MacTricksAndTips.com

Hey

If you have a laptop or a normal Mac and you are interested in a way to find out the culprit of the person who has stolen it you Mac there are a couple of applications out there which can help you. Although you can use these, they are not as fun as making your own. This post will go through the steps needed in creating your very own thief catcher script that will take pictures of the culprit and email them back to you. It has taken me a couple of days to get this script working and I think it does the job well. Like many programs there is always more than one (better) way of doing it. I have previously written a shell script previously to log cpu load. It is located here. This script builds upon that previous post.

The idea behind this script is simple. There is a file stored on your web server. Every 5 or so minutes this script will check this file. If you have found that you laptop has been stolen you change this file. Your computer will then take pictures of your thief, along with your computer IP address and other information. It will then email this back to you so you can contact the authorities and get your Mac back. This script is by no means perfect. But it is the method I have developed. It works which is the most important thing.

Prerequisites

There are a couple of things you need before you can use this script.

• iSightCapture. A command line tool to take pictures through your iSight.
• Wget. I’ve used wget to download various files in the script. I think it is better than the built in version curl. If you don’t have it ready read the tutorial or download the file below (its not here because the download plug-ins screws with the css formatting).
• Email which is not frequently used.
• Web server. If you don’t have a web server there is another method to using this script. Although you can get some form of free hosting on the net.

If you are ready to begin, the best method is to download the script. So I can walk you through the script.

Wget For Mac (94.6 KiB, 615 hits)

Anti-Robber Script (1.9 KiB, 870 hits)

Extract the file into a location that a robber will not likely find. Put it in lots of sub folders. Then open the file in your favourite text editor. I prefer TextMate due to syntax highlighting. It makes reading the script a lot easier.

The Code

In this section I will move down the script line by line (bypassing comments). I will tell you what they mean and why they are there. As well as if you have to change anything. You do have to do a couple of extra steps to make it work. It doesn’t work right out of the box.

#!/bin/sh

This first line tells Terminal that we are running an shell script. This makes sure we are running the right interpreter.

robber=`wget http://www.example.com/file.html -O - -o /dev/null`

This is file you will change if you have found that your Mac has been stolen. The file should be stored on your server. It should contain anything but the number one (1). Type in anything you want so it isn’t a blank file. This is a variable that will be used to determine a function within the if statement.

thedate=`date`

A lot of the file names will include dates within them so you know what time the image was taken. This variable sets the date. This is so the same date number is present over all of the functions within the script. The script takes a while to execute, we don’t want it changing.

path="/A/Path/To/Hidden/Location/"

This is the file path to where you want to store your files. Make it well hidden. Make sure to include a backslash at the end and the beginning.

if [ "$robber" != "1" ]; then
echo Test Done At $thedate, Pass >> $path"Checks".txt

This is the main if statement. The first line basically means if you find anything but the number one then do the second line. The second line writes to a log file that the check has been completed. This includes the data and the word “Pass”. It will then write it to the end of the file stored in your secret location. If you have read the previous post, I developed a method in which it would right to a different file and then combine them. I did this because I couldn’t work out how to write to the ends of files. The double arrows (>>) do this for you.

exit 1
else

This exits with a 1. I don’t know why I did this, all the examples of if statements scripts I looked at included it. The else section sends us onto the bulk of our code.

The Business End

This section is where the magic happens. It will format a variety of information and send it in a file. The system information includes the external IP address, Internal IP address, Mac Address as well as your Serial Number. Please note that you need to put the full path to wget (usually /usr/local/bin/wget) for it to work. I didn’t realise this, as a result it was not included in the scipt.

extip=`wget www.whatismyip.com/automation/n09230945.asp -O - -o /dev/null`

Another variable (the number is used many times in the script. It gets your IP address from a file provided by the site. It will then send this file (because it uses wget) and prints it to nowhere. The important factor is that it stores this IP value in memory for later use.

echo 'A robber has been logged at the computer here are the details:' $thedate >> $path$thedate.txt

The start of the text file containing the details. It does a simple message thats includes the date and will store it in a new file. You don’t have to create this file the double arrows will do that for you.

echo External IP Address: $extip >> $path$thedate.txt

This will print the external IP address of the computer to the next line on the file. This assumes that the computer is connected to the Internet (more on this little aspect later).

echo Hostname: `host $extip | awk '{print $5}'` >> $path$thedate.txt

This section will get the host name of your computer by using the host command. This simply lets you know the ISP of the user using your computer, making the IP address easier to track down. The command accesses the host command with the IP taken from whatismyip. It will then print the piece of information that we need by cutting it out of the output. It will then put this piece of information at the end of the file we are creating containing out thief’s information.

echo Mac Address: `/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` >> $path$thedate.txt

This takes the Mac address of your computer and prints it to the file. The awk section is a simple command that searches the ifconfig command for the piece of information we need. It will then change the syntax slightly and print it to our file.

echo Internal Address en0: `(/sbin/ifconfig en0 | awk '/inet / {print $2 }')` >> $path$thedate.txt

This will take the internal IP address of Ethernet card en0. It will print it to your file.

echo Interal Address en1: `(/sbin/ifconfig en1 | awk '/inet / {print $2 }')` >> $path$thedate.txt

This does exactly the same as the previous command but it will get the IP address of the wi-fi card. If you have more than one network card repeat that command changing en0 and en1 as you see fit.

echo Mac Serial Number: `ioreg -l | grep "IOPlatformSerialNumber"| awk '{print $4}'` >> $path$thedate.txt

This final command will get your Macs serial number from a long list of serial numbers that are stored on your computer and print it to your file. When you get round to running the command you will end up with something that looks like this.

A robber has been logged at the computer here are the details: Wed 3 Sep 2008 12:23:14 BST
External IP Address: 123.123.123.123
Hostname: hostname.example.com
Mac Address: 123456789098
Internal Address en0: 192.123.123.123
Internal Address en1: 192.123.123.124
Mac Serial Number: "12345678909"

The next section is rather tricky. It involves taking a picture with your iSight camera. As a result you have to do a couple of extra steps due to security steps taken by Apple.

First open up your Apple Script Editor in Applications > AppleScript > Script Editor and then type the following:

do shell script "/path/to/isightcapture /hidden/path/to/folder/isightimage.jpg"

Go to File > Save As. Set the File Format to Application Bundle. Save this File. Then, in Finder, right click on this file and Show Package Contents. Open Info.plist in Content. Open TextEdit or similar and add the following under <dict>. Then save the file out.

<key>NSUIElement</key>
<string>1</string>

You have to do this because Apple has disallowed a setting somewhere so you can’t run the iSightcaputre script from Terminal or cron. You can type the command in fine but you can’t do it through an automated script. A work around this is to run the command in AppleScript. This will save our image as normal. We can then use that image later. The added key in the plist file will stop the thief from seeing the bouncing Applescript icon. The only thing you will see is the small light from your iSight briefly flashing on.

Back to our shell script we should be at this line:

open $path"isightscripts.app"

This will open up the AppleScript file we have just created.

sleep 5

To stop the script from moving on before the image has been take we let it rest for 5 seconds. If you iSight camera take a lot longer to take a picture, change this value.

mv $path"isightimage.jpg" "$path$thedate.jpg"

This will rename the isight image take with Applescript into the syntax which we are using. This syntax includes the date. Note the “isightimage.jpg” portion should match up to the name in the Applescript.

screencapture -t jpg -x "$path"desktop"$thedate.jpg"

In the UK (and probably everywhere else) it is a criminal offense to modify files and folders without your permission. Since you don’t give the thief permission, they commit the offense. As a result this line will take a picture of your desktop and add it to the list. You can then show the jury that the thief was messing with your files and folders and as a result you can claim damages and compensation. The -x option in the file name makes sure the command doesn’t make a noise, it normally would.

zip -D "$path$thedate.zip" "$path$thedate.txt" "$path$thedate.jpg" "$path"desktop"$thedate.jpg"

This final section will zip up the three files. I spent ages trying to get more than one attachment to be sent with mailx (Terminal Mail), as well as a message body. It wouldn’t work. The simpliest method was to simply zip them up and email them as one .zip attachment. This also means that the files are also stored on your computer, compared to being in variables.

uuencode "$path$thedate.zip" "$path$thedate.zip" | mailx -s "Robber Logged on $thedate at $extip" email@example.com

This final command encodes the zip file into a binary file that can be sent along the Internet. I’m not 100% sure why you should do this, but all the posts on the Internet mention this method. In this line you need to change the email address to something that you would not normally use and the login passwords are not stored on your computer. The email that will actually be send will contain a subject which includes the time and IP address and then a blank message body with an attachment. For some reason mailx does not allow you to send an attachment and a message body. I have checked this and gmail accepts the email. The email will not come from a normal address, an amalgamation of your computers name and IP address. You will understand what I mean when you test the script out.

echo Test Done At $thedate, Fail >> $path"Checks".txt
exit 0
fi

The final lines simply log the information to a log file and exits. It also includes the end to the the if statement.

Hopefully you have understood everything in the script and modified the script to suit your computer and location. The final steps are to add it to cron and make it executable.

Final Steps

The final steps are simple. First open up Terminal and use the cd command to change the directory to where you script is located. In Terminal type the following:

chmod +x scriptname.sh

This will allow the script to be executed in Terminal. For some reason the execute command doesn’t transfer when I zip it up and put it on my server.

The next step is to check to make sure it works. Very important. Type the following:

/path/to/script/scriptname.sh

This script assumes that you have everything in place, such as a web file. If the file on your server is not 1 then your log file should say “Passed”. Check it again by re-running the script with the server file containing the number 1. It should zip up all of the information and send it to your email. If all works the log file should say “Fail” and you should receive an email. If it doesn’t somewhere along the line something has gotten mixed up. Check Terminal to see what the error is and to see if you can fix it.

The very final step is to add it to cron. In terminal once again type:

crontab -e

Press “a” to go into insert mode. Then type the following:

*/5 * * * * /path/to/script/scriptname.sh

Then press escape and type the following without quotes: “wq!”. This will set up your crontab. Every 5 minutes it will check your server to see if anything has changed and run the script. As asked by whatismyip, you should not run the script more frequently than that, so you don’t pound their server.  This is so you don’t put to much load on there server asking for your IP address.

If all goes to plan you should be informed by your email address that the thief has been located, it should also send the images along. This script does rely on a couple of things. It is by no means perfect. For example it needs the Internet to work. If you don’t have the Internet then the script will not work. As well as this it also needs a server to check. In tomorrow’s post I will talk about how you can run commands by receiving an email. This means you don’t need to have a webserver.

Update: You can read up on how to control this script by email by reading How To Control Your Mac By Email.

If you want you can improve the script further. For example you could include commands to change your background, letting the thief know that you have their information and the police are on the way. You could change you login password so they can’t login, delete browser and keychain passwords to increase your security. One final note is you could change the scripts file location to temporary system folders. Theses are usually more secure. If you have any questions, comments or improvements please leave a comment. I want to hear what you think.

If you want to take your skills with Terminal a bit further I recommend you check out the Terminal Category on this site. If you fancy reading a book there is a couple on Amazon that I regularly see mentioned and recommend, O’reilly Unix Geeks and Unix Under the Hood both are designed for Mac OS X and take Terminal further.

If you want to keep up with the latests post from Mac Tricks And Tips I recommend you subscribe to the RSS Feed.