thats right guys, I am the first as far I as I can tell to figure this one out We can all SSH and VNC to our phones using openSSH and Veency via WiFi or WiFi device (in some cases a cable)... But what I am here to present is a command via the MobileTerminal.app within the jailbroken iphone that can created a REVERSE SSH connection using the 3G internet (Edge not tested). Here is what you will need to control your iPhone no matter where it goes (stolen or not): Jailbroken iPhone with cydia OpenSSH installed on phone Veency (now with passwords) Mobile Terminal.app installed on phone An SSH server running on the computer/device you want to use to remotely access your iPhone (preferably on a port other than 22 for security and other reasons) Forward a port (or DMZ) to your local IP and SSH port (only if using a router) Once you have all those things... open MobileTerminal.app within iPhone, login to root using alpine as the password (change later using passwd command) NOTE: you may also use mobile user name with same alpine password). You can do this by typing "login root", enter, then "alpine" as the password. If you are logged in as root type the following ignoring the ( ) 's and placing the correct characters in place of them: ssh -p (SSHPORT#) (User\ Name)@(Domain/IP of SSH computer) -R 1201:localhost:22 or for background command ssh -p (SSHPORT#) (User\ Name)@(Domain/IP of SSH computer) -f -N -R 1201:localhost:22 OR for VNC access (full control of your stolen/lost iPhone) ssh -p (SSHPORT#) (User\ Name)@(Domain/IP of SSH computer) -R 1201:localhost:5900 or background command: ssh -p (SSHPORT#) (User\ Name)@(Domain/IP of SSH computer) -f -N -R 1201:localhost:5900 NOTE: you can change the 1201 port to anything you prefer, make sure to change in further steps... Once it connects, you will have to type "yes" for the first time connecting, type your password for your computer... If you see you are now logged into your home computer via your iPhone, you can close the terminal via the home button (you do not need to run backgrounder for the terminal to stay connected) and continue to the next steps.. That command above forwarded the iPhone's SSH protocol/port to your localhost's computer's port, allowing you to login to the iPhone's SSH server by entering the following into your Mac/PC's Terminal CLI: ssh -p 1201 root@localhost or for VNC now go into your VNC client of choice and enter this information: server: localhost (or you can type 127.0.0.1) port: 1201 (or watever port you put earlier to tunnel from) password: (I have herd you can put anything, no PW settings for Veency yet) vwalla, you have now connected to your iPhone's SSH server via its own SSH IP within a reverse tunnel...this method can be used to bypass any routers or firewalls set up by ATT This same method can be used once VEENCY is installed using port 1202:localhost:5900 ... meaning!!! YOU CAN CONNECT TO YOUR iPHONE's VNC and SSH server no matter where it goes, as long as you run an SSH server from your home (or other) computer!!! am i the first to see this? Questions for smart people =) 1) Is there a way for me to add this reverse command to my iPhone's startup? this would allow me to always connect to it even if the thief turns it off and then on. 2) Would this command work if they changed the sim card after stealing my phone? 3) This command may need to be ran every time the 3G IP changes, but as far as I can tell, SSH tunnels stay open even if the user turns off 3G and then turns it back on, as long as the IP is the same and the source is the same... IS THERE ANYTHING ELS WE CAN DO WITH THIS SSH Reverse Tunnel via 3G internet? 4) almost forgot... Is there anyway to do a reverse Proxy command from the iPhone Terminal... basically tethering my IP via my home computers internet... example: ssh user@homecomputer -D 9999 ---this works but i need the opposite direction i have tried things like ssh user@homecomputer -RD 9999 with no luck.. any ideas? I know there are other ways to tether your internet that involve connecting to a device via WiFi... but thats too easy =P please correct me if im wrong... but this opens up new doors to the iPhone's 3G network and iPhone capabilities! Leave a comment if you have any defiant answers or questions, otherwise, if you are feeling special, email me at email@example.com with any questions or answers to my genius idea... or if you want to claim doing it before me =) UPDATE: it seems if im connected to 3G then i swap to WiFi, the existing tunnel remains, but I am unable to connect. ONCE I SWITCH BACK, WITHOUT RE-EXECUTING THE COMMAND, the tunnel is still connected and allows remote access. So I tried the other way, WiFi first, execute, then switched to 3G and then activated Wifi again, Tunnel remained!! interesting!! but if the source changes and doesnt return to the IP of the original "command giver's" IP address, the command will need to be executed again: Seems this is something that an hourly process can fix... the process could run every hour, or somehow know when the internet source changes, whether it be to wifi, 3g or edge... Before the tunnel is re-created, the old "tunnel" would have to be closed via terminal/command, assuming you CANT use the same port to forward to (1201 in this case) while the localhost still sees it as connected. An hourly process would not be battery consuming and would allow for higher chances of getting phone back. NOTE: This will have to use a NoPassword DSA/RSA key, iphone supports all bits. DSA is known to be safer and has "never" been "cracked" =P For those setting up an SSH server on Windows Operating Systems: When you install Cygwin, make sure to follow their instructions, you must install it with its own directory, and make sure you have installed the correct SSH packets required to run an ssh server within cygwin... here is a good link for step-by-step Cygwin installation: http://pigtail.net/LRP/printsrv/cygwin-sshd.html OR (older version) http://erikjheels.com/?p=470 WHEN you have problems or differences WITH THE ABOVE INSTALLATION RULES, read these posts: http://www.nabble.com/Wrong-Permission-on-the--var-directory-td18713386.html http://davedotnet.blogspot.com/2006/06/installing-loopback-adaptor-in-windows.html http://www.inkompetent.de/knowledge_base/software/vnc_loop_back.html If you have completed that, and you are having troubles, contact me via email firstname.lastname@example.org UPDATE: Veency now has a password implication within the "preferences", so now all we need is to automate reverse ssh commands at iphone bootup and change of IP.