Published by nick on 05 Jun 2008 at 06:56 pm
Phone Home Script to Protect Your Laptop
Let’s say your laptop is stolen. Wouldn’t that be awful?
Now, what if you had a way to track down the person that took it and get it back?
Using Linux or Mac, it’s easy. let’s take a look at a script that will do this for you. It will take you less than 5 minutes to set up.
Save the above in /tmp/phone.bash (change $yourserver to a place where you can have a file hosted), then set add a crontab entry to have it run every 5 minutes:
*/5 * * * * /tmp/phone.bash
What does it do? Every 5 minutes, this script will run, and it will execute whatever code you have placed in the phonehome file on $yourserver. By default, I have my phonehome file just set to run true, which does nothing. But if my laptop gets stolen, I modify the phonehome file to include bash commands. I have the full power of bash on my laptop as soon as the thief connects to the internet. Imagine the possibilities. Here are some ideas:
- traceroute - Let’s go ahead and get his IP address and where he is at. We should be able to give this to the police who can then contact his ISP and get his address. Save the output and copy it to $yourserver:
traceroute > /tmp/traceroute.out
scp /tmp/traceroute.out $yourserver:/tmp/theiftracerouteTip: Set up ssh without a password to $yourserver so you can easily send information back and forth with
rsyncand/orscp. - Keystroke logger - Now let’s record everything he types. Using bash, we can download, install, and run a keystroke logger. Here’s one that works for OSX
- Take a picture - If you have a Mac with a built in iSight camera, you can use isightcapture to take a pictures of the thief and send them to you!
curl –silent "$urlforisightcapturescript" > /tmp/isightcapture
chmod a+x /tmp/isightcapture
/tmp/isightcapture –file /tmp/pictureoftheif$RANDOM
scp /tmp/pictureoftheif* $yourserver:/tmp/Update:. See my post on automatically capturing pictures with isightcapture
Someone. Please. Steal my laptop. I can’t wait to use this.
mike on 05 Jun 2008 at 9:45 pm #
It sounds pretty cool, but the idea of blindly executing the contents of a script, even on a server you control, kinda scares the crap out of me. Maybe put in some shared key signing or something? I don’t know, it just seems like a potentially big hole.
Dave Gullo on 06 Jun 2008 at 8:03 am #
Yeah, Leo Laporte was talking about that on the radio this morning. A person got their camera gear stolen, and the camera had some type of auto-upload functionality to her Fickr or Picassa over wifi. The thieves were caught because of hundreds of pictures they took of themselves. While LoJack for laptops is nothing new, you take it to a whole new "roll-your-own" level.
… regarding software: when people say why don’t you just use "X", I say, because I wrote "Y"…
Artem Russakovskii on 14 Jan 2009 at 12:10 am #
Of course, if the thief didn’t reinstall the OS immediately, he deserves to be caught, otherwise lojack will probably do a better job/
At the end of the day however, the data on the laptop is more important, which is why I would use a full volume encryption method, like BCVE, or whatever the Mac users fancy.
JohnQ on 25 Oct 2009 at 4:21 pm #
On small modification … I was using wget and after the initial file was downloaded any newly downloaded files from the server were being placed in new files like this: /tmp/phonehome.1 /tmp/phonehome.2 etc.
Obviously, the script on the Mac that you’re hoping would execute the new commands doesn’t know about the new file names, so I add this to the top of the script:
if [ -s /tmp/phonehome ]
then
mv /tmp/phonehome /tmp/phonehome_$RANDOM
fi
…. then the rest of the script like it is above……..
Also, make sure cron can see any commands you want executed in /tmp/phone.bash … to be safe put full pathnames to anything you want run.