FYI: Suppose your mac gets stolen, ...

Discussion in 'Mac Programming' started by x s, Dec 27, 2008.

  1. x s macrumors newbie

    Joined:
    Dec 27, 2008
    #1
    Just wanted to share this with you guys:
    the following script keeps you up to date about it's environment, in short it:

    - takes pictures with the built-in iSight webcam
    - takes screenshots
    - scans for networks (SSID, MAC-addresses, ...)
    - collects minor activity stats (uptime)

    and sends all this information to your webserver. Continuously, every 5 minutes (by default), and it runs as a daemon (which means no users have to be logged in, it'll run from the loginwindow too)

    Here's what you need:
    /Applications/Utilities/Tickle/tickle.sh
    Code:
    #!/bin/sh
    # Edit these first few rules
    url="http://host.myserver.com/logger.php"
    
    wdir="/Applications/Utilities/Tickle"
    scpLocalScreen=$wdir"/.screenie.gif"
    scpLocaliSight=$wdir"/.isight.jpg"
    scpLocalNetwork=$wdir"/.netwerk.txt"
    scpScreenpath="WWW/screenie.gif"
    scpiSightpath="WWW/isight.jpg"
    scpNetworkpath="WWW/netwerk.txt"
    scpUser="johndoe"
    scpServer="host.myservers.com"
    
    # Stop editing here, code follows
    # Feel free to copy, share, edit, etc. - xaviersmet [at] <google's popular mailservice>.com
    
    echo "Tickling - now is $(date)"
    
    ####################
    # 1. Ping logger.php
    echo "Step 1 - logger.php"
    ####################
    macaddress=`(/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }')`
    fullurl=$url"&data=macaddress_is_"$macaddress"&iam="`whoami|tr ' ' '_'`"&up="`uptime|tr ' ' '_'`
    curl -s $fullurl >> $wdir"/.curlLog"
    
    #######################
    # 2a. Afbeeldingen maken
    echo "Step 2 - screenshot & isight\c"
    #######################
    PID=$(ps -A | grep loginwindow | grep -v grep | sed -e 's/[ ]*\([0-9]*\).*/\1/' | head -n 1)	#PID = pid of loginwindow
    echo "  PID(loginwindow)=$PID"
    launchctl bsexec $PID screencapture -x -t gif $scpLocalScreen
    echo $(date)" iSightcapture: \c" >&2
    launchctl bsexec $PID /Applications/scripts/isightcapture -w 640 -h 480 -t jpg $scpLocaliSight;
    
    #######################
    # 2b. Airport-netwerken scannen
    echo "Step 2b - Scanning for WiFi"
    /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s > $scpLocalNetwork
    #######################
    
    #######################
    # 3. Uploaden
    echo "Step 3 - Uploading images (SCP)..."
    #######################
    echo "\t\c"
    scp -q $scpLocalScreen $scpUser@$scpServer:$scpScreenpath
    echo "\t\c"
    scp -q $scpLocaliSight $scpUser@$scpServer:$scpiSightpath
    echo "\t\c"
    scp -q $scpLocalNetwork $scpUser@$scpServer:$scpNetworkpath
    echo "\nDone."
    
    A few notes though:
    - to make scp work, you should be able to ssh to your server, and not have to provide your password. See "man ssh-keygen" for help on this. In short, ssh-keygen: put your public key on the server, in ~/.ssh/authorized_keys, and the private-key file (local in ~/.ssh/identity) must be chmod'ed 600.
    - the script was based (originally, the code is actually 100% replaced) on a small tool called Tickle, hence the name.
    - you should have isightcapture installed (in my case it's in /Applications/scripts/)
    - screencapture is osx default I believe
    - if it still won't work, try "Enable access for assistive devices" check in "System preferences -> Universal Access", might have something to do with it
    - the logger.php script on your server:
    PHP:
    <?
    $file "log.txt";
    $fh fopen($file'a') or die ("Can't open ".$file);
    $data =  
    "\nIP    :=" $_SERVER['REMOTE_ADDR']."//".getenv('REMOTE_ADDR').
    "\nDATE  :=" date('l d-m-Y, H:i:s').
    "\nDATA  :=" $_GET['data'].
    "\nI AM  :=" $_GET['iam'].
    "\nUPTIME:=" $_GET['up'].
    "\n--------"
    fwrite($fh$data);
    fclose($fh);
    echo 
    "Kthx";
    ?>
    - the daemon (service that makes the script run every 5 minutes): /System/Library/LaunchDaemons/com.x4s.tickle
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
            <key>Label</key>
            <string>com.x4s.tickle</string>
            <key>ProgramArguments</key>
            <array>
                    <string>/Applications/Utilities/Tickle/tickle.sh</string>
            </array>
            <key>RunAtLoad</key>
            <true/>
            <key>StartInterval</key>
            <integer>300</integer>
            <key>StandardOutPath</key>
            <string>/Applications/Utilities/Tickle/log_stdout_tickle.log</string>
            <key>StandardErrorPath</key>
            <string>/Applications/Utilities/Tickle/log_stderr_tickle.log</string>
    </dict></dict>
    </plist>
    I've been working quite some time on it (mostly figuring out how to make things work, Googling for help, finding nothing but "that's not possible")
    Any advice, comments, questions are welcome :)
     
  2. Me1000 macrumors 68000

    Me1000

    Joined:
    Jul 15, 2006
    #2
    I like!

    My biggest concern however if the performance to the user, I dont think I would want all that information being logged unless my machine was stolen.

    The easiest way to get around this is have the script check the value of a variable (perhaps set in the PHP file), if the variable is set to "0" the machine is fine, but when the user sets the value of the variable to "1" the script sees the machine has been stolen, and then logs the information.
     
  3. x s thread starter macrumors newbie

    Joined:
    Dec 27, 2008
    #3
    True, I've been thinking about that too, but I don't really care :)
    The solution I had in mind was to check whether your local Airport base station is nearby - so check whether an AP with a hardcoded (your AP's) MAC-address is found.
    (Using /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s)
    Only problem there is you need to have Airport turned on.
    Problem with the "check a server"-method is that you need to go to the server and modify the variable - which might be a problem, if your (only) computer is stolen, or if you're on holiday, away from home.

    But it's a script, so feel free to tweak it to your needs ;)

    Edit: now that I think of it, if you happen to have one of those jailbroken iPhones and have a shell installed, it should be possible to run this on your iPhone too. But you'll have to see whether screencapture exists there, and you'll have to turn off isightcapture as well. And probably change the path to "airport" too. But hey, if you own an iPhone, it probably worth being able to track it :)

    If anyone has a spare jailbroken iPhone and would like to support the development of such a tracking tool, please contact me ;-)
     

Share This Page