Pigro | # 1 | 2010-09-23, 13:45 | Report

As a N900 owner, I often wonder about this ...

What does an opportunist thief do with a codelocked N900 anyway? I assume that your average robber isn't a linux guru, and probably hasn't read the TMO flashing wiki, so I guess all they can do is take it to their local (dis)reputable phone repair shop and ask them to unlock (i.e. flash) it?

If so, will such shops normally do so "no questions asked" or is it difficult to do without proof of ownership even in a dodgy place?

If it's easy/cheap to have the phone flashed, then - no matter what your preventative measures were - it boils down to timing: Do you notice it's been stolen & can you then react quick enough to make a diference before the thief has flashed the phone and disapeared for good?

Just for fun, what would you do in the scenario where you had your device stolen from your table at a local coffee shop while you were on your own and without another phone? I know about SMSCON, iamhere etc. but they're just tools, I'm asking how you'd actually put them to good use with the aim of gettign your phone back unscathed.

I have a reverse ssh tunnel always open on N900, so I'd do the following:

1) quick check in case any one in the shop had a laptop they were willing to let me commandeer
2) assuming not, hot foot it back to home (or to nearest ssh -enabled device I can find)
3) ssh into my home server and then connect to the open reverse tunnel
4) run a location script to get GPS fix & look up on Google maps
5) $ TIME=600; while [ $TIME -gt 0 ]; do espeak "you stole this phone you ****ing thief! I am the owner; I know where you are and I'll see you in $TIME seconds"; let TIME-=5; sleep 5; done
6) phone-control --capture ~/thief.jpg
7) /usr/bin/dbus-send --print-reply --dest=com.nokia.image_viewer /com/nokia/image_viewer com.nokia.image_viewer.mime_open string:file:///~/thief.jpg
8) phone-control --dialog "THIS PHONE IS STOLEN. DO NOT ASSIST THE THIEF - POLICE EN ROUTE. IF Found, please call <my_home_number> to claim a £50 reward for safe return"
9) phone-control --unlock; sleep 20; phone-control --lock
10) phone-control --speakeron
11) phone-control --call <my_home_number>
12) answer the call & shout down the line "OK, I'm about to call the cops, but if you go back to the cafe you stole the phone from, and hand it in as lost, I won't bother - it will save me some hassle. I'll be tracking where you go next, it's your choice!"
13) phone-control --endcall

for the less techy, the above would: connect me to a teminal on my N900 from my PC; Get the thief's location; Start the phone shouting every 5 seconds (in a loud electronic voice) that it's been stolen ; Wait for thief to pull phone out of pocket (to try and stop the shouting) ; Take a photo of the thief; Display the photo fullscreen on the N900 ; Put a banner over the photo to confirm he phone is stolen ; unlock the phone briefly (so the thief can actually see his mugshot!) then lock again ; make the phone call me at home so I can tell the thief to return the phone to the cafe as lost, then hangup on him.

Then, continue to follow him on GPS to see if he (a) goes back to cafe (b) drops phone where it is or (c) continues on

if a or b, go retrieve! If c, then really do call the cops, explain the situation, get the cops non-emergency direct callback number and then force the N900 to call that number on speakerphone (remember to have recaller enabled to auto-record calls, that is one call recording I'd enjoy replaying) :-).

Any other scenarios you can dream up that are more likely to succeed in a safe return and without resorting to the carrier to block the phone?

Kangal | # 2 | 2010-09-23, 14:05 | Report

start pointless threads

clasificado | # 3 | 2010-09-23, 14:26 | Report

cry a lot in a corner, disconsolately

Pigro | # 4 | 2010-09-23, 14:30 | Report

@Kangol: well, get back "on-topic" somewhere else then and leave me alone


I actually think there *may* be some point to this thread, if people have real experience/ or clever ideas as to what can be practically done with remote tools, but we'll agree to differ on that :-)

afaq | # 5 | 2010-09-23, 15:15 | Report

That's a very complicated but hard working method. Give you props for thinking it up. I'd use my insurance and get a new one

jedi | # 6 | 2010-09-23, 15:17 | Report

I think this is a highly relevant topic, and good to think about methods of getting stolen/lost phones back before it actually happens.

One of the great things about the N900 is the openness, and that means theres lots of ways to recover information/track/take pics/etc/etc/etc.

Not a pointless thread at all.

Pigro | # 7 | 2010-09-23, 15:19 | Report

@afaq : I can't remember exactly what they quoted on my N900 when I bought it from CPW in the UK, but it was around £20/month IIRC ... no way!

Did you buy specific moby insurance or are you covered under a home & contents policy?

DojwqIO | # 8 | 2010-09-23, 15:19 | Report

The ssh reverse tunnel sounds like a nice feature. I just tried it and it works great. But how would you prevent the thief from simply exiting the connection with your home server?

Is there a way to keep the ssh connection to the home server open in the background without a terminal screen open?

Cheers,


As to what to do if my phone was lost or stolen, I guess I would have to change all my passwords, email, sipp, my home wifi, all the passwords stored in the browser... it would be a mess!

JohnLF | # 9 | 2010-09-23, 15:23 | Report

Wouldn't a loud, shouting phone be binned, smashed or thrown in the nearest lake? I'd go for the subtle option til you had photos, gps location and other useful evidence for the authorities, then you can go all out! I would claim on my house & contents policy though.

Maybe combine with some face recognition software (as in the "burgertime" game) so that you knew when you had a photo of the thief from the front cam..?

---

Last edited by JohnLF; 2010-09-23 at 15:27. Reason: added face recog idea.

Pigro | # 10 | 2010-09-23, 15:46 | Report

firstly, the phone is locked, so until the thief reflashes it, he can't get to do anything to the ssh session (and after he's flashed it, it becomes moot anyway!). However, I run the ssh -R command in an infinite loop from within a script that's run automatically whenever the phone's network connection changes (wifi->cellular or vice versa) - so it should restart itself in most circumstances. I am using a similar approach to eitama's excellent wiki http://wiki.maemo.org/Reverse_ssh ... but I found that timing issues with his method (the order in which the interface up & down scripts are called) caused the reestablishment of the ssh session to be very hit & miss; I have done mine slightly differently.

you can pass several parameters to ssh along with -R in order for it not to open a shell (i.e. it doesn't run a command on the remote system, it just goes silently into the background for use as a port forwarder). My full ssh loop is:
The PPPP is a non-standard port which my router NAT's (port forwards) to openSSH on my PC. The bit that stops a terminal opening is -nN (see ssh man page, there are several valid ways to do this depending on your needs).

Before exposing yourself to the interwebs, I'd strongly advise setting up public key authorisation, disabling password authorisation, and changing your openSSH to listen on a port other than the default :-)

---

Last edited by Pigro; 2010-09-23 at 16:03.