Re: [Announce] SMScon (control your device with SMS)
 

I have the same setup for the Reply. Script's still reply.
Try the Message Send option on Email or none.

As for the silence are you using a profile manager?
What happens with:-
... in a Terminal

@yablacky
One question I'd like to ask is why does SMSCON send your password to your master number when you change it.
I can understand a message to say the password was changed... but actually sending the password to the master number is a potential security risk, surely?
Just found this out the hard way.

AFAIR this is not made clear in the wiki's eithier.

Re: [Announce] SMScon (control your device with SMS)
 

You can change this under "General options" -> "Reply message settings". On command line this is MESSAGESEND setting:
Possible values are: sms|email|both|none. It applies to all commands except GPS related ones which have separate setting GPSSEND to control notifications.

Many Thanks for the log information. I have fixed this bug right now. It was a serious bug because it applies to all commands that made use of session dbus. The session dbus was not available to smscon if it runs from boot (seems nobody noticed :confused:). As this run-mode was standard since 0.10 the bug comes much more into sight.

UPDATE: The silencing function does not prevent the sms alert sound of the very first sms command because phone alerts before smscon has chance to silence. Silence applies to all further sms being received.

Re: [Announce] SMScon (control your device with SMS)
 

In a terminal that works. smscon haven't had no access to the session dbus which makes most dbus operations fail. This problem happened if smscon daemon was stared by init process (on boot) and the problem vanished, once smscon was stopped/started in a terminal. Since 0.10 stop/start is always (implicitly) done by init. So the problem is more persistent. But its fixed now.

It's by design. It is assumed that the MASTERNUMBER phone is "secure" in this means. The password can't be used to remote control the phone. If it wasn't you who changed the password then you probably want to know it once you got the phone back. I Should add a note about that in the wiki...

Re: [Announce] SMScon (control your device with SMS)
 

I didn't think you could change the code without putting in the old code first anyway.
If you use the same SSH code as SMSCON from first installation then both codes are compromised.

IMO, I don't like it when anything sends my password's back to me in plain text, I know what it is I don't want the world to know.
Email's like this I delete instantly.

This caught me more by surpise when my friend (master number) texted my password to me, two minutes after changing it!


I have never used the silence on first message option, any dbus I have used was in a script and worked fine.
Thanks for the fix.

It also makes sense that the first message will notify then the phone will be silent. I forgot about that.

Re: [Announce] SMScon (control your device with SMS)
 

That's true for a user that uses smscon-editor as designated. To change the password you need the old one. There are two cases: (1) the regular owner changed it (2) someone else changed it. In case of (1) the old code wasn't compromised and the change notification could be compromising due to plain text password, I agree. In case of (2) the old code was compromised and compromising the new code to regular owner is desired and main reason for this functionality.

A user could simply de-install, purge and re-install smscon-editor. In this case the password is reset to the default and therefore compromised from the beginning.

A user even could simply de-install smscon to get rid of all remote controlling.

The security concepts of maemo are designed to protect the user from internet, not to protect the phone from user. And smscon does not claim to change that. In fact nothing and nobody can. Even companies like apple or google with closed devices concepts from the start can't prevent that experienced users root the phone. Once you are root, nothing is secure. Except crypted data of which password is not on phone.

I agree. We can remove the feature completely or we can change it to send the notification without password or with encrypted password. All except an option to select behavior. Otherwise a finder/thief that was able to change password would be able to first change option to disable notifications.

I Agree. And there should be a command to undo silencing.

Re: [Announce] SMScon (control your device with SMS)
 

when smscon editor will be updated?

Re: [Announce] SMScon (control your device with SMS)
 

When the Time will come. You will see four riders of elopcalypse riding sky, so don't worry, you won't have chance to miss it.

Re: [Announce] SMScon (control your device with SMS)
 

i am waiting for "four riders of elopcalypse riding in the sky"

Re: [Announce] SMScon (control your device with SMS)
 

Thanks yablacky!
That works things out fine for my usage case.

I understand it's impossible to silence (only) the first SMS, can though live with that;
Anybody with a suggestion to delete (only valid!) received SMS by Software or a script after reception by smscon?
i.e. "delete anything which starts with COM_PREFIX" from sms-inbox

Michael

P.S.: Again: great tool, I love it though since now I used it only for the non-existant case of loosing it, it can do much more for me now ;)

Re: [Announce] SMScon (control your device with SMS)
 

A few days ago I found out how this could be done: By directly modifying the database that stores these messages. I assume smscon could even remove them by itself after recognizing them as a command.

Re: [Announce] SMScon (control your device with SMS)
 

That would be really cool, though I know I "abuse" smscon somehow (in this case for smarthome-automation but it's a very nice thing..)

And (deleting received SMS-commands) makes also sense in terms of security somehow..

Michael

Re: [Announce] SMScon (control your device with SMS)
 

smscon 0.10.6-1 has been queued for loading into fremantle extras-devel repository.

• FIX: COM_ALARM no longer restricted to wav-files. Plays (almost) any sound file type now.
  
• NEW: The smscon command has a new option to establish sound files to be used as alarm:
  
  Code:

  ---

  smscon -alarm [ref] filename

  ---

  The optional 'ref' keyword tells smscon to refer the file only rather than to copy it into its own storage. Since sound files are large, ref is handy while testing several sounds. You should not use 'ref' to establish the final sound. A filename of '--default' restores standard alarm sound.
  
• FIX: Some SMS commands (e.g. silencing the phone, etc) did not work properly if the currently running smscon_daemon was started on phone boot. Since last version this start mode is used for normal start/stop operations as well. As a consequence the bug comes up more often and is fixed now (session dbus was not available for daemon).
  
• NEW: New commands COM_SILENTON and COM_SILENTOFF to explicitly silence the phone and to undo silencing (COM_SILENTOFF restores volumes being active before COM_SILENTON).
  
• CHANCED: New SIM cards are no longer authorized by default (this happened in the past after smscon sent notification about new SIM). A SIM card must now be authorized explicitly by using smscon-editor or by command line:
  
  Code:

  ---

  smscon -add imsi

  ---

  This is not a new command but you have to use it explicitly now. Btw. to revoke authorization of current SIM card use
  
  Code:

  ---

  smscon -remove imsi

  ---

• NEW: A stolen mode. Smscon operates in stolen mode automatically if the SIM card is not authorized (e.g. is a new SIM) or if the SIM PIN of an authorized SIM was not correct or if there is no SIM card et all. For those regularly using their N900 without SIM card there is a new STOLENIFNOSIM user setting to change no-SIM behaviour.
  
• NEW: New command COM_STOLEN to enable stolen mode explicitly. This command may be used in case the phone got lost or stolen with authorized SIM inserted and valid PIN code already entered. The command revokes authorization from all SIM cards even your own SIM that is now being used by finder or thief. In case you got your phone back, you have to grant authorization for your SIM card again.
  
• FIX: Keyboard slider detection and battery charge info is now sent in stolen mode, only.
  
• NEW: Rotated smscon.log file. The smscon.log file is now limited to roughly 100 KB size. Log will flood into smscon.log.1, smscon.log.2 etc until smscon.log.5 files. Older log entries will be removed. This ensures that smscon occupies a limited and deterministic size of disk space only (round about 600KB).
  
• FIX: A bug in decoding incoming SMS messages has been fixed. The bug leads to failures in command detection. Happend to SMS messages of 7 chars length (and multiples of 7).
  
• NEW: Delete incoming SMS from chat history if it was a valid smscon command.

Further notes:

• Deletion of incoming SMS from chat does not yet prevent the SMS to show up temporarily as "just arrived SMS". Unfortunately.
• TrueCrypt: The idea is as follows:
  

  smscon provides a new command line option to supply a password-B to access encrypted data (e.g. mount container or partition). This password-B is generated from a password-A (provided by regular user) which is somehow modified/signed using the IMSI (and perhaps IMEI). Password-A may be stored plain text on phone. It is needless without having entered the correct SIM PIN because IMSI is only available with SIM PIN.
  
  Given this, the correct SIM PIN could open the phone completely including access to TrueCrypt data. Without PIN the phone offers only irrelevant or encrypted data.
  
  Since IMSI in this concept becomes a key to encrypted data, smscon 0.10.6-1 will no longer store IMSI codes to detect authorized SIM cards.
  

• I will update wiki after getting some feedback here and - may be - making some corrections.

Re: [Announce] SMScon (control your device with SMS)
 

Release of SMSCON Editor 0.10.6-1 in extras-devel

Changes:

• NEW: Added new SMSCON commands COM_SILENTON, COM_SILENTOFF and COM_STOLEN
• CHANGE: Follow changes in smscon_boot file.
• CHANGE: Rename buttons for Add/Remove IMSI to Authorize/De-authorize SIM

Re: [Announce] SMScon (control your device with SMS)
 

yablacky, while idea of using IMSI as an de-facto key for truecrypt - isn't it offering too low security? It's numbers only - I don't have hard data with me, but bruteforcing it would be orders of magnitude easier, than any TrueCrypt password should be - yep?

Isn't it becoming security through obscurity (i.e. relying on fact, that attacker doesn't know - usually - way used to deliver password from PIN and IMSI)?

Take this with grain of salt, as I don't know details yet :)

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.

I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically :( Has anybody tried this successfully? It could help a lot.

On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...

Re: [Announce] SMScon (control your device with SMS)
 

I agree, that it may be enough for thing like private photos or content of addressbook. Other things may be encrypted in a way, that it isn't auto-mounted on boot.

But, I fail to understand, how it helps us to avoid need for lock code kicking in every 5, 15, or 30 minutes? If we have our device in use without lock code auto-lock feature, thief can access our encrypted data, because it's mounted on boot, anyway. OTOH, if we use auto-lock code, we can't use smsCON after reboot. That was the deal.

I'm too slow, or it is not this stage yet?

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

Any chance this awsome app would be ported to N9(50) someday? I may really miss it someday if my N9 get lost/stolen. :/

Re: [Announce] SMScon (control your device with SMS)
 

You're alright :) It isn't that far yet. But it's ongoing. Today I found a way to move the device lock question behind the pin-code question :D This way device locking on boot does not prevent smscon operation. It works pretty nice but yet has some pitfalls that need some work.

Re: [Announce] SMScon (control your device with SMS)
 

It would be great to have SMSCon on N9 :)

See page 114 or this post. :)

Re: [Announce] SMScon (control your device with SMS)
 

Having more than 15 digits as a truecrypt password is a MUST though. It is way too easy to brute force and anyone could find instructions on the web by asking. Having other info from SIM card behind PIN code is good idea in that case to increase the password length.

Of course three letter agencies, police, operators and those have no problem finding out your IMSI.

Can IMSI be retrieved and SIM-card opened by hacking somehow maybe? Actually there is only 10000 keys to brute force, but normally SIM-card gets locked down after 3 wrong PIN-code attempts.

btw, is there any reason why smscon password has to be in plain text anywhere?

Re: [Announce] SMScon (control your device with SMS)
 

IMSI can be easily found with appropriate hardware (SIM card reader) and programs, but only if you have PIN.
Read for example here:
http://www.mfi-training.com/forum/paper/SIM&Salsa.pdf
I know it because once I was interested in SIM cloning.

Re: [Announce] SMScon (control your device with SMS)
 

Thank you! Let's cross our fingers then.

So you might be interested in this: http://talk.maemo.org/showthread.php?t=84987

Re: [Announce] SMScon (control your device with SMS)
 

That's all true, I fully agree. The good news are: Nobody will be forced using data on SIM as key for their encrypted data. It would be an optional feature offering convenience at an expense of security.

Those having data on their N900 that must be hidden against "three letter agencies" :cool: in all and every case should not use the planned feature using IMSI or other data on SIM. A SIM is protected by a 4 digit PIN only and can even be retrieved by specialists. For max security, you have to mount your truecrypt partitions manually by entering a strong 78 letter password (for hard to crack 512 bits) key by key.

Don't forget the device lock code which protects access to already mounted truecrypt data. Not sure if it can be more than 5 digits. Would need 155 digits for 512 bits. Do not assume brute force trying of device lock codes could not be automated by specialists.

Re: [Announce] SMScon (control your device with SMS)
 

Not sure what you mean. smscon does not store passwords as plain text . In my truecrypt/IMSI example description the "plain text password" is the encoded form of the decoded password. Should not have named this "plain text", sorry for confusion.

Re: [Announce] SMScon (control your device with SMS)
 

For more information see wikipedia - IMSI look for --> "Authentication key (Ki)" --> "Authentication process:" --> #1:

Re: [Announce] SMScon (control your device with SMS)
 

As far as I know :D, there's no way to clone newest SIM cards (and for "newest" I mean the ones produced about in the last 10 years).
The problem is just you can't extract Ki neither with brute-force, you just burn your SIM card.
I spent some times reading some documentation, so I'm pretty sure about it.

Of course, I guess investigative agencies have no problem to obtain all they need directly from the operator. :o

Re: [Announce] SMScon (control your device with SMS)
 

Max is 8 digits - theoretical limit is 10, but when using it, it unlocks by *both* providing 10 digits, or first 8 only (!).

As for automating brute force of lock code, it's interesting idea. Lock code is trivial to break (DES), but only, if You have access to root filesystem, which *shouldn't* be possible without rebooting, if already presented with lock code prompt. When prompted, every 2 wrong attempts there is delay, that increases in 3th attempt, then disappear for next 2 attempts, and so goes on, in circle. Both delays are customizable (don't remember where, but it is easy to find it, IIRC).

Honestly, I can't think of any way, that would allow "3 letter agencies" and their specialists to retrieve lock code/unlock, without causing reboot (messing with flash storage content directly, without device in middle, should definitely cause reboot, and it's far from achievable, without de-soldering One NAND or cutting motherboard and doing extra-precise connections to certain paths itself, without harming other paths).

If anyone have sensible ideas, it's worth to discuss them in Truecrypt thread :)
---

yablacky, it's great to hear, that You've managed to move lock code prompt! May I ask, what are current pitfails about? Maybe someone will be able to help overcome them?

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

I solved most problems. One important remains:
When locking the phone using this method Phone_control#Security_Device_Lock_with_lockcode the power button won't get disabled. When pressing it, the corresponding menu is still shown. Most available options do not work, fortunately. But "Offline Mode" can be enabled. This counteracted the whole story because it disconnects the phone from networks.

Does anybody have an idea how to disable power-button menu as well?

Re: [Announce] SMScon (control your device with SMS)
 

Oh my, I remember hitting this bug when I've exploited putting device into "deepest sleep" via button in power menu key (with auto off-line mode and locking via code, just before putting it into freeze). Unfortunately, never found a way to overcome it. I guess it's high time time for really smashing this obstacle - will investigate.

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

Possible solution could be:
(1) When locking the phone, the undesired menu items (Flight mode/Telephone - they must be known in advance) can be disabled explicitly. On regular unlock they would have to be enabled again automatically.

(2) When locking the phone, replace the complete power-button menu by one that contains desired items only (e.g . Power-off/Reboot). This also has to be undone automatically on regular unlock.

The 2nd solution would apply to custom entries as well, which usually do fancy things which should not be available while phone is locked.

Re: [Announce] SMScon (control your device with SMS)
 

The solution is much easier :D. There is a different way to activate device lock which does also disabled the power button. I will add this info to Phone_control pages.

Re: [Announce] SMScon (control your device with SMS)
 

Thanks a lot! It was bugging me for months, and I never found solution.

/Estel

Re: [Announce] SMScon (control your device with SMS)
 

smscon 0.10.9-1 has been queued for loading into fremantle extras-devel repository

Solved TrueCrypt dilemma: Remotely control the phone after reboot even if device lock is active!
New options to lock and unlock the device depending on validness of SIM card and PIN code.

Changelog en detail:

• NEW: New option "DEVICELOCKLATE" (yes/no). Applies to situation where phone was locked at shutdown and therefore will be locked on next boot: If set to "yes", and the phone boots again, it will ask the device lock code _after_ asking for SIM pin code. This allows the phone to connect to telephone and wlan networks albeit it is device locked. This in turn allows to remotely control the phone via smscon even after rebooting with active device lock.
  Note that "DEVICELOCKLATE" only works if smscon loads on boot.
  If "DEVICELOCKLATE" is enabled, which is default, it solves the smscon/TrueCrypt dilemma.
• REMOVED: The option "SIMUNLOCK" converts to new "LOCKMODE_NEWSIM"; see below.
  "SIMUNLOCK" still exists but is no longer used and will be completely removed in future version. Until then it is kept for API compatibility with older versions of smscon editor.
  When upgrading to this version, the current "SIMUNLOCK" setting is used to initialize all the new "LOCKMODE_xxx" settings accordingly, which are:
• NEW: New option "LOCKMODE_BADSIM" (keep|unlock|lock) to define automatic device un/locking on either no SIM or on new (=unauthorized) SIM with _wrong_ PIN.
  Note that "unlock" only works if DEVICELOCKLATE is "yes".
• NEW: New option "LOCKMODE_NEWSIM" (keep|unlock|lock) to define automatic device un/locking on new (=unauthorized) SIM with _correct_ PIN.
  Note that "unlock" only works if DEVICELOCKLATE is "yes". In earlier versions the functionality of "LOCKMODE_NEWSIM" was known as "SIMUNLOCK" which becomes obsolete.
• NEW: New option "LOCKMODE_OKSIM" (keep|lockifnopin|lockalways) to define automatic device locking if authorized SIM is present in phone.
• NEW: For developer only: New smscon command line option to check if current SIM is authorized:
  smscon -test imsi
  Returns message and true/false shell return code accordingly.

Re: [Announce] SMScon (control your device with SMS)
 

Also smscon-editor 0.10.9-4 that suits smscon 0.10.9-1 is available in fremantle extras-devel repository.

Re: [Announce] SMScon (control your device with SMS)
 

Release of SMSCON Editor 0.10.9-4 in extras-devel

Changes:

• NEW: Added new SMSCON device lock options: LOCKMODE_BADSIM, LOCKMODE_NEWSIM, LOCKMODE_OKSIM
• CHANGE: Removed deprecated SIMUNLOCK option.
• NEW: Added a button for revoking the authorisation of the current SIM only.
• CHANGE: Moved the enable/disable switches for the daemon and the boot in the initialisation window.
• NEW: Added user confirmation dialogues for operational sensitive actions.
• CHANGE: Major redesign of main and initialisation windows.

Sorry for the late announcement. In a couple of weeks when I get some more time I will try to review the main window once more, since both yablacky and me think it can be improved. For the time being, my focus was more on the new functionality he brought with the latest SMSCON.

Re: [Announce] SMScon (control your device with SMS)
 

Absolutely awesome, thank You!

Will test extensively in first bigger batch of free time, and report back.

Re: [Announce] SMScon (control your device with SMS)
 

hahaha do you remember Estel when i said


so you replied


i think i missed "four riders of elopcalypse riding sky"

BTW thanks for the updates guys, i was waiting for that for a looooooooooong time.

Re: [Announce] SMScon (control your device with SMS)
 

Having issue with SMSCON, I had to reflash combined on my N900.
I had the current "stable" SMSCON package installed.
After my reflash I let HAM/Backup App reinstall all my applcations, not releasing Devel was enabled.

I opened up SMSCON it took the default password, I changed the password and reinput all the settings.

Now I can't enter SMSCON the password shows incorrect everytime.

I have tried re-installing both "stable" and "devel" version and the password is showing incorrect.

Is there a way to restart SMSCON from scratch?

Re: [Announce] SMScon (control your device with SMS)
 

Deinstall smscon and smscon-editor the regular way.
Open a shell terminal, become root.
Then enter this command:
Then again install packages from stable or devel.

Re: [Announce] SMScon (control your device with SMS)
 

Needed root. Thanks.