Gordon Dexter on 13 Aug 2010 21:00:23 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Laptop recovery--useful data to collect?

JP Vossen wrote:
Date: Tue, 13 Jul 2010 22:01:52 -0400
From: Gordon Dexter<gordon@texasdex.com>
Subject: [PLUG] Laptop recovery--useful data to collect?

I'm setting up my Eee 901 netbook with a 'phone-home' type shell script
that will collect various data in the event that it is stolen.  I used
to have Adeona but I found that DHT is no longer working, and that
didn't get webcam shots anyways, so I thought I'd roll my own.  The
script will check for a certain subdomain that I will only create when
the laptop is stolen, and then make a tarball with info that might help
me find the thief and get my laptop back.

So far I'm getting
*webcam frame grabs using streamer
*screen captures with scrot
*wireless network scan (iwlist)
*IP address and routing info of course

It's all uploaded to an https webdav server in my living room.  Does
anybody have any further suggestions as to information to collect that
might lead to the laptop's recovery in case of theft?  Anything else the
script should do that might be useful?

I know this probably won't do much in most cases, since professional
thieves will just format it and resell it, and it might still be hard to
recover the laptop even with all this info, but this is in part a
theoretical exercise/just for fun.  Ideas?

* http://ask.slashdot.org/story/10/07/12/2253218/Retrieving-a-Stolen-Laptop-By-IP-Address-Alone
* http://ask.slashdot.org/comments.pl?sid=1716946&cid=32882378
* http://preyproject.com/

I'd be interested to see the script when you are finished.

I know I'm not the best shell scripter but this one seems to work. Watch out though, I once managed to accidentally delete the contents of /bin on one of the campus servers with a shell script I wrote that was supposed to delete old webcam images. :-)


#GPL software by Gordon Dexter if anybody cares to use it


#The host must be created to activate the tracker
host $ALERT || exit

#Create working dir
WORKDIR=$TMPDIR/snap_`date +%F_%R`
mkdir -p $WORKDIR

#Save previous camera state and enable it--this is Eee PC specific power management
OLDCAM=`cat /sys/devices/platform/eeepc/camera`
echo 1 > /sys/devices/platform/eeepc/camera

#Take snapshot
streamer -c /dev/video0 -o $WORKDIR/webcam.jpeg

#Restore camera state -- again Eee PC specific
echo $OLDCAM > /sys/devices/platform/eeepc/camera

#Take screenshot
scrot $WORKDIR/screencap.png

#List nearby wireless networks
iwlist ra0 scan > $WORKDIR/iwlist
ifconfig > $WORKDIR/ifconfig
route -n >> $WORKDIR/route

TARBALL=$TMPDIR/message`date +%s`.tbz2
tar -cjvf $TARBALL $TMPDIR/snap_*

#Attempt upload
curl -u $DAV_LOGIN -T $TARBALL $TARGET | grep "has been created"

#If upload succeeded delete snap directories
#If it didn't work (e.g. no internet) it will leave them there until it manages to upload them

if [ $WORKED ]
   rm -rf $TMPDIR/snap_*

#Delete tarball


I just put it in cron to be run every ten minutes or so. It should be noted that it doesn't actually get an external IP, so if it's behind NAT I'll have to get the IP from the server logs. I made that choice since I occasionally take this laptop to work and don't care to raise any red flags (I originally intended to have it run all the time, perhaps more frequently when it was activated).

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug