Slashdot Mirror
Free Software Tracking a Stolen Computer?
JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"
... is just what you're looking for. I strongly recommend encryption and backups though.
If you are going to roll your own, I would suggest setting up a script on the laptop so that if it detects it has been stolen (i.e.: by checking if a website has a special message from you), and if so, connect to a secure ssh server as a client (using public key authentication so it can connect without a password), making sure you use the options to set a TCP tunnel going back to your laptop (to port 22, or perhaps VNC port, or multiple ones). In other words, have the laptop automatically ssh to a stationary server, and establish a tunnel back the other way that you can then use to get in. This way if someone runs it behind a nat device, or even installs a firewall, you can still get in.
Another thing you might want to look at is using an IM protocol with the language of your choice, and allowing remote command execution (with certain precautions such as command signing with a private key). For example, grab the Perl AIM module, create a server, add some way to sign commands (i.e.: if ( md5($msg . 'someprivate') eq $msg_key ) { shell($msg); } or something like that -- that's just off the top of my head so it may not be perfect).
_______
2B1ASK1
the client is nice, and works great in os x. one thing you have to consider though is if your laptop gets stolen, there's a very high chance the hard drive will be wiped before the thief even gets a chance to boot your old machine. besides, if you password protect your login (which you should) then they won't get anywhere and will need to format in the first place.
- tristan
It will cost $199, but will have very cool design and play beautiful music on your cell phone when the laptop gets stolen.
The odds are maybe 50/50 that a person stealing your laptop would have a clue to avoid something like this. If they do consider this, they'll wipe your disk clean at the earliest possibility, in the absence of a network connection. Get rid of the evidence.
If this is a kid who plans to pawn it or sell it on eBay, or possibly just use it, they might plug it in to make sure the Internet works. What's the first thing they'll run? The web browser. It's just a web browser, that couldn't hurt right?
All you have to do is set the browser's home page to a page on your own site, not linked from anywhere else. If your laptop gets stolen, you could activate some PHP in that page to send you an email or SMS. The IP address will be logged, so you can (maybe) SSH in and do your dirty work. If the user has a firewall, that would be a problem.
But anyway, this is a pretty easy way to do it. You could even just start up the web browser on boot, and if they are on the Internet, they're nailed.
...
Like most people are pointing out there is a good chance the the drive is erased before even being booted. So wouldn't a custom bios be needed with all the reporting tools, dhcp clients, etc? Besides LinuxBIOS anyone have any data about adding custom programs to a BIOS?
A quick search turned up this which seems like a good idea. Also this site discusses varies ideas to make theft and reselling more difficult.
My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
You could always set up a web page that tracks the IP of whoever hits it. Set up the laptop to automatically go to that page when it boots. (Maybe give it a magic forwarder that sends it to Google News or something after it's visited?) Then you at least get the IP. If you wanted to be snazzier, you could also have it read the HTML that comes down and look for a self destruct message. I'm not sure how you'd do this with the Mac, but I imagine it's not too hard. In the Windows world, I'd just write a little VB app to do that, wouldn't take very long.
"Derp de derp."
Good idea!
:P)
ifconfig | mail -s YOUR LAPTOP WAS STOLEN email@isp.com
mutt
eth0 Link encap:Ethernet HWaddr DE:AD:BE:AF:00:00
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14883222 errors:0 dropped:0 overruns:0 frame:0
TX packets:6501247 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3309542786 (3.0 GiB) TX bytes:385138942 (367.2 MiB)
Base address:0xbc00 Memory:fc9e0000-fca00000
Whoo, now I can get my laptop back!
(of course, you could trace the email, but that's too easy
You may consider using something like ddclient and dyndns.org. You can setup ddclient to check the state of the machine's IP address at any interval you want. When the IP address changes ddclient notifies dyndns.org to update DNS records. It runs as a daemon so it shouldn't be too hard to make it start up everytime your machine boots. When running you can monitor the machine's IP address from the dyndns.org website.
Of course, this doesn't do anything to help you get into the machine if it's behind a NAT or other barrier. It could help with spotting the IP, though.
Here is a novel idea... set your laptop to not show user icons(and thus give the person your screenname) and not auto login... THEN, set your home directory to be encrypted using a strong(STRONG!) password using... YUP, the builtin File Vault technology. Make a good backup before you encrypt, then setup regular off-laptop backups while it is encrypted.
If that isn't good enough for you, and i don't see why it wouldn't be, have your web browser's home page(or an applescript that runs every time it verifies a network connection) to post to a 'secret' webpage you have on your site... have it post its information(ip, blah blah) and timestamp it... this way, you have a clear record every time the laptop has a connection, and you can just take note whenever it has an entry while NOT in your posession.
If you really want to be secure pack the free space in your laptop with sealed plastic bags of thermite. Wire a detonation circuit to recognise a special code from spare pins on the inside of the parallel port (basically, an electronic hardware interlock so it can't possibly go off accidentally) and have it read from a special URL every time the network comes up. If the correct code is present your laptop becomes worthless to the thief in very short order. With a bit of luck, he's got it on his lap at the time and won't be stealing any more laptops for a while.
Or you could just use a crypto filesystem to protect your data, and claim the stolen laptop on your household insurance..
455fe10422ca29c4933f95052b792ab2
Create a cronjob for root:
/usr/local/bin/checkWeb.sh
/usr/local/bin/checkWeb.sh could contain:
crontab -e
0 * * * *
The file
#!/usr/bin/bash
wget http://your.host.name/stolenweb.html
if grep "It is stolen" stolenweb.html ; then
[generatereports and send it off]
fi
rm stolenweb.html
It's a really rather simple setup that checks the webpage once each hour. If the webpage contains "It is stolen", then you do the reports-generating and whatever.
"Rune Kristian Viken" - http://www.nwo.no - arca
Expecting that whomever steals it will merrily go home and plug it into an ethernet jack is a bit too much, I think.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
cron a bash script. /sbin/ifconfig | mail you@where.com
/sbin/traceroute www.slashdot.org | mail you@where.com
If they're behind a NAT, you'll get an email that says the IP address is something like 192.168.x.x or 10.x.x.x
That won't be very useful.
How about
perhaps?
You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.
time to take SMTP mail 101
If behind a NAT the heders will reveal the external IP of the originating network, *not* the internal IP of the client machine.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
lol, if you think some lame BIOS password you could well have a stiff surprise waiting the day they take the HD out!
Without encryption
Physical access == data access
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
He used Timbuktu to get onto the machine. Using that keyword helps get results back from Google. It was actually a story on slashdot, here. The link in the story is slightly broken, but it's just moved a bit: the story.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
One of my servers at very remote location is connected to ADSL with dynamic IP address. Simple cronjob reports its IP-address every ten minutes. It is wget requesting special CGI-script which writes remote IP-address to text file.
This scheme should work fine for stolen computer unless they disable this cronjob (or whatever in other OSes) or reinstall software completely.
ssh user@somewhere.com "ssh `gethostip -d [machine name]`"
Set up your keys correctly, of course.
Of course, this can cause problems if the thief is clueful and bothers to poke around.
Netcat could also be very helpful here.
I forget what 8 was for.
System: Apple iBook running OS X Panther.
... also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up.
Start by checking the apple.com website and see what options you should begin with. One observation above is to use File Vault to secure your personal data. This is all well and good, but it makes it tough to take one of the later steps.
In the event of its theft, I would like to have the thing send me its IP address
As has been noted this is not difficult. Set up a cron job, or even a boot job to find out the laptop's IP address (ifconfig |grep inet |mail me@myisp.com -s 'iBook's IP") and you get the ip on the lan in the body of the e-mail, and the external IP in the headers. Presuming smtp is not blocked. If you install the perl libraries for Jabber, you could even send a jabber message via a similar process.
Note that if you have been rsync on a regular basis to backup your personal data, which can be done across an ssh session, you may not need to do any sftp backups, and you could have a cron job take care of this so you are covered.
Several of the posters above have noted that you could use wget to pull down a "hidden" page on your personal web server with instructions. For that matter you could build a script that would be posted to that page, perhaps with a marker character before each line, (such ah $) that you grep out of the downloaded page, cut the first character out of the line, then save it with a random name, chmod the file to executable, then execute it. At that point the script could be doing anything you ask of such a script. Including downloading executables, and even running 'dd -if=/dev/null -of=/dev/disk0' to wipe the hd yourself.
Elsewhere others have noted that if the thief wipes your hard drive before they re-boot it, none of this works. That's as good of a reason as any to schedule backups of your personal data. It won't help you recover the laptop, or tell the police where the laptop is, but at least you have your personal data.
This also won't help if your laptop is not connected to a network of some sort. If they pull your HD and toss it into a second computer as a secondary drive, then you will want to have all of your data in a 'file vault' to restrict access. Sure with enough time they can break the encryption, and ultimately start performing identity theft on you, but the time involved is unlikely to be worth it to such a person. It's far more likely that they will wipe the drive, pawn the laptop, and hunt for another laptop that is not going to take so much effort to access the user information on.
Then again, these are just my opinions. I have been known to be wrong, so I do wish you good luck.
-Rusty
You never know...
I don't think it's realistic to assume you will get your machine back.
:)
1. Perform regular backups. You'll have all your data, so you don't care about getting that back.
2. Use filsystem encryption software. Built-in, aftermarket, whatever. Ensures they can't put your hard drive in another machine. If you're that worried about it, use VNC or remote desktop to control a system at your office/house and never store any information on your local machine.
3. Have insurance on it. Homeowners, business, whatever, just so you don't have to pay to buy another one.
Otherwise, I say they can keep it and I'll just get another one. I wouldn't mind having a faster laptop anyway.
One question for everyone out there, do you know the serial number of your laptop? I can't imagine anyone has that written down somewhere safe. How can the police prove the laptop is yours if you only know it's your because it has a SuSE sticker on the lid?
It doesn't hurt to have BIOS and power-on passwords either. The casual theif will not be able to get past them and will probably dump the unit somewhere or possibly try to return it saying "they found it" somewhere. Never use auto-login and use good passwords on your account.
IBM has some good laptop security features out there now. I believe part of it is some sort of hardware encryption for your hard drive. Not sure what Apple has, but IBM has definately stepped up to the plate.
Good luck.
-m
http://www.invisik.com
Hmm, I've actually been thinking about setting up something similar. The catch is that I have a Sony Picturebook with a built in camera. I'm thinking about setting it to automatically take a picture any time someone opens/boots it and emailing me the picture. Maybe also if they type a bad password? (How do I set a script to run on bad password entry??) Possibly helping the situation is that I just leave a wireless card plugged in and here on campus anywhere I take the laptop is likely to have wireless.
I could imagine a scenario where I accidentally leave it somewhere for a minute, someone walks up to it, sees it, opens it up, likes what he sees, and runs away with it. As long as they don't pull the wireless card before opening it and open it while still in an area with wireless coverage, I think I should be golden. Also, if they ever try to use the wireless card anywhere on campus again I could easily find out where the MAC address is being used from through the DHCP server's logs. Anyone see any holes in my plan?
The first ever Ultimate Frisbee video game: here (now
lol, if the thief thinks taking the hard drive out will give them data access they'll have a stiff surprise waiting the day they try it.
At home and away, keep your valuable documents safe with powerful AES-128 encryption. FileVault automatically encrypts and decrypts the contents of your home directory on the fly.
I like my women like my coffee... pale and bitter.
In addition to one of these "mailer" ideas, might I suggest having some "hard" evidence that it is, indeed, your computer (besides it having gone to the page that you asked it to or whatever).
:) My iBook is insured with the rental company where I got it (I'm poor, but I still gotta have a mac!). The first thing they ask for on a claim is "serial number", so this may be perfect, really.
0 330144040245#comments
Make it send you the serial number
Check out this link on macosxhints: http://www.macosxhints.com/article.php?story=2004
It describes how to write a bash script to get your machine serial number! Very, very cool.
BOL
Bard
I never stole anything in my life, but for a while a few years ago I was helping some 'questionable' friends wipe out machines of 'questionable' origin. At the time it was a way to feed myseld and get deals on hardware, I'm not into that sort of thing anymore.
You can be SURE that if a laptop gets stolen, the kids that wiped it are going to take it straight to their local geek who will boot the machine off a CD and wipe the drive. Usually stolen goods go right into local low-level organized-crime units for 'laundering' and appraisal.
My advice is to not allow your iBook to get stolen in the first place. I tote my PBG4 AL with me everywhere I go, it's never out-of-sight, not even when I hit the bathroom at my local coffee joint. Do backups and get homeowners/renters insurance on it and encrypt your home folder.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
Just get a big vinyl sticker that says "Protected With GPS Tracking by GPSecure" even though this company doesnt exist, anyone scoping your laptop would think twice about it. They would only steal it if they wanted your data for some special purpose.
"The stupider people think you are, the more surprised they will be when you kill them..."