Root Stolen phone! (But have root SSH)

[Lafcadio]

My phone isn't actually stolen, but if it were, what commands should I execute via SSH?

(I have a rooted (Evo) with running dyndns + sshd, so I can connect to a root terminal.)

Ideally, I'd like to make the phone useless, but display a "reward if returned" message. Failing that, I at least want to delete all stored passwords, pictures, data, etc..

Can I set the background image via the terminal? (This would let me display an arbitrary message.)

Since the phone is not yet stolen, what other aps should I consider installing to make a future theft as low-stress as possible?

Thanks.

 

[lordofthereef]

Interesting thought. I am not sure you could render a phone unusable, assuming that the theif knows that all it takes is a simple restore. Assuming you don't get it back, you can always call the phone company to ban the ESN of the phone, rendering it no longer usable on Sprint (but I don't think this is reversable. That said, I am interested to see what all can be altered remotely via SSH.

 

[jamesdean]

mylookout will do much of what you are looking for including wiping the data and locking the phone.

https://www.mylookout.com/premium/

 

[akazabam]

You *could* wipe the phone from the terminal. The commands are simple. I'm not sure what it would do if you attempted to do so while the OS was loaded, though. I suppose something like mylookout is a better idea.

There are a few apps on the market that are useful, though, especially when used with dyndns. Check these out:

PAW Server for Android - Android app on AppBrain
Webkey (ROOT REQUIRED) - Android app on AppBrain

I haven't used either in a while, but if I recall correctly, they run on different ports, so you should be able to run them at the same time. If not, I'm sure one of them lets you change which port to run on. Either way, you can do some very powerful things with them. For one, PAW server will give you the ability to change the background. You can even use it as a webcam, and potentially see the person using the phone. Of course, it's slow as heck over 3g, but it's still something. Webkey will actually give you the ability to see the phone screen itself (and even control it), much like VNC.

Of course, there's always tasker, too. I have a profile set up so that when I send a text message to my phone, it texts me back with the phone's location on google maps. You can do a host of other things with tasker as well. Think of almost anything you want the phone to do, and you can make it do it by sending a text message to the phone. I'm sure you could have it pop up a message saying to return to owner or whatever, as well.

 

[surfologist87]

Of course, there's always tasker, too. I have a profile set up so that when I send a text message to my phone, it texts me back with the phone's location on google maps. You can do a host of other things with tasker as well. Think of almost anything you want the phone to do, and you can make it do it by sending a text message to the phone. I'm sure you could have it pop up a message saying to return to owner or whatever, as well.

Im going to look into this.
Any other interesting things you can tell me about this app or things i can try?

 

[akazabam]

Im going to look into this.
Any other interesting things you can tell me about this app or things i can try?

Specifically for a lost phone, or just in general? Just search for tasker here, and you'll find a few threads with probably hundreds of good ideas. You can also find some good ideas here:

About - Tasker Wiki

I use it for things like turning off wifi when I'm not near a remembered access point, turning off radios at night, etc. It's very powerful, though. Like I said, it can be used for a number of things related to a lost phone. This is the one I used for sending myself a text message with the phone location:

Locatephone - Tasker Wiki

There are other useful ones for a lost phone on that wiki.

 

[luigic81]

I'm confused as to what the OP is trying to accomplish? Can someone enlighten me?

 

[akazabam]

I assume he wants to:

1) Locate his phone.
2) Make sure those who have it know he's looking for it.
3) Wipe the phone so that nobody can get anything sensitive from it as a last resort.

Pretty much everything listed in this thread gives the ability to do that. There a number of other methods as well.

 

[luigic81]

gotcha thanks, I guess the part that is throwing me is the "phone is not YET stolen" are you planning on your phone getting stolen

 

[surfologist87]

Next week, someone is going to rob my house and take my phone too.

I will have to look into it when i have more time. But I think sprint phones arent as likely to get stolen though, its not like you can just pop a new sim card in. If theyre stolen, usually the esn gets blacklisted as lost/stolen.

As for your personal info, if you dont want it looked at after its stolen, I just put a lock on the screen.

 

[akazabam]

That doesn't stop somebody from just taking the sdcard out, though. Really, some of these solutions are great for more than just recovering/wiping your phone if it's stolen. Remote administration is pretty useful, anyway.

 

[surfologist87]

Ill have to look into it, and find something id like.. Then ill be hooked on that too

 

[acenpkt]

My EVO was stolen today and I have already called Sprint to have them deactivate the phone. They have assured me that the person can't use the internet nor make any calls. However, I am concerned that the person who has my phone is able to get my passwords to my email, is it possible for them to get these off my phone or or my SDcard? I am fully rooted, don't know if that make me more at risk or not.

Thanks ahead of time for everyones help.

 

[akazabam]

My EVO was stolen today and I have already called Sprint to have them deactivate the phone. They have assured me that the person can't use the internet nor make any calls. However, I am concerned that the person who has my phone is able to get my passwords to my email, is it possible for them to get these off my phone or or my SDcard? I am fully rooted, don't know if that make me more at risk or not.

Thanks ahead of time for everyones help.

It would probably be difficult for them to actually get the passwords, but nothing can stop them from just connecting to wifi, and connecting to the internet that way. If you've logged in to anything, and have it automatically login, they'll be able to login. You should probably go change all your passwords just in case. Of course, you have a password or unlock pattern, it would be difficult for them to get in at all.

 

[Lafcadio]

Thanks guys. Let me revise my question a bit more.

In addition to the goals than @akazabam correctly suggested, I would also like to minimize battery usage. That's why I installed ssh, and dyndns. I could be wrong, but I believe they may represent minimal battery requirements, wile simultaneously presenting maximum flexibility.

I'm assuming that one can do practically anything with a root ssh connection. Some specific sub-questions might include:

1. How can I get my phone's GPS location via terminal shell?
2. How can I take a picture with the phone's camera via the shell?
3. How can I enable the password / pattern lock via the shell?
4. How can I change the background via the shell?
5. Etc..

 

[akazabam]

Thanks guys. Let me revise my question a bit more.

In addition to the goals than @akazabam correctly suggested, I would also like to minimize battery usage. That's why I installed ssh, and dyndns. I could be wrong, but I believe they may represent minimal battery requirements, wile simultaneously presenting maximum flexibility.

I'm assuming that one can do practically anything with a root ssh connection. Some specific sub-questions might include:

1. How can I get my phone's GPS location via terminal shell?
2. How can I take a picture with the phone's camera via the shell?
3. How can I enable the password / pattern lock via the shell?
4. How can I change the background via the shell?
5. Etc..

Things like PAW server shouldn't use any battery if they're just idle. Of course, as they're being used, they might use a little more battery life than something like sshd, but probably not a whole lot.

That being said, you raise a good question. Here's the basic question - are there command line tools available that use the android APIs. I want to say probably not, but I could be wrong. BUT, I bet I can make it work using sl4a (with perl). The only question is if they can be executed from the command line. I'll play around with it later today. I haven't used it much yet, but I know it can do basically what you want.

Also, I might be wrong. There might already be tools out there to do this. I'll look around first.

 

[akazabam]

Ok, so, this can definitely be done, but you're going to have to decide if all this is worth it. Keep in mind that this is something I threw together quickly. This can be expanded to do a great many things, and it can, of course, be simplified a lot. Here's what you need to do:

1) Install sl4a from here:

Downloads - android-scripting - Project Hosting on Google Code

You need sl4a, itself (the last download on the list) and whatever interpreter you want. I've used perl, so go ahead and grab that one. You'll need to install both. You can find instructions on that page, as well, for installing this. Once you install sl4a, and install perl (by opening it in the app drawer and choosing to download it), you can continue.

2) Copy the attached script camera.txt file to /sdcard/sl4a/ on your phone, and rename it to camera.pl.

3) Open sl4a, and verify that you see camera.pl as one of your scripts. The list of scripts should be where it takes you to when you open the app, so it should be pretty obvious.

4) If you want to test from the phone first, open a terminal emulator. If you want to test this from a remote computer using ssh, start sshd, and open putty or whatever ssh client you use.

5) At the prompt, run this command:

am start -a com.googlecode.android_scripting.action.LAUNCH_BACKGROUND_SCRIPT -n com.googlecode.android_scripting/.activity.ScriptingLayerServiceLauncher -e com.googlecode.android_scripting.extra.SCRIPT_PATH /sdcard/sl4a/scripts/camera.pl

6) The camera will open, take a picture, and save it as /sdcard/sl4a/test.jpg. Go ahead and verify that it did.


Remember, this is only the most basic of examples. If there is actually a demand for something like this, I can write perl scripts to do almost anything you'll want, probably. And, of course, a quick bash script to execute them from the command line without having to type out that ridiculously long command couldn't hurt either.

If you have any questions about any of these steps, or can't get it to work, let me know.


EDIT: btw, that command in step 5 is one long string that probably won't fit on one line. Copy it exactly as it is.

 

[Lafcadio]

Thanks a lot for the example. I think it would be great to make a bunch of shortcut perl (or whatever) aps. I'll play around with this stuff too.

 

[akazabam]

Thanks a lot for the example. I think it would be great to make a bunch of shortcut perl (or whatever) aps. I'll play around with this stuff too.

It's not all that difficult if you already know perl (or python). I can write up a few more practical scripts later.

 

[novox77]

I have droidVNC server installed on my phone. Assuming the stolen phone is on, and the thief hasn't wiped it yet, I could VNC to the phone, turn on GPS and use google Maps to see where the phone is.

Only downside to this is if the thief connects the phone to his home wifi network, and his router is blocking the VNC server port, then the VNC client won't be able to connect. But then again, ssh's port 22 would likely be blocked as well, so you're SOL until the phone goes to 3/4G mode.

 

[akazabam]

I have droidVNC server installed on my phone. Assuming the stolen phone is on, and the thief hasn't wiped it yet, I could VNC to the phone, turn on GPS and use google Maps to see where the phone is.

Only downside to this is if the thief connects the phone to his home wifi network, and his router is blocking the VNC server port, then the VNC client won't be able to connect. But then again, ssh's port 22 would likely be blocked as well, so you're SOL until the phone goes to 3/4G mode.

That's where tasker comes in handy. Set up a profile to turn off wifi when you send the phone a text message with a certain string. You'd have to act quickly for it to not be obvious what you're doing, but it would work.

 

[Lafcadio]

Is there a way to start an ap like VNC server from the command line via SSH?

Do you think you can get GPS location, take a picture, etc. from SSH while the phone's screen is locked (with password / pattern lock)?

 

[akazabam]

Is there a way to start an ap like VNC server from the command line via SSH?

Do you think you can get GPS location, take a picture, etc. from SSH while the phone's screen is locked (with password / pattern lock)?

Probably. I'll play around with it, and see what all I can make it do. Theoretically, you should be able to do almost anything.

 

[stevcha]

You could try lookout mobile security.

 

[Omanguitar]

I know this is an old thread, but in case anyone is interested, Avast! can do everything that you want. The best anti-theft features require a rooted phone, but it's well worth it. You text the phone commands and you can control the lock message, the gps, retrieve sms messages. It's quite powerful. I use google voice to text my phone. For example, if I text <my password> lost, then the phone locks, turns on the siren, sends a gps location to my google voice, and displays the lock message on the phone (you can customize the specific actions). Anyway, hope this helps.