orbital_station

Laptop Guardian

20 posts in this topic

#1 ·  Posted (edited)

First of all hi, I have been reading this forum for a while now and this is my first post.

I am planing to make some kind of anti theft script for my new laptop. Well more like a tool to help retrieve a stolen one. 

My script will have these modules, some of them I already implemented:

-keyloging

-screenshot taking

-integrated camera recording

-mail sending

-runs on startup, hidden

My question is, what else am I missing? What would be usefull to have?

 

I know there are already various software packages for all this stuff but I want to learn and do it myself.

If I sound like a noob, that because I am :) 

My assumption is the person who takes it will not be a programmer or very knowledgeable of programming. Just your everyday thief who will probably try to sell it or use it and not wipe/format it.

Thanks

Edited by orbital_station
1 person likes this

Share this post


Link to post
Share on other sites



Just realize that, per the forum rules, about half of what you're planning you won't be able to discuss or ask questions about on this forum. Please ensure you're familiar with the rules before continuing.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I realise that, for now I don't need help with the coding, just ideas about features it might be good to add to my program that will help me to get my laptop back.

Edited by orbital_station

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

I think the most difficult thing will be to dial home. Even if you just have an IP address you have something for law enforcement to go on. It needs to be absolutely flawless. You cannot, therefore, rely on the ability to send an email. Especially not through SMTP. It must be something trivial. Something standard. HTTP at port 80 is a good candidate, but be aware of HTTP proxies which may block your requests or be unavailable. Have a bunch of different ways to dial home and think of absolutely everything that can interfere with that dial home ability and take it into account.

Edited by Manadar

Share this post


Link to post
Share on other sites

Just make sure that the AV does not kill your script while its doing its job :P


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Spoiler

My contributions to the AutoIt Community

Some messages & Apologizes:

If I hurt you, Please accept my apologies, I never (regardless of the situation) mean to hurt anybody!!!

Also, I am very busy with my project so I will appear in the last row of the online list, if you want to contact me: Email@TheDcoder.xyz

Or you can have a nice chat with me in freenode, I use the same nick on freenode too!

3fHNZJ.gif

PLEASE JOIN ##AutoIt AND HELP THE IRC AUTOIT COMMUNITY!

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Some sort of fancy rootkit that can survive a format.

You know that exists right? Hard disk firmware can be flashed with modified code. Recently people been doing interesting things with that. 

https://en.wikipedia.org/wiki/Rootkit#Firmware_and_hardware

Edit Also what is the first thing you do after a reformat? You connect it to the internet to download updates and drivers. What if I flash your home router so it uses known exploits against Windows the moment that you connect?

It's honestly not even that hard.

Edited by Manadar
3 people like this

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Hard disk locking and if your program could set a bios password in your laptop it would be great.IP location sending,automating system shutdown if the lap is theft

Edited by Surya

No matter whatever the challenge maybe control on the outcome its on you its always have been.

MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition)

Share this post


Link to post
Share on other sites

Hard disk locking and if your program could set a bios password in your laptop it would be great.IP location sending,automating system shutdown if the lap is theft

Well I dont want to lock it down completely. I want to keep it usable so I can gather enough information about its new owner. If I render it unusable a thief might just throw it in the trash, or suspect of some malicious code and try to get rid of it. I am not doing this for data protection, my ultimate goal is getting it back.

Tho disabling boot from any external source in bios and setting password seems like a good idea. Thx

Share this post


Link to post
Share on other sites

You know that exists right? Hard disk firmware can be flashed with modified code. Recently people been doing interesting things with that. 

https://en.wikipedia.org/wiki/Rootkit#Firmware_and_hardware

Edit Also what is the first thing you do after a reformat? You connect it to the internet to download updates and drivers. What if I flash your home router so it uses known exploits against Windows the moment that you connect?

It's honestly not even that hard.

Yes, I'm aware it's possible, I've just never had call to look into how, just know it would be a good method for OP.

Thanks for the link.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

I saw a thing where if you don't press a key while your system is booting, the bootloader goes into a honeypot OS basically. You can even have the other partition with your real OS be encrypted. Then do all the bad things like constantly capturing camera input in the honeypot OS. It would be good.

1 person likes this

Share this post


Link to post
Share on other sites

Not all thieves are cautious and reset the machine carefully, so low-tech simple approaches can still have a good chance and don't need an army of firmware engineers. Rename your main, live account to "Testing" with a strong pass (can be bypassed but that's another story). Then create a secondary account with a name sounding "serious" (or catchy for young men, like "Angela") with no password. You have a chance the guys will be curious and try it. Populate it with enough standard programs (FF, Office, ...) and some real-looking but dummy data to fake a live account.

There are many things you can do to maximize odds of grabbing useful information. Silently starting monitoring code cleverly named for taking front & back pictures, dropping them on Dropbox or somewhere (mailing will work fine too since that leaves traces) covertly as soon as they connect to the internet, along with the IP and timestamp, etc. That would also be a legitimate use of a keylogger + screenshot capture and send, but let's don't discuss that here. Point browsers home page to a phony website grabbing information from the machine (IP, ...).


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Set the process as critical, because it can be simply terminated by the task manager.

And also a screenshot taking after the thief opens the lid. ;)

1 person likes this

Share this post


Link to post
Share on other sites

Add this to your script 

;......................
;.............commands

OnAutoItExitRegister ("Recall")

Func Recall()
Run (@scriptname &".exe","",@SW_HIDE)
endfunc

Do this so that if the program exits an another instance of the same program is toggled by the same program that way the program dies creating another instnce of the dead one hope i helped

1 person likes this

No matter whatever the challenge maybe control on the outcome its on you its always have been.

MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition)

Share this post


Link to post
Share on other sites

     Add this to your script 

;......................
;.............commands

OnAutoItExitRegister ("Recall")

Func Recall()
Run (@scriptname &".exe","",@SW_HIDE)
endfunc

Do this so that if the program exits an another instance of the same program is toggled by the same program that way the program dies creating another instnce of the dead one hope i helped

Cool idea and quite useful against a beginner thief, but 3 clicks in the task manager to terminate. Try to make another script, with this code:

#NoTrayIcon
#RequireAdmin

Global Const $script_name = "YourGuardianProgram'sFilename"
Global Const $script_path = @ScriptDir & "\" & $script_name & ".exe"
Global Const $action_when_program_terminates = 1
Global Const $check_interval = 10

; 1 = Restarts the computer
; 2 = Kill the task manager if exists, and restart the guardian

While 1
   If ProcessExists($script_path) = False Then
      Switch $action_when_program_terminates
         Case 1
            Shutdown(6)
         Case 2
            ProcessClose("taskmgr.exe")
            Run($script_path)
      EndSwitch
   EndIf
   Sleep(10)
WEnd

;add the Run("2ndguardianpath") and this code to the main guardian's program, but modify the $script_name constant to this program's name

I hope it will useful for you :)

1 person likes this

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

Very nice idea to run two scripts parallel TheShadowBlade <snip>

Thanks for sharing, another cool idea ^_^

And I was finished my virtual disk manager example. I think it can be useful for this project (works under Windows 7 and 8, tested under 8):

#RequireAdmin
#NoTrayIcon

Global Const $vdisk_path = @WindowsDir & "\Resources\secret.vhd"
Global Const $disk_label = "Secret disk"

Global Const $mount_type = "LETTER"
Global Const $mount_place = "P"

;DirCreate(@DesktopDir & "\TheSecretFolder") ;needed for attaching, you can delete this folder after deattaching the disk
;Global Const $mount_type = "MOUNT"
;Global Const $mount_place = FileGetShortName(@DesktopDir & "\TheSecretFolder")

#Region Create a secret virtual disk, open it, and delete it.
   CreateSecretDisk("500") ;creates a 500 MB disk
   While 1
      $pass = InputBox("Secret disk", "Enter the password to open the secret disk :D", "", "*")
      If @error Then ;if cancel button was pressed ...
         FileDelete($vdisk_path)
         Exit
      EndIf
      SplashTextOn("", "Verifying password ...", Default, 45, Default, Default, 1)
      Sleep(600)
      SplashOff()
      If $pass == "something" Then
         MountSecretDisk()
         ExitLoop
      Else
         SplashTextOn("", "Wrong password!", Default, 45, Default, Default, 1)
         Sleep(1000)
         SplashOff()
      EndIf
   WEnd
   MsgBox(64, "Password accepted", "Press escape anytime to deattach the secret disk.")
   HotKeySet("{ESC}", "Unmount")
   While 1
      Sleep(10)
   WEnd
   Func Unmount()
      SplashTextOn("", "Deattaching secret disk ...", Default, 45, Default, Default, 1)
      UnmountSecretDisk()
      Sleep(1000)
      FileDelete($vdisk_path)
      Exit
   EndFunc
#EndRegion

Func CreateSecretDisk($disk_size_in_megabytes = "100", $label = $disk_label, $type = $mount_type, $letter_or_path = $mount_place, $diskpath = $vdisk_path)
   Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2)
   FileWriteLine($diskpart_script, 'CREATE VDISK FILE="' & $diskpath & '" MAXIMUM=' & $disk_size_in_megabytes & " TYPE=EXPANDABLE")
   FileWriteLine($diskpart_script, "ATTACH VDISK")
   FileWriteLine($diskpart_script, 'create partition primary')
   FileWriteLine($diskpart_script, 'format fs=ntfs label="' & $label & '" quick')
   FileWriteLine($diskpart_script, "ASSIGN " & $type & '=' & $letter_or_path)
   FileWriteLine($diskpart_script, "DETACH VDISK")
   FileClose($diskpart_script)
   Sleep(100)
   RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE)
   Sleep(100)
   FileDelete(@TempDir & "\script.txt")
EndFunc

Func MountSecretDisk($diskpath = $vdisk_path)
   Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2)
   FileWriteLine($diskpart_script, 'SELECT VDISK FILE="' & $diskpath & '"')
   FileWriteLine($diskpart_script, "ATTACH VDISK")
   FileClose($diskpart_script)
   Sleep(100)
   RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE)
   Sleep(100)
   FileDelete(@TempDir & "\script.txt")
EndFunc

Func UnmountSecretDisk($diskpath = $vdisk_path)
   Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2)
   FileWriteLine($diskpart_script, 'SELECT VDISK FILE="' & $diskpath & '"')
   FileWriteLine($diskpart_script, "DETACH VDISK")
   FileClose($diskpart_script)
   Sleep(100)
   RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE)
   Sleep(100)
   FileDelete(@TempDir & "\script.txt")
EndFunc

 

Edited by Melba23
Link removed from quote

Share this post


Link to post
Share on other sites

Surya,

Please do not post links to such things again.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now