orbital_station Posted August 21, 2015 Share Posted August 21, 2015 (edited) First of all hi, I have been reading this forum for a while now and this is my first post.I am planing to make some kind of anti theft script for my new laptop. Well more like a tool to help retrieve a stolen one. My script will have these modules, some of them I already implemented:-keyloging-screenshot taking-integrated camera recording-mail sending-runs on startup, hiddenMy question is, what else am I missing? What would be usefull to have? I know there are already various software packages for all this stuff but I want to learn and do it myself.If I sound like a noob, that because I am My assumption is the person who takes it will not be a programmer or very knowledgeable of programming. Just your everyday thief who will probably try to sell it or use it and not wipe/format it.Thanks Edited August 21, 2015 by orbital_station ravkr 1 Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted August 21, 2015 Moderators Share Posted August 21, 2015 Just realize that, per the forum rules, about half of what you're planning you won't be able to discuss or ask questions about on this forum. Please ensure you're familiar with the rules before continuing. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
orbital_station Posted August 21, 2015 Author Share Posted August 21, 2015 (edited) I realise that, for now I don't need help with the coding, just ideas about features it might be good to add to my program that will help me to get my laptop back. Edited August 21, 2015 by orbital_station Link to comment Share on other sites More sharing options...
jvanegmond Posted August 21, 2015 Share Posted August 21, 2015 (edited) I think the most difficult thing will be to dial home. Even if you just have an IP address you have something for law enforcement to go on. It needs to be absolutely flawless. You cannot, therefore, rely on the ability to send an email. Especially not through SMTP. It must be something trivial. Something standard. HTTP at port 80 is a good candidate, but be aware of HTTP proxies which may block your requests or be unavailable. Have a bunch of different ways to dial home and think of absolutely everything that can interfere with that dial home ability and take it into account. Edited August 21, 2015 by Manadar github.com/jvanegmond Link to comment Share on other sites More sharing options...
JohnOne Posted August 22, 2015 Share Posted August 22, 2015 Some sort of fancy rootkit that can survive a format. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
TheDcoder Posted August 22, 2015 Share Posted August 22, 2015 Just make sure that the AV does not kill your script while its doing its job EasyCodeIt - A cross-platform AutoIt implementation - Fund the development! (GitHub will double your donations for a limited time) DcodingTheWeb Forum - Follow for updates and Join for discussion Link to comment Share on other sites More sharing options...
jvanegmond Posted August 23, 2015 Share Posted August 23, 2015 (edited) Some sort of fancy rootkit that can survive a format.You know that exists right? Hard disk firmware can be flashed with modified code. Recently people been doing interesting things with that. https://en.wikipedia.org/wiki/Rootkit#Firmware_and_hardwareEdit Also what is the first thing you do after a reformat? You connect it to the internet to download updates and drivers. What if I flash your home router so it uses known exploits against Windows the moment that you connect?It's honestly not even that hard. Edited August 23, 2015 by Manadar Xandy, EmilyLove and JohnOne 3 github.com/jvanegmond Link to comment Share on other sites More sharing options...
Surya Posted August 23, 2015 Share Posted August 23, 2015 (edited) Hard disk locking and if your program could set a bios password in your laptop it would be great.IP location sending,automating system shutdown if the lap is theft Edited August 23, 2015 by Surya No matter whatever the challenge maybe control on the outcome its on you its always have been. MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition) Link to comment Share on other sites More sharing options...
orbital_station Posted August 23, 2015 Author Share Posted August 23, 2015 Hard disk locking and if your program could set a bios password in your laptop it would be great.IP location sending,automating system shutdown if the lap is theftWell I dont want to lock it down completely. I want to keep it usable so I can gather enough information about its new owner. If I render it unusable a thief might just throw it in the trash, or suspect of some malicious code and try to get rid of it. I am not doing this for data protection, my ultimate goal is getting it back.Tho disabling boot from any external source in bios and setting password seems like a good idea. Thx Link to comment Share on other sites More sharing options...
Surya Posted August 23, 2015 Share Posted August 23, 2015 I meant hard disk encryption and that glad I could help No matter whatever the challenge maybe control on the outcome its on you its always have been. MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition) Link to comment Share on other sites More sharing options...
JohnOne Posted August 24, 2015 Share Posted August 24, 2015 You know that exists right? Hard disk firmware can be flashed with modified code. Recently people been doing interesting things with that. https://en.wikipedia.org/wiki/Rootkit#Firmware_and_hardwareEdit Also what is the first thing you do after a reformat? You connect it to the internet to download updates and drivers. What if I flash your home router so it uses known exploits against Windows the moment that you connect?It's honestly not even that hard.Yes, I'm aware it's possible, I've just never had call to look into how, just know it would be a good method for OP.Thanks for the link. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
jvanegmond Posted August 24, 2015 Share Posted August 24, 2015 I saw a thing where if you don't press a key while your system is booting, the bootloader goes into a honeypot OS basically. You can even have the other partition with your real OS be encrypted. Then do all the bad things like constantly capturing camera input in the honeypot OS. It would be good. minxomat 1 github.com/jvanegmond Link to comment Share on other sites More sharing options...
jchd Posted August 24, 2015 Share Posted August 24, 2015 Not all thieves are cautious and reset the machine carefully, so low-tech simple approaches can still have a good chance and don't need an army of firmware engineers. Rename your main, live account to "Testing" with a strong pass (can be bypassed but that's another story). Then create a secondary account with a name sounding "serious" (or catchy for young men, like "Angela") with no password. You have a chance the guys will be curious and try it. Populate it with enough standard programs (FF, Office, ...) and some real-looking but dummy data to fake a live account.There are many things you can do to maximize odds of grabbing useful information. Silently starting monitoring code cleverly named for taking front & back pictures, dropping them on Dropbox or somewhere (mailing will work fine too since that leaves traces) covertly as soon as they connect to the internet, along with the IP and timestamp, etc. That would also be a legitimate use of a keylogger + screenshot capture and send, but let's don't discuss that here. Point browsers home page to a phony website grabbing information from the machine (IP, ...). This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
TheShadowBlade Posted August 24, 2015 Share Posted August 24, 2015 Set the process as critical, because it can be simply terminated by the task manager.And also a screenshot taking after the thief opens the lid. Surya 1 Link to comment Share on other sites More sharing options...
Surya Posted August 24, 2015 Share Posted August 24, 2015 Add this to your script ;...................... ;.............commands OnAutoItExitRegister ("Recall") Func Recall() Run (@scriptname &".exe","",@SW_HIDE) endfuncDo this so that if the program exits an another instance of the same program is toggled by the same program that way the program dies creating another instnce of the dead one hope i helped TheShadowBlade 1 No matter whatever the challenge maybe control on the outcome its on you its always have been. MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition) Link to comment Share on other sites More sharing options...
TheShadowBlade Posted August 24, 2015 Share Posted August 24, 2015 Add this to your script ;...................... ;.............commands OnAutoItExitRegister ("Recall") Func Recall() Run (@scriptname &".exe","",@SW_HIDE) endfuncDo this so that if the program exits an another instance of the same program is toggled by the same program that way the program dies creating another instnce of the dead one hope i helpedCool idea and quite useful against a beginner thief, but 3 clicks in the task manager to terminate. Try to make another script, with this code:#NoTrayIcon #RequireAdmin Global Const $script_name = "YourGuardianProgram'sFilename" Global Const $script_path = @ScriptDir & "\" & $script_name & ".exe" Global Const $action_when_program_terminates = 1 Global Const $check_interval = 10 ; 1 = Restarts the computer ; 2 = Kill the task manager if exists, and restart the guardian While 1 If ProcessExists($script_path) = False Then Switch $action_when_program_terminates Case 1 Shutdown(6) Case 2 ProcessClose("taskmgr.exe") Run($script_path) EndSwitch EndIf Sleep(10) WEnd ;add the Run("2ndguardianpath") and this code to the main guardian's program, but modify the $script_name constant to this program's nameI hope it will useful for you Surya 1 Link to comment Share on other sites More sharing options...
Surya Posted August 24, 2015 Share Posted August 24, 2015 (edited) Very nice idea to run two scripts parallel TheShadowBlade <snip> Edited August 24, 2015 by Melba23 Link removed No matter whatever the challenge maybe control on the outcome its on you its always have been. MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition) Link to comment Share on other sites More sharing options...
TheShadowBlade Posted August 24, 2015 Share Posted August 24, 2015 (edited) Very nice idea to run two scripts parallel TheShadowBlade <snip>Thanks for sharing, another cool idea And I was finished my virtual disk manager example. I think it can be useful for this project (works under Windows 7 and 8, tested under 8):expandcollapse popup#RequireAdmin #NoTrayIcon Global Const $vdisk_path = @WindowsDir & "\Resources\secret.vhd" Global Const $disk_label = "Secret disk" Global Const $mount_type = "LETTER" Global Const $mount_place = "P" ;DirCreate(@DesktopDir & "\TheSecretFolder") ;needed for attaching, you can delete this folder after deattaching the disk ;Global Const $mount_type = "MOUNT" ;Global Const $mount_place = FileGetShortName(@DesktopDir & "\TheSecretFolder") #Region Create a secret virtual disk, open it, and delete it. CreateSecretDisk("500") ;creates a 500 MB disk While 1 $pass = InputBox("Secret disk", "Enter the password to open the secret disk :D", "", "*") If @error Then ;if cancel button was pressed ... FileDelete($vdisk_path) Exit EndIf SplashTextOn("", "Verifying password ...", Default, 45, Default, Default, 1) Sleep(600) SplashOff() If $pass == "something" Then MountSecretDisk() ExitLoop Else SplashTextOn("", "Wrong password!", Default, 45, Default, Default, 1) Sleep(1000) SplashOff() EndIf WEnd MsgBox(64, "Password accepted", "Press escape anytime to deattach the secret disk.") HotKeySet("{ESC}", "Unmount") While 1 Sleep(10) WEnd Func Unmount() SplashTextOn("", "Deattaching secret disk ...", Default, 45, Default, Default, 1) UnmountSecretDisk() Sleep(1000) FileDelete($vdisk_path) Exit EndFunc #EndRegion Func CreateSecretDisk($disk_size_in_megabytes = "100", $label = $disk_label, $type = $mount_type, $letter_or_path = $mount_place, $diskpath = $vdisk_path) Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2) FileWriteLine($diskpart_script, 'CREATE VDISK FILE="' & $diskpath & '" MAXIMUM=' & $disk_size_in_megabytes & " TYPE=EXPANDABLE") FileWriteLine($diskpart_script, "ATTACH VDISK") FileWriteLine($diskpart_script, 'create partition primary') FileWriteLine($diskpart_script, 'format fs=ntfs label="' & $label & '" quick') FileWriteLine($diskpart_script, "ASSIGN " & $type & '=' & $letter_or_path) FileWriteLine($diskpart_script, "DETACH VDISK") FileClose($diskpart_script) Sleep(100) RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE) Sleep(100) FileDelete(@TempDir & "\script.txt") EndFunc Func MountSecretDisk($diskpath = $vdisk_path) Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2) FileWriteLine($diskpart_script, 'SELECT VDISK FILE="' & $diskpath & '"') FileWriteLine($diskpart_script, "ATTACH VDISK") FileClose($diskpart_script) Sleep(100) RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE) Sleep(100) FileDelete(@TempDir & "\script.txt") EndFunc Func UnmountSecretDisk($diskpath = $vdisk_path) Local $diskpart_script = FileOpen(@TempDir & "\script.txt", 2) FileWriteLine($diskpart_script, 'SELECT VDISK FILE="' & $diskpath & '"') FileWriteLine($diskpart_script, "DETACH VDISK") FileClose($diskpart_script) Sleep(100) RunWait('diskpart /s "' & @TempDir & '\script.txt"', "", @SW_HIDE) Sleep(100) FileDelete(@TempDir & "\script.txt") EndFunc Edited August 24, 2015 by Melba23 Link removed from quote Link to comment Share on other sites More sharing options...
Surya Posted August 24, 2015 Share Posted August 24, 2015 you could also add subst command to your scrpit to add folders as drives.You have a Nice script there glad i could help TheShadowBlade 1 No matter whatever the challenge maybe control on the outcome its on you its always have been. MY UDF: Transpond UDF (Sent vriables to Programs) , Utter UDF (Speech Recognition) Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted August 24, 2015 Moderators Share Posted August 24, 2015 Surya,Please do not post links to such things again.M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now