I _Really_ Don't Know

A low-frequency blog by Rob Styles

get back your mac

Based on a script from here: http://blogs.ittoolbox.com/security/investigator/archives/stolen-machines-phone-home-10506

this now lives in /usr/bin/ipkeyb file

# Report to a webserver (for tracking in the log as a 404) where our Macintosh is.

# Keep trying forever
while (1) {

# Wait 2 minutes for networks etc to attach
sleep 120;

# Do we have a network?
$network = `ifconfig -a inet 2>/dev/null | sed -n -e '/' -e '/' -e '/tunnel/d' -e '/inet/p' | wc -l`;
#print("network: $network\n");

# Carve out serial number information from system profiler
$serial_number1 = `system_profiler 2> /dev/null | grep \"Serial Number\"`;

# We want the second instance of serial number in our URL string
@serial_number2 = split (' ', $serial_number1);
#print("serial: $serial_number2[2]\n");

$url = "http://www.CHANGE_ME.com/ipkeyb/$serial_number2[2].html";
#print("url: $url\n");

# Let's identify
$useragent = "Where Am I (Mac OS X)";

# Okay, if we have network - make the request to the webserver
if ( $network > 0 ) {
#print("sending: $url");
$status = `curl -A \"$useragent\" $url`;

# Wait 3 hours before we try again
sleep 10800;

and has an entry in /etc/rc.local

Technorati Tags: ,