Boodle – A stolen iPhone locator

I recently purchased an iPhone and have wanted software that not only gave location information, like Erica Sadun’s wonderful findme software (or my, ahem, GPS projects), and sent phone information, like Fuel’s great WeeGee anti-theft package, but combined the tools into a more robust tracking utility. In other words, I wanted both location and information tracking in my iPhone. So, I set about combining the utilities into a script that will send location updates periodically to twitter and will email me with call history, SMS history, web history, location, and pictures if it is stolen. Cool!

I recently switched from Verizon Wireless to AT&T. I have wanted a PDA phone for quite a while and Verizon never had any that seemed to satisfy my needs for an afforable price (I tried the Motorola Q9m and the HTC SMT5800, but both were large and difficult to pocket). After weighing all of the options (Sprint has been floundering, T-mobile doesn’t have the rural coverage I want and need, and the MVNOs just don’t have the support that I’m looking for), I decided to try out the iPhone with AT&T.

I picked up a refurb at an Apple store in my area for about the same price as a new iPod touch and instantly fell in love with the device. The screen is beautiful and the features are just what I wanted and needed. Although I am paying more than cell-only service ($60 vs. $45), I am paying quite a bit less than I would have with VZW ($60 vs. $85). After 4 1/2 years with VZW, I switched to AT&T for the iPhone and haven’t looked back.

So, after playing with the phone for a bit and trying out some web apps (I tried to make a wine pairing web app using information screen-scraped from an interesting web site and a Virginia Wine Showcase Classic Wine Pairings handout), I decided to jailbreak my iPhone. Wow. If you have an iPhone or iPod touch, don’t wait. Honestly, it has become 10x more fun now that I can play with the innerworkings!

So, getting back on focus with this article, I wanted some software that would “phone home” if it was stolen. There have been some interesting stories of people who have had their Macbooks, iMacs, and even Xboxes stolen and recovered due to monitoring software, so I thought I’d give it a try!

Using Erica Sadun’s findme-muchbetter and pingwifi binaries and Fuel’s great WeeGee anti-theft package, I put together a system that sends a message to a private twitter account detailing the iPhone’s location and will send emails to me with the cell phone’s contents (call history, SMS history, web history, location, and pictures) if it is stolen (which I trigger by changing a value on a website).

So, if you’re interested, here’s the package, boodle_dr1r1.zip, and the readme:


Boodle DR1r1
Code based on WeeGee v0.01 by Fuel, which was based upon mailsend and squide source code

NOTE: All code is copyrighted unless explicitly stated otherwise. Although my modifications were made under the assumption that the code is distributed under an open-source license and all modified code is available without license legalese, it may still be protected, so do not modify or distribute without acknowledging the authors! All efforts have been made to acknowledge the original authors and their contributions when possible.

ABOUT

Boodle is a simple script for iPhone firmware 1.1.4 that allows a user to monitor his/her iPhone’s location using Twitter and to potentially recover information about the phone via email once it is marked as stolen (calls, SMS, web history, and photos taken).

THIS IS ONLY MEANT FOR PERSONAL USE. NOTE: No anti-theft device is perfect and any protection scheme can be circumvented with a little effort, so DO NOT assume that you will be able to retrieve your iPhone (or any of the information stored within) if it is stolen. The author(s) of the scripts and software in the package shall have no liability to any persons or entities with respect to any loss, liability, or damage caused by the software package (i.e., if your iPhone is stolen, don’t assume that you will be able to track it down with this software). Install ONLY if you are the owner of the phone and are willing to assume responsibility for installing unstable software. PLEASE USE RESPONSIBLY.

REQUIREMENTS

A jailbroken iPhone (I recommend iLiberty+) with BSD Subsystem and Erica’s Ported Utilities installed. In addition, 4 helper applications need to be downloaded and placed in the /var/root/bin/boodle/ folder (see DOWNLOADS NECESSARY).

DOWNLOADS NECESSARY

mailsend from http://iphone.natetrue.com/FuelUtils/
Command line utility that sends mail in the background. Boodle uses this binary to send your data to you. Place this in /var/root/bin/boodle/

reduceJPEG from http://iphone.natetrue.com/FuelUtils/
Command line utility that resizes JPEGs to save time when uploading. Place this in /var/root/bin/boodle/

pingwifi from http://ericasadun.com/ftp/TUAW/findme/
Command line utility that pings the wifi so that the location of the phone can be calculated when it is asleep. Place this in /var/root/bin/boodle/

findme-muchbetter from http://ericasadun.com/ftp/TUAW/findme/
Command line utility that gets location information. Place this in /var/root/bin/boodle/

INCLUDED FILES

boodle.sh
This is the main script that does the work. Place this in /var/root/bin/boodle/

findLocation.sh
A helper script that is used to query findme-muchbetter depending on the type of location information saught (wifi/cell/ip). Place this in /var/root/bin/boodle/

com.semifluid.boodle.plist
Tells the iPhone to run the script every hour. Place this in /System/Library/LaunchDaemons/

CONFIGURING BOODLE.SH

At the top of the script, there are a number of variables you need to configure:

watchResponse – The command to query the server.
workPath – Path for files. Default is /var/root/bin/boodle
mailsendPath – Path for mailsend binary. Default is $workPath/mailsend
resizePath – Path for reduceJPEG binary. Default is $workPath/reduceJPEG
findmePath – Path of findme-muchbetter binary. Default is $workPath/findme-muchbetter
pingwifiPath – Path of pingwifi binary. Default is $workPath/pingwifi
smtpServer – Mail server IP address. Default is 64.233.167.109 (GMail).
smtpServerPort – Mail server port. Default is 587.
emailUsername – SMTP Username
emailPassword – SMTP Password
toEmail – Email address to send reports to when phone receives “stolen” command
JPEGMaxWidth – Max width or height of image. Default is 800.
JPEGQuality – JPEG quality (1-100). Default is 75.
trackLocation – Set to true to send updates to Twitter every time script is run (once per hour, by default)
twitterUsername – Twitter username
twitterPassword – Twitter password

HOW SCRIPT OPERATES

The script checks the content of a remote web page at a regular interval (determined by com.semifluid.boodle.plist). The web page should return “0” (All clear), “1” (Stolen), “2” (All clear, reset time stamp), or “3” (Stolen, reset time stamp). If the content is “0” or “2”, the script will send a Twitter update (if trackLocation is “1”) and quit. If the webpage returns “1” or “3”, the script assumes the phone is stolen and begins its work. In addition, if the webpage returns “2” or “3”, the script will also delete the time stamp file so that a full update will be emailed the next time the phone is marked as stolen.

When a phone is marked as stolen, the application will:
1. Estimate the location of the device using findme-muchbetter and save the information to a file
2. Use sqlite3 to export call history to a file
3. Use sqlite3 to export sms history to a file
4. Copy Safari’s web history plist file to a file
5. Email all of the database files to the $toEmail address
6. Check for photos taken with the camera since the last time the script ran
7. Resizes any new photos, archives them, and sends them to the $toEmail address

7 thoughts to “Boodle – A stolen iPhone locator”

  1. Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

  2. Hey.. This is FW1.x code.. any idea where i can lay my hands ont he fw2.x ported utils.. All these utils are not available in fw2.x which is kinda breaking the fix.

    Thanks.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.