Archive for the ‘Operating Systems’ Category

Recovering a Stolen Mac Without Hurting Anyone’s Feelings

Saturday, March 29th, 2008

This Computer Does Not Belong to youstealer2.png

The situation: Steve* a former roommate of mine moved out, and left a box of things in our basement storage unit, including an old Apple iBook laptop. Even though our other three neighbors had access to the storage room, I wasn’t too worried about any of his stuff; the laptop was old, the battery & ‘Y’ key were broken, etc. Plus I know all of my neighbors, they are all women in their mid-to-late 30′s and I had no reason to suspect any of them of doing anything… let’s just say ‘strange’.

At one point Steve sent a friend to pick up some stuff, and I assumed he had taken the laptop, because I noticed later that it wasn’t there any more.

I didn’t think anything more about it, since I never heard anything more from Steve. Until about a month ago, when I noticed that Steve’s laptop was connecting to our wireless network. I contacted him and confirmed that he did not have the laptop, nor did his friend. This pretty quickly led me to one conclusion: one of our neighbors had taken the laptop from our storage room, and was using it. On our network.

I found this situation to be pretty mind-blowing: that one of our adult neighbors would be so ignorant and unscrupulous as to take something and use it so flagrantly. It wasn’t so much the value of the computer that bothered me. The laptop, let’s face it, was a piece of shit. Beat up, old, and not containing any sensitive data, I would have had no problem loaning it out until Steve wanted it back. The principle of the situation was what really got under my skin: you don’t steal stuff from your neighbors, and if you do you certainly don’t advertise it to them!

Whoever had the laptop was basically waving a huge red flag saying, “I’m ignorant. Please take advantage of me.” At least that’s what first flashed through my mind--¬≠¬≠visions of vengeful data-mining, FBI raids, etc. But after the initial shock wore off, I realized what a delicate situation this was. I certainly could not go about blindly accusing each of my neighbors in turn–this would only offend the two who were innocent, and produce a denial from the guilty one. I did consider calling the police, or using a packet-sniffer to maybe track down the email address of the culprit. But even that seemed a little harsh; pressing charges or going to elaborate lengths to embarrass the guilty neighbor would also probably lead to an awkward living situation.

I decided that my ideal approach was to let the thief know that I knew about the theft, and that they could return it to the storage room with no questions asked. And I would let them know in a firm yet polite fashion. By remotely breaking the shit out of that laptop.

Luckily I was able to get the login information from Steve, giving me pretty much unfettered access to his machine over our network. This was my plan: to put the machine into kiosk mode, disabling all other applications and interfaces save for one–a never-ending popup loop with a [polite] message commanding the return of the laptop.

To do this I needed to do a few things:

  • Disable the Dock
  • Disable the Menu Bar
  • Replace the Finder with the popup-loop app

I decided to start with the Finder-replacement App. I used Apple’s Script Editor to cobble the code snippet into an application bundle.

picture-28.png

The bundle part is important, since it bundles an info.plist file with the script, which allows us to take control of the Dock and Menu Bar (We’ll get to that later).

Now to tell OS X to auto-start Stealer.app in place of Finder (which itself is an application), I placed Stealer.app in Steve’s Applications folder, then modified his com.apple.loginwindow.plist file (usually located in the Library/Preferences folder of the user’s Home directory) by adding the following lines:

<key>Finder</key>
<string>/Applications/Stealer.app</string>

picture-24.png

This code causes Stealer.app to automatically launch in place of Finder. This makes it basically impossible to quit Stealer.app or navigate to and start any other applications.

Next was to hijack the Dock and Menu bar. This makes it very hard to launch any other applications besides Stealer. I did this by editing Stealer’s info.plist file (control-click on Stealer.app, selecting Show Package Contents), adding the following lines, and keeping the tags in alphabetical order:

<key>LSUIPresentationMode</key>
<integer>4</integer>

picture-26.png

Since all these changes were taking place as the computer was running, and pretty well depended on it being restarted to work fully, I also took the precaution of moving all the Applications to a separate folder, then duplicating Stealer.app in the Applications folder, and renaming it iChat.app, iTunes.app, etc. This way the message would still appear without a restart. (I figured the surprise of realizing someone was remotely messing with your stolen computer would be enough to scare the thief into returning it.)

Two nights later, the laptop was back in the storage room, safe and sound. And later the same night, our upstairs neighbor coincidentally dropped by with a gift basket full of snacks, which she ‘just happened to have laying around, and thought we might like.’ She just moved out today. :)

Disclaimer: The solutions I came up with to deal with my situation are extremely specific and jury-rigged, and nowhere near foolproof. They are by no means the best solutions, they just happened to work in my situation. I wrote this post mostly because the situation was very weird, to the point of being comical, and it presented some opportunities to do some fun pseudo-hacking and learn a few things.