]# chmod 700 ~/.ssh
[root@iphone /]# chmod 600 ~/.ssh/id_rsa
[root@iphone /]# scp ~/.ssh/id_rsa.pub root@dem1:/tmp/iphone_pk

[root@iphone /]# cd /usr/bin/
[root@iphone ~]# vi reverseSSH.sh


#!/bin/bash

ssh -f -N -R 1337:localhost:22 mobile@rsrv1 -p 22
echo "DONE!"
:wq!


[root@iphone ~]# chmod 700 /usr/bin/reverseSSH.sh


Server Configuration
[root@rsrv1 /]# cat /tmp/iphone_pk >> ~/.ssh/authorized_keys
[root@rsrv1 /]# chmod 700 ~/.ssh
[root@rsrv1 /]# chmod 600 ~/.ssh/authorized_keys
[root@rsrv1 /]# rm -rf /tmp/iphone_pk

Testing Configuration
[root@iphone ~]# ssh root@rsrv1
[root@rsrv1 ~]#
OR
[root@iphone ~]# /usr/bin/reverseSSH.sh
DONE! 
[root@iphone ~]# 

Automatic Connect Interval

[root@iphone /]# cd /System/Library/LaunchDaemons/
[root@iphone LaunchDaemons]# vi local.reverseSSH.plist


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>local.reverseSSH</string>
<key>Program</key>
<string>/usr/bin/reverseSSH.sh</string>
<key>RunAtLoad</key>
<true/>
<key>Disabled</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Nice</key>
<integer>20</integer>
</dict>
</plist>
:wq!
[root@iphone LaunchDaemons]# chmod 775 local.reverseSSH.plist

Screen


What else can be done?
Remote Wipe
VNC Screen Sharing
Remote Shutdown / Reboot
Access Files Remotely
Directory Synchronization
Anything that can be done from the terminal on an iPhone locally...

Issues
Often you may receive a warning about SSH Host Keys.  Because all of the machines you are connecting to have different keys, the problem is the local address (localhost).  To relieve the warnings simply remove the indicated entry or run the following command to clear all stored keys and try again.

rm -rf /home/$USER/.ssh/known_hosts

OR

rm -rf /root/.ssh/known_hosts