Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
06-13-2013, 01:19 PM #1Someone else jailbroke my iphone...
I actually found this site because I uncovered [email protected] information inside of my backup files as I was trying to figure out when the jailbreak happened.
In a nutshell, I randomly read thru a Low Memory Crash Report a few days ago and saw MSpy as a listed process. Further investigation revealed that yes, it was spyware, and yes, my phone had been jailbroken. I am completely floored.
It would be amazingly helpful if I could determine when the spyware was installed (or the jailbreak happened). There are only two suspects because my phone is with me at all times: a repair shop that had my phone for literally ten minutes to replace the shattered glass screen and my husband, since I do have to sleep at night (lol).
Since discovery, I was able to reverse the code that hid the Cydia app and get it to reappear. But I can't log in to Cydia. Nor can I log in to MSpy. I know that if my husband is involved he is not monitoring me via our home computer. It is either being done on his iphone or his work computer (I would suspect his phone more than the computer).
There are many reasons I think the jailbreak and spyware happened on 4-26: the Low Memory Crash Reports for the month prior total 13 and none of them list MSpy as a process. After 4-26, there are almost 800 LMC Reports and all of them have MSpy listed as a process, if not the largest process, running at the time of the crash.
I went through my iphone files (which admittedly I cannot read everything bc I don't have all of the right programs with which to open them all), but all of the "suspect" names (ie BigBoss, ModMyi, Saurik, Cydia, etc.) have dates of 4-26.
What is confusing me a little is that sometimes inside of these files there are sub folders or documents that are dated earlier than 4-26. Some are dated 4-5, and some are dated something crazy like 7-1-1970. Would this rule out the possibility of a 4-26 install/jailbreak?
My problem is that along with not being able to read all of the files correctly, I also am limited in knowing what is supposed to be on my phone and what isn't. And I guess once you've realized you've been hacked, everything starts looking suspicious! =)
It would make a huge difference in how I proceed if I could accurately determine when my phone had the spyware installed on it (or was even jailbroken). If it's the repair shop, then the management needs to know. If it's my husband, then that's an entirely different set of circumstances. =( I don't want to accuse the wrong party here.
Is it even likely that a repair shop with a storefront would hack someone's phone like this? Nothing that I know of inside of my phone has been compromised (financially, etc). Aren't there legal risks and ramifications here? How common would something like that be?
I'm thinking most roads lead to my husband, but he completely does not act like he's spying on me. Maybe it's because I have nothing to hide or discover, but still I feel like I'd be able to look back on the past couple of months and see some sort of sign or subtle giveaway.
Is it possible to find something on HIS phone that would indicate that he's using it to monitor me on mine? I don't have access to his work computer at all. I do have access to our home computer, which is what he would have had to have hooked my phone up to in order to jailbreak it, because there's nothing else for him to have used.
Shout out to Kyle - lol - I'm hoping you can help me with this. I've got your name on my phone and I didn't put it there!
06-13-2013, 03:06 PM #2
Welcome to our site!
First and foremost, I'm very sorry to hear that someone is being a jerk and spying on you. Jailbreaking is about freedom and modifying stuff for your benefit, not detriment.
Let's start by removing the spy program. Can you open the Cydia application at all? If so, first go to Manage -> Settings and set it for "Developer."
Now open Manage -> Packages and look for an installed package called "Core Utilities (/bin)". If I'm remembering this particular program correctly, there will be TWO packages called "Core Utilities (/bin)". One will be listed on the second line as "from Cydia/Telesphoreo (Utilities)." This is the legitimate one, DO NOT DELETE THIS ONE.
I suspect the second one (and I do suspect there will be two packages) will have its second line as either "from rxsios.com (Utilities)" or "from asd-ms.com (Utilities)." This one is the spyware, and the one you'll want to delete. Tap the package, hit Modify in the top-right corner, then "Remove." Confirm the removal and you're on your way.
As for ascertaining when your phone was jailbroken, you can look for the creation date on the folder "/private/etc/dpkg" on your iPhone (via a program like iFile, MobileTerminal or a root shell), and this will give you a good idea of when it occurred. As for determining who installed this on your phone, I don't want to interlope in personal matters, but I guess it's quick to rule out the repair shop if the phone wasn't in their possession on the date(s) of these files and crash reports...?
The Following User Says Thank You to Orby For This Useful Post:
06-13-2013, 05:07 PM #3
Thank you - I am already feeling better with your response. It's amazing how little there is to research when it comes to this sort of thing happening. There's 80 million topics on jailbreaking your own phone but relatively nothing useful for when your phone is jailbroken without your knowledge. I finally feel hopeful that there is help.
I can't get into Cydia at all except to just look at it. It's extremely aggravating to have an app on my phone that doesn't recognize me as the authorized user! AACK! Which brings me to a question: will deleting the app or uninstalling MSpy, etc. also remove my ability to look into the creation aspects of it all? If so I don't want to remove it until I've made sure I've learned all there is to learn about who did this and/or when.
And yes, if I can determine when this all happened then it can positively confirm or rule out the repair shop, which would be huge. If I can't do that then I don't feel comfortable pointing a finger at either suspected party.
Evenings are hard for me to dig - I am going to look into the folder you suggested first thing tomorrow for a creation date and see where that gets me. It would be wonderful if I had something concrete to go on with this.
Thank you very, very much for your help!
06-14-2013, 08:43 AM #4
Okay I'm looking into iFile and MobileTerminal, and from what I can see you're referring to apps which are available through Cydia, correct? If so, I can't use Cydia unless I log in to it, which I can't, since I am not the one who set it up.
I am seeing iFile available through iTunes - pardon a potentially dumb question here but would that essentially be the same thing? There are actually several apps through iTunes with "iFile" as part of the name, so I could go with the highest rated one, but don't want to bother if it's not going to do me any good. I turned my husband's iCloud off so that I could upload Lookout without any file sharing occurring, but I don't know that he hasn't noticed and turned it back on since. I don't mind uploading anything to my phone that will give me answers but I do want to call as little attention as possible to what I am doing. Of course, this is a moot point if it's my husband using the MSpy on me! LOL
Anyway, let me know about the apps in question and if the ones I see via iTunes will be useful. I did upload "FunBox" yesterday, which allowed me to look at the files currently on my phone when I connect it to my computer, but I get overwhelmed because I don't know what I am looking at for the most part. I don't know if iFile does something different or better than Funbox. I'll wait for advice before I go further.
Thanks so much!!
06-14-2013, 10:08 AM #5
While I was waiting, I went ahead and looked through my files with the FunBox program, and found the Private file you referred to. I opened Private -> etc -> dpkg and inside is a file called "origins". When I open origins, there is an undated document called "debian", which is 82B. This is where I get stuck because I do not know the right program with which to open/read "debian". "etc", "dpkg" and "origins" are dated 4/26/13. Does this mean that I can rely on 4-26-13 as the date of jailbreak, as I suspected?
Backing up a bit, when I open "Private", there are two files: "Etc" and "Var" (both dated 4/26). Var has "evasi0n" inside of it (dated 12/31/69 but the files inside of evasi0n are all dated 4/26/13). But does it mean anything that other files inside of "Var", such as "keybags" (3/10/13) have earlier dates? I guess my confusion is whether or not all of these files inside of this larger Private file are related to the jailbreak and spyware. If so, there are definitely earlier dates than 4/26, but most do seem to list 4/26 next to them.
06-14-2013, 10:11 AM #6
If you are talking about Cydia icon on you phone, than tap it and you will get in , please forgive me, but I have a feeling, that this is some kind of hidden camera Please continue
The Following User Says Thank You to bbrks For This Useful Post:
06-14-2013, 10:35 AM #7
When I tap Cydia, it reloads data and updates releases and packages. I get a Welcome to Cydia screen. But if I try to click Manage Account it wants a password. There is a "Featured" tab I tried out, which does allow me to look at featured apps. I located an iFile app ($4.00) - thank you. I have not tried to purchase it yet just in case the FunBox program I pulled the above info off was adequate. On that note, does Cydia require a password entry to purchase apps the same way iTunes does? If so then I wouldn't be able to make the purchase.
Do you mind my asking why you think this might be a hidden camera? Thanks!
06-14-2013, 02:57 PM #8
Manage account in Cydia will not tell you anything. It's just the way of paying for apps and tweaks from Cydia. You can also pay for those directly with your PayPal account. In any case, if you want to purchase anything you go directly to that app or tweak of your choice, click on purchase and do the payment over PayPal.
You don't need iFile...iFunBox is enough and also iTools, same thing, but just maybe a bit more user friendly.
I don't mind at all, the whole story is.........well, a bit to much for me, why don't you just ask your husband and finish with your doubts once and for all PS, sorry for my bad English
06-14-2013, 03:01 PM #9
I'm sorry, I didn't want you to hit "Manage Account," please use the "Manage" icon on the bottom row of the application--it looks like an open book (fourth from the left on the very bottom of the screen). That button should not require any login. From there, hit the Packages button and go to town...
I think your estimation of 4/26 is probably correct for the jailbreak date.
The MSpy application, from its website description, can be used to remotely activate the cameras and/or microphones on your telephone.
The Following User Says Thank You to Orby For This Useful Post:
06-14-2013, 04:51 PM #10
Orby - Gotcha! When I open "Manage", I see the following:
BigBoss Icon Set (From Cydia/Telesphoreo)(repositories)
Cydia Installer (from unknown/Local)(packaging)
Cydia Translations (from unknown/Local)(packaging)
evasi0n 6.0-6.1.2 (from Unknown/Local)(System)
Hide Cydia (from Mtechnology)(Tweaks)
iphoneInternalService (from Mtechnology)(Security)
Mobile Substrate (from Cydia/Telesphoreo)(System)
Substrate Safe Mode (from Cydia/Telesphoreo)(Tweaks)
Not exactly as you thought, so I wanted to run it by you. My guess is the spyware is the Mtechnology items?
What happens when I click on one? I think it will just open the app but I don't want to mess up my phone so I am proceeding with extreme caution.
bbrks, no apologies necessary. Yes, I could just ask my husband, but if he's going to go through all of the trouble to do this behind my back then is it reasonable to expect an honest answer out of him? Which is another reason it's important that I rule out the repair shop. I'm expecting that if there's any room whatsoever for doubt he will use it to his advantage and deny involvement. What's so offensive about the entire thing is that he had an affair two years ago and I chose to work through it, and I never installed spyware on his phone despite the fact that he had proven himself untrustworthy. I have never broken my vows and I do not behave in a way that would cause worry. Yet here *I* sit with spyware on my phone. (sigh) It's a pretty big deal to me. I have nothing whatsoever to hide, which is why I'm not freaking out completely trying to remove the spyware. His undeniable involvement in this would pretty much put our marriage in a much different place than I thought it was. I really appreciate all of the help here.
06-14-2013, 06:13 PM #11
I would remove these 2.
Hide Cydia (from Mtechnology)(Tweaks)
iphoneInternalService (from Mtechnology)(Security)
Easiest way to perhaps is to restore your iPhone via iTunes, set up as a "new Phone", not from a backup. Then sync your contacts, music etc. This will give you a new iOS and remove all hidden apps and Cydia as well.
Password protect your device and breathe a sigh of relief.
4/26 was the date this happened to your device certainly.
Feeling your pain, invasion of privacy, and from your husband, unacceptable IMHO.
Last edited by blkcadi; 06-14-2013 at 06:37 PM.
06-14-2013, 07:55 PM #12
Hmm if you are still having trouble I suggest you visit the mspy website and contact them. Let them know of you situation and they might be able to find the code for you to unlock cydia. They might be also able to tell you the email that was used to make the account and purchase. They even say it illegal on there website to track secretly without consent so they should be more than happy to help you. If they give you the email compare it with you husbands. If it not you husbands check the repair shop you went for an email address. Also a final note if I am right mspy is a subscription bases ap and its roughly 50$ a month I believe to track someone. So I seriously don't think a repair shop would do it because there would not be a benefit for them. Since its 50$ this would come from out of a credit card. Check his credit card bill and look for something along the line of the company who made mspy the developer or just a regular software purchase. Or you could ask him to log on PayPal or amazon and when he leaves take look at payment history.
The Following User Says Thank You to mag12 For This Useful Post:
06-15-2013, 03:40 AM #13
06-17-2013, 10:33 AM #14
Sending out some really BIG thank you's to everyone for your support and insight. Being able to pinpoint the date of incident was crucial, because I am going to need very solid footing in all of this. If anyone else has any guidance or input on any aspect of any of this I am happy to have it. The more I know, the better.
I have not confronted him yet with it all - didn't want to upset Father's Day for my kids. I feel like he must know I'm onto him because I haven't refrained from digging around on my phone and I reversed the hidden code on the Cydia app, not to mention I had a phone conversation with a friend about it all. I have kept my phone with me 100% at all times, even sleeping with it under my pillow. I did set my phone down on the hallway table three nights ago and stepped into the laundry room to fold towels. He came in, talked to me for a minute, then walked out. I remembered my phone on the table so I stepped out about 30 seconds after he did and totally caught him quickly setting it down on the table and then straightening a picture right next to it, as if he was just 'tidying up' the table. I acted as if I didn't notice. Obviously he was feeling pretty pressed to get his hands on my phone without me knowing but I have to wonder why if he can monitor everything I do remotely anyway?
I am on the fence as to whether or not to go ahead and remove the spyware now (it is draining my battery like crazy) or leave it a little longer until I confront him about it. But when I am ready to remove it, do I just delete the two apps from Cydia, as suggested in an earlier response? And that's it? I'm really not even sure what I think about my phone being Jailbroken. That obviously leaves me vulnerable to being re-tapped more easily than if it wasn't. If I don't want my phone jailbroken at all can that be corrected? How would I do that?
Lastly, how do I know for certain the spyware is gone? Any/all insight is very helpful!
06-17-2013, 10:59 AM #15
As I posted above, if you restore your iPhone in iTunes to a fresh iOS, it will remove everything and all will be set back to factory specs. (Spyware and Jailbreak are all gone) Then just use the Passcode Lock feature to secure your phone by going to Settings/General Passcode lock and no one will ever be able to access your device.
Feeling your pain...
The Following User Says Thank You to blkcadi For This Useful Post:
06-20-2013, 09:17 AM #16
Thank you. I've been taking some time to learn more about what's inside of my backup files and it's been very interesting! My biggest challenge is finding a way to read all of the files. Some of them aren't even classified with anything (such as .tmp, .db or .plist, etc). Does anyone know how to open a file like this, or if there are any decent software programs for Windows that would work their magic here and bring these to light? What I'm hoping for more than anything is to uncover the passwords he used on Cydia, MSpy, etc. I'm thinking these must be in my phone files somewhere, and what I've read so far has me thinking they might be found in the Keychain file, but I can't read this file. Any advice on how to successfully maneuver through my files without hitting dead ends or gibberish? Am I being too optimistic?
Also, can someone explain how Cydia, Big Boss, ModmyiPhone, MSpy and Evasi0n correlate to each other? I know he utilized all of these to jailbreak/install the spyware because I can find them within the files on my phone. I'm just curious what their roles are, which came first, what pertains to the jailbreak process vs the spyware installation, etc. I feel like I'm looking at a toolbox and I don't know what all of the tools actually do (aside from MSpy being the actual spyware program and Cydia being the place you go to add apps and cool things to your phone that you can't get through Apple). It would be nice if I could log into them so I could follow the process he went through for myself, but that brings me back around to the problem of having no passwords.
06-20-2013, 10:43 AM #17
1. Evasi0n; the app used to jailbreak your device.
2. Cydia; app that is installed with the jailbreak allows installation of third party tweaks and apps
3. BigBoss/ModmyiPhone; repo's/sources that come pre-installed by the jailbreak that host legit 3rd party app/tweaks
4. MSpy; does not come from Cydia directly, a additional source that must be added to Cydia to install MSpy Mobile Spy - Instructions to install v6.5 Software on iPhone & iPad iOS