Android, IT

Administer your Android phone from Internet (root needed)

Introduction

I’ve decided to make this tutorial since this issue was a long time frustration I had with the mobile phones.

I’d like to be able to administer my phone using any web browser when the phone is only connected to the GSM/3G network.

There are some tools that allow to administer the phone from a browser, but because mobile operators block access to the phone’s IP (when on GSM/3G), you can’t connect to the phone. You either have to pass through 3rd party proxies (if offered by tools developers) OR only use the phone over WiFi at home.

Some scenarios that I found frustrating:
1) I’m at the office, and I’d like to copy a file to the phone. But I don’t have the cable with me nor I can install Dropbox on PC tough.
2) Receiving an email with contact details. I don’t want to type it manually on the phone – I’d like to be able to edit the contacts list in a browser, even if the phone is only connected to 3G network.

Prerequisites

a) Home pc with a public IP address and OpenVPN server properly configured.
b) tun.ko / OpenVPN client installed on the phone – and properly connecting to the home pc OpenVPN server.
c) i-jetty + i-jetty console installed on the phone on default port 8080.

I put these as prerequisites since they require some time to get them running properly. I already had the OpenVPN server, and it took a while to find a working tun.ko that does not reset my phone.

Connection diagram

This diagram represents a standard setup and ports and IPs are shown as examples, they will be different in your setup:

a) Home PC is protected by a router which has external IP (allowing anybody to connect to it).
b) Router allows OpenVPN traffic to reach the home PC (and thus the phone can connect to the OpenVPN server).
c) Router will also forward each request on its 3080 port to the Home PC port 3080.

Right now, the only thing needed, is a small web server on HomePC port 3080 which will redirect all requests to the phone’s OpenVPN assigned IP (in my case, 10.7.7.22).

Configuration

1. OpenVPN server needs to allow inter client communications so please add this line to server.conf of OpenVPN:

client-to-client

2. As proxy server, I have used nginx. My home PC is running Ubuntu and thus I was able to easily apt-get install nginx.

To act as a proxy, you need to edit the file /etc/nginx/sites-enabled/default and add the following server configuration:

server {
        listen 3080;

        server_name 

        location / {
                proxy_pass        http://10.7.7.22:8080;
                proxy_set_header  X-Real-IP  $remote_addr;
        }
}

This instructs nginx to:
a) listen to port 3080.
b) reply with as address (so outside clients won’t see a LAN ip, but the external ip).
c) forward all requests to the phone’s OpenVPN IP, on port 8080, where i-jetty console listens for connections.

Thus, the only requirement is now that the phone has a working network connection which it can use to connect to the OpenVPN server at home.
When connection is established, you can connect to http://:3080 and then:
a) router will forward traffic to HomePC port 3080 (where nginx listens)
b) nginx forwards the traffic to the phone’s IP.
c) OpenVPN server will foward the traffic to the connected phone.
d) i-jetty console replies, and the packages travel now back to the browser.

This is an overview of the process, and specific details on how to configure everything is outside the scope of this tutorial. Google helps a lot with OpenVPN, and each phone subarea on XDA describes how to configure tun.ko.
There are also configurations to be done on router which depend on the router only – however, opening tunnels (even if not named like this) but meaning to allow connections from outside world to inside LAN is something that should be covered by the manual.

Conclusions

With a rooted phone and some configuration abilities, anybody can now connect to the phone, using any browser – no need for cables, etc.

Connection from the browser to the home pc is not encrypted. It can be if you generate a certificate and instruct nginx to answer via SSL and using that certificate, instead of standard HTTP. This is again covered in details on the internet.

There are other security aspects on opening your PC to the outside world, so … unless you know what you are doing – do not proceed.

But now I like Android even more [even if pthread / fork() implementation still leaves a lot of room to be improved]

Leave a Reply