Slashdot Mirror
Free Software Tracking a Stolen Computer?
JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"
If you are going to roll your own, I would suggest setting up a script on the laptop so that if it detects it has been stolen (i.e.: by checking if a website has a special message from you), and if so, connect to a secure ssh server as a client (using public key authentication so it can connect without a password), making sure you use the options to set a TCP tunnel going back to your laptop (to port 22, or perhaps VNC port, or multiple ones). In other words, have the laptop automatically ssh to a stationary server, and establish a tunnel back the other way that you can then use to get in. This way if someone runs it behind a nat device, or even installs a firewall, you can still get in.
Another thing you might want to look at is using an IM protocol with the language of your choice, and allowing remote command execution (with certain precautions such as command signing with a private key). For example, grab the Perl AIM module, create a server, add some way to sign commands (i.e.: if ( md5($msg . 'someprivate') eq $msg_key ) { shell($msg); } or something like that -- that's just off the top of my head so it may not be perfect).
_______
2B1ASK1
the client is nice, and works great in os x. one thing you have to consider though is if your laptop gets stolen, there's a very high chance the hard drive will be wiped before the thief even gets a chance to boot your old machine. besides, if you password protect your login (which you should) then they won't get anywhere and will need to format in the first place.
- tristan
It will cost $199, but will have very cool design and play beautiful music on your cell phone when the laptop gets stolen.
The odds are maybe 50/50 that a person stealing your laptop would have a clue to avoid something like this. If they do consider this, they'll wipe your disk clean at the earliest possibility, in the absence of a network connection. Get rid of the evidence.
If this is a kid who plans to pawn it or sell it on eBay, or possibly just use it, they might plug it in to make sure the Internet works. What's the first thing they'll run? The web browser. It's just a web browser, that couldn't hurt right?
All you have to do is set the browser's home page to a page on your own site, not linked from anywhere else. If your laptop gets stolen, you could activate some PHP in that page to send you an email or SMS. The IP address will be logged, so you can (maybe) SSH in and do your dirty work. If the user has a firewall, that would be a problem.
But anyway, this is a pretty easy way to do it. You could even just start up the web browser on boot, and if they are on the Internet, they're nailed.
...
Like most people are pointing out there is a good chance the the drive is erased before even being booted. So wouldn't a custom bios be needed with all the reporting tools, dhcp clients, etc? Besides LinuxBIOS anyone have any data about adding custom programs to a BIOS?
A quick search turned up this which seems like a good idea. Also this site discusses varies ideas to make theft and reselling more difficult.
My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
Good idea!
:P)
ifconfig | mail -s YOUR LAPTOP WAS STOLEN email@isp.com
mutt
eth0 Link encap:Ethernet HWaddr DE:AD:BE:AF:00:00
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14883222 errors:0 dropped:0 overruns:0 frame:0
TX packets:6501247 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3309542786 (3.0 GiB) TX bytes:385138942 (367.2 MiB)
Base address:0xbc00 Memory:fc9e0000-fca00000
Whoo, now I can get my laptop back!
(of course, you could trace the email, but that's too easy
Here is a novel idea... set your laptop to not show user icons(and thus give the person your screenname) and not auto login... THEN, set your home directory to be encrypted using a strong(STRONG!) password using... YUP, the builtin File Vault technology. Make a good backup before you encrypt, then setup regular off-laptop backups while it is encrypted.
If that isn't good enough for you, and i don't see why it wouldn't be, have your web browser's home page(or an applescript that runs every time it verifies a network connection) to post to a 'secret' webpage you have on your site... have it post its information(ip, blah blah) and timestamp it... this way, you have a clear record every time the laptop has a connection, and you can just take note whenever it has an entry while NOT in your posession.
If you really want to be secure pack the free space in your laptop with sealed plastic bags of thermite. Wire a detonation circuit to recognise a special code from spare pins on the inside of the parallel port (basically, an electronic hardware interlock so it can't possibly go off accidentally) and have it read from a special URL every time the network comes up. If the correct code is present your laptop becomes worthless to the thief in very short order. With a bit of luck, he's got it on his lap at the time and won't be stealing any more laptops for a while.
Or you could just use a crypto filesystem to protect your data, and claim the stolen laptop on your household insurance..
455fe10422ca29c4933f95052b792ab2
Create a cronjob for root:
/usr/local/bin/checkWeb.sh
/usr/local/bin/checkWeb.sh could contain:
crontab -e
0 * * * *
The file
#!/usr/bin/bash
wget http://your.host.name/stolenweb.html
if grep "It is stolen" stolenweb.html ; then
[generatereports and send it off]
fi
rm stolenweb.html
It's a really rather simple setup that checks the webpage once each hour. If the webpage contains "It is stolen", then you do the reports-generating and whatever.
"Rune Kristian Viken" - http://www.nwo.no - arca
Expecting that whomever steals it will merrily go home and plug it into an ethernet jack is a bit too much, I think.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
lol, if you think some lame BIOS password you could well have a stiff surprise waiting the day they take the HD out!
Without encryption
Physical access == data access
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
System: Apple iBook running OS X Panther.
... also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up.
Start by checking the apple.com website and see what options you should begin with. One observation above is to use File Vault to secure your personal data. This is all well and good, but it makes it tough to take one of the later steps.
In the event of its theft, I would like to have the thing send me its IP address
As has been noted this is not difficult. Set up a cron job, or even a boot job to find out the laptop's IP address (ifconfig |grep inet |mail me@myisp.com -s 'iBook's IP") and you get the ip on the lan in the body of the e-mail, and the external IP in the headers. Presuming smtp is not blocked. If you install the perl libraries for Jabber, you could even send a jabber message via a similar process.
Note that if you have been rsync on a regular basis to backup your personal data, which can be done across an ssh session, you may not need to do any sftp backups, and you could have a cron job take care of this so you are covered.
Several of the posters above have noted that you could use wget to pull down a "hidden" page on your personal web server with instructions. For that matter you could build a script that would be posted to that page, perhaps with a marker character before each line, (such ah $) that you grep out of the downloaded page, cut the first character out of the line, then save it with a random name, chmod the file to executable, then execute it. At that point the script could be doing anything you ask of such a script. Including downloading executables, and even running 'dd -if=/dev/null -of=/dev/disk0' to wipe the hd yourself.
Elsewhere others have noted that if the thief wipes your hard drive before they re-boot it, none of this works. That's as good of a reason as any to schedule backups of your personal data. It won't help you recover the laptop, or tell the police where the laptop is, but at least you have your personal data.
This also won't help if your laptop is not connected to a network of some sort. If they pull your HD and toss it into a second computer as a secondary drive, then you will want to have all of your data in a 'file vault' to restrict access. Sure with enough time they can break the encryption, and ultimately start performing identity theft on you, but the time involved is unlikely to be worth it to such a person. It's far more likely that they will wipe the drive, pawn the laptop, and hunt for another laptop that is not going to take so much effort to access the user information on.
Then again, these are just my opinions. I have been known to be wrong, so I do wish you good luck.
-Rusty
You never know...
In addition to one of these "mailer" ideas, might I suggest having some "hard" evidence that it is, indeed, your computer (besides it having gone to the page that you asked it to or whatever).
:) My iBook is insured with the rental company where I got it (I'm poor, but I still gotta have a mac!). The first thing they ask for on a claim is "serial number", so this may be perfect, really.
0 330144040245#comments
Make it send you the serial number
Check out this link on macosxhints: http://www.macosxhints.com/article.php?story=2004
It describes how to write a bash script to get your machine serial number! Very, very cool.
BOL
Bard
I never stole anything in my life, but for a while a few years ago I was helping some 'questionable' friends wipe out machines of 'questionable' origin. At the time it was a way to feed myseld and get deals on hardware, I'm not into that sort of thing anymore.
You can be SURE that if a laptop gets stolen, the kids that wiped it are going to take it straight to their local geek who will boot the machine off a CD and wipe the drive. Usually stolen goods go right into local low-level organized-crime units for 'laundering' and appraisal.
My advice is to not allow your iBook to get stolen in the first place. I tote my PBG4 AL with me everywhere I go, it's never out-of-sight, not even when I hit the bathroom at my local coffee joint. Do backups and get homeowners/renters insurance on it and encrypt your home folder.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails