After jailbreaking my iPhone, changing the default password for mobile, and installing a few apps from Installous, suddenly I began to have a problem connecting to the iPhone via SSH (Wifi):
$ ssh mobile@10.0.33.141 (iPhone's IP)
ssh_exchange_identification: Connection closed by remote host
First I thought, "What the F....!!!". Then I googled a lot looking for an easy way out, but nothing worked. After re-installing OpenSSH (from Cydia), the SSH server was back and fully functional. So I was happy... for a while... until I rebooted my phone to check if the fix was permanent. The SSH connection worked for about 10 seconds, and then closed. I couldn't connect to it anymore.
I had to re-install OpenSSH from cydia to make it work again. After that, I downloaded some apps (deb files) from the saurik server, to help me investigate the problem. I had to manually install them, one by one, because Telesphoreo Tangelo repository is not listing any files in Cydia for me (i'm still working on that). Theses are the apps I downloaded to assist me:
adv-cmds_119-5_iphoneos-arm.deb
apt_0.7.20.2-21_iphoneos-arm.deb
aptitude_0.4.11.11-5_iphoneos-arm.deb
bash_4.0.17-9_iphoneos-arm.deb
berkeleydb_4.6.21-4_iphoneos-arm.deb
cwidget_0.5.8-2_iphoneos-arm.deb
gettext_0.17-6_iphoneos-arm.deb
libpcap_1.0.0-4_iphoneos-arm.deb
libsigc++_2.2.3-4_iphoneos-arm.deb
nano_2.0.7-5_iphoneos-arm.deb
openssh_5.2p1-7_iphoneos-arm.deb
openssl_0.9.8k-9_iphoneos-arm.deb
tar_1.19-8_iphoneos-arm.deb
tcpdump_3.9.8-3_iphoneos-arm.deb
vim_7.1-3_iphoneos-arm.deb
wget_1.11-3_iphoneos-arm.deb
In order to install a .deb file, simply execute the command below for each file on MobileTerminal (as root):
# dpkg -i filename.deb
At this point, my current arsenal had: a working apt-get system, a text editor, a network downloader, a tool to list current processes and another tool to dump network traffic.
Next, I also installed the syslogd to give me more information of what was going on inside the operation system:
# apt-get install syslogd
# touch /var/log/syslog (this will create a log file in the right place)
Now It was time to record some data: after rebooting the phone and unlocking the screen, I immediately tried to connect via ssh and succeed for 10 seconds, as expected. Then I opened MobileTerminal and copied the /var/log/syslog to my computer using SCP:
# scp /var/log/syslog karl@zpm:~/
If you look carefully at the logs below, you'll see I successfully connected through ssh from 10.0.33.33 (my pc). Also, weird messages showed up after that:
May 6 15:48:44 my-iPhone launchproxy[120]: /usr/libexec/sshd-keygen-wrapper: Connection from: 10.0.33.33 on port: 34812
May 6 15:48:50 my-iPhone sshd[121]: Accepted password for mobile from 10.0.33.33 port 34812 ssh2
May 6 15:48:50 my-iPhone sshd[122]: USER_PROCESS: 122 ttys000
May 6 15:49:01 my-iPhone /bin/poc-bbot[20]: IIIIIII Just want to tell you how im feeling
May 6 15:49:01 my-iPhone /bin/poc-bbot[20]: pdp_ip0
May 6 15:49:01 my-iPhone /bin/poc-bbot[20]: 189.96.95.135
May 6 15:49:01 my-iPhone /bin/poc-bbot[20]: awoadqdoqjdqjwiodjqoi aaah!
May 6 15:49:01 my-iPhone /bin/poc-bbot[20]: Checking out the local scene yo
May 6 15:49:01 my-iPhone com.ikey.bbot[20]: cp:
May 6 15:49:01 my-iPhone com.ikey.bbot[20]: cannot stat `/var/log/youcanbeclosertogod.jpg': No such file or directory
May 6 15:49:02 my-iPhone sshd[121]: Exiting on signal 15
May 6 15:49:02 my-iPhone sshd[121]: DEAD_PROCESS: 122 ttys000
That's just wrong! Right after the stat operation fails, SSH service mysteriously dies. Googling for poc-bbot I discovered something nasty: apparently, poc-bbot is a proof-of-concept virus that attacks iPhones with the default root password.
To remove it from my system and protect it, I followed very simple instructions at:
http://thebackpackr.com/remove-the-ikee-virus-from-your-iphone/
At last, SSH was finally working.
[]'s
Nenhum comentário:
Postar um comentário