Jacktrack - Stolen Laptop Tracking for my Macbook

Macbook Built in iSight Camera

I wrote this BASH script in hopes of being able to track down my laptop should it ever be stolen. Whenever the laptop boots up or wakes up from sleep mode, it will take a picture using the built in web cam and also snap a screen shot. It will then upload the images to my server. I could use the connection logs to track geographically the location of my laptop. I may get clues from the pictures it snaps as well. It is a cheap (free) and effective lo jack for one's laptop. I drew off of a few other web resources to make this work. I'll try to give a step by step guide in case anybody else wants to set up something similar.

Notes and Liability: To use the jacktrack script, one must have ssh access to a server. I post this online simply to share my own experiences, and maybe to guide someone else through some of the process but this is certainly not a generic tutorial. One must have a very good understanding of the processes embarked on here. While I encourage you to explore new things, I accept no liability for anything you might mess up.

First Steps

The first step was to create a new user on my server, jacktrack. This user account is used by the macbook to login to the server. This account shouldn't have much power on your system. It must be allowed to connect with ssh and allowed to write to its own home folder.

I then created a ssl certificate so that the jonjack user could connect to the server via ssh without a password. I think i mostly followed this tutorial for setting up the ssh keys. However I think in my case, I installed the certificate to the server with the webconfig interface.

Next I needed a working directory on the mac, so i created /jacktrack to hold the scripts and pictures. Download isightcapture, a utility to take a picture with the isight webcam from the command line. isightcapture.zip The zip file file contains documentation for the tool. I simply extracted the isightcapture executable to the /jacktrack directory.

Tip: Bash scripts are easily troubleshot by running them with -x argument.
macbook:~ jonathan$ bash -x /jacktrack/jacktrack.bash

Main Script

# Original iSight Auto Upload Script - by Dylan O'Donnell 2006 # Edited for ssh and made more awesome by Joel Gillman 2009 # Edited for specific application by Jonathan Jackson 2009 ##################################################### # Notes : You must have ssh-keys setup with the server you are # : uploading to before hand. Otherwise this will not work. # : # : Try here for tutorial on ssh-keys # : http://www.webficient.com/2007/11/16/mac-and-ssh-keys # ##################################################### # Generate file name based on date stamp picture=$(date +%y%m%d_%H_%M_%S)_pic.jpg; screen=$(date +%y%m%d_%H_%M_%S)_scr.jpg; # Take iSight Photo and store with date stamp file name /jacktrack/isightcapture -w 640 -h 480 -t jpg /jacktrack/pics/$picture; # Take screen capture /usr/sbin/screencapture -C -m -t jpg -x /jacktrack/pics/$screen; #upload the pictures to the server /usr/bin/scp /jacktrack/pics/* jacktrack@serverFQDNaddress:"/home/jacktrack/pics/"; if [ $? -eq "1" ]; then # this checks the exit status of the scp command, if there was no internet connection # or the upload failed then the echo command reports it and the script finishes. # the screenshots and images will be saved and uploaded another time echo "No Connection, Images neither transferred or deleted."; else # this deletes the local images and should run under normal circumstances after a successful upload rm -f /jacktrack/pics/*.jpg # delete remote files older than 14 days # the find command outputs all files with a last modified time greater than 14 days # the list of files is then deleted by the xargs and rm commands ssh jacktrack@serverFQDNaddress find /home/jacktrack/pics -type f -mtime +14 \| xargs rm -f; fi

Sleepwatcher

After getting the jacktrack.bash script working, it was time to set up OS X to run the script automatically and without drawing too much attention to itself. I found the best way to do this was to use sleepwatcher, a free utility that runs programs when the computer wakes up.

I had to change the sleepwatcher file slightly to make it work right. I'm not sure what exactly this changed, but I wonder if it has something to do with Apple trying to secure the terminal from such automatic scripts. Here is my modified rc.wakeup file. The .wakeup file in my home directory just runs the /jacktrack/jacktrack.bash script.

for user in `echo 'show State:/Users/ConsoleUser' | scutil | awk '/kCGSSessionUserNameKey/ { print $3 }'`; do home=`eval echo ~$user` if [ -x "$home/.wakeup" ]; then logger -t $0 "executing .wakeup of user $user" su $user -c "$home/.wakeup" #removed a hyphen before $user to make cam work. fi done

Boot Script

Login ScriptsAnd finally, to get the script to run during start up and user login, I wrote an app using applescript that executes the bash file, hiding output, and just showing a bouncing applescript dock item during execution, then closing automatically. It really doesn't stand out very much, and a thief would have to suspect it was there in the first place to really notice it. I added the applescript app to the login items through system preferences. And remember, if you ever have to use this to recover your laptop, you will find the missing laptop's IP address in the server's security logs along with possible pictures of the thief! :-)

Demo Pictures