prey / prey-bash-client Goto Github PK

I've just installed on Mac OSX 10.6.4 and while using my laptop the alarm and lock keeps being set off, without me doing anything. The last time this happened the pasword box wasn't even working so had to restart computer.

Kaspersky is picking up and quarantining the C:\prey\modules\lock\platform\windows\prey-lock.exe as containing Heur:Trojan.Win32.generic

In plateform/linux, iwconfig is called once as "iwconfig" and once as "/sbin/iwconfig".
But at least on Ubuntu, "/sbin" is not in the default path so it must be /sbin/iwconfig everytime.
Here's a patch :

diff --git a/platform/linux/functions b/platform/linux/functions
index 082f485..91c51be 100644
--- a/platform/linux/functions
+++ b/platform/linux/functions
@@ -26,7 +26,7 @@ get_wifi_device() {

get_wifi_info() {
if [ -z "$wifi_info" ]; then

•           wifi_info=`iwconfig 2>&1 | grep -v "no wireless"`
  

•           wifi_info=`/sbin/iwconfig 2>&1 | grep -v "no wireless"`
  fi
  

  }

I am still figuring out how to work with git. I added the following line to lang/es to generate a link to MaxMind GeoIP free service:

IP Publico: $publico
(Lugar aprox.: http://www.maxmind.com/app/locate_ip?ips=$publico).

It could be helpful.

Hello,

I created a new account, activated it using the link you emailed me, but when I want to log in I receive the "Couldn't log you in." message. I tried several times with Firefox and Chrome, I'm very sure I entered my email and password correctly, but I cannot log in. My email is [email protected].

Looking forward to hearing from you,
G.

By Renzo:

I installed prey 0.33 on my laptop. I'm using windows 7.
When i activate the sofware i get an error on my laptop when pray
takes the snapshot and so.
The message says that windows cant initialize cat.exe
That message apears 2 or 3 times every time that prey executes.
Although that error message, prey does its work well.

http://groups.google.com/group/prey-security/browse_thread/thread/d04c042411e134e9

El otro problema con que me he encontrado es con las trazas de IP en
los reportes de la pagina, llegan distorsionados tanto en Iexplorer,
como en Firefox y Chrome... Aquí una muestra:

"Complete Trace: %0A%0ATraza a la direcci n www.l.google.com
[209.85.xxx.xxx]%0A%0Asobre un m"

Esa es toda la traza... Incompleta e indescifrable.

groups.google.com/group/prey-security/browse_thread/thread/3bf1d0148cea7263#

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file prey-0.4.4-win.exe

I track my eeepc with prey and I just noticed some information is wrong in the hardware reported to prey. The EeePC runs Ubuntu 10.10 and prey 0.4.4:

• the cpu speed is reported as 2Mhz - lshw reports the CPU is capable of 900MHz (and may clock down to 630Mhz)
• the processor name is reported as "2_name=Intel(R)Celeron(R)Mprocessor900MHz#2_speed=630.053#" which seems a bit weird
• 2 cores wrongly reported - lshw rightly reports 1 core only
• the serial nb and motherboard serial nb are reported as EeePC-1234567890 - but lshw reports the 1234567890 too, so it may be a lower level problem

(In Linux)

In some cases, the captured image was not complete: part of the image was "green".

The problem is with streamer. Sometimes happened to me when using jpeg or ppm as output format. So far I didn't have any problems when using with pgm images.

Actually I get an error message from streamer (from v4l2) when using ppm or jpeg. For now I'm just capturing and sending a pgm image.

Greetings from Tokyo,
Installed Prey per the Lifehacker article. Lenovo U110, 32bit Vista Home SP2, Core 2 Duo L7500, Upon initial install/config, the lock activated without cause. I had just configured it to erase browser data/passwords for Firefox and Chrome. Upon unlocking it, the Chrome executable seemed to have been deleted, and Firefox lost some functionality (but still had history/passwords/bookmarks). Specifically, Firefox seems to have lost the ability to pull content from websites outside the current domain (eg embedded videos missing). This may simply be a result of Prey trying to strip Firefox but stopping halfway. A fresh installation fixed things up. The Prey installation/registration happened in quick succession and may have left the executable on my computer a little confused. It may be useful to force a fixed pause before enabling the remote lock function, to prevent inadvertent locking/ software action.

Thanks again for your time and software.

Cheers,
Vince L.

Just add this line
osascript -e "set Volume 10"
before playing sounds

The status of my pc is: "Currently ok, -1 reports so far"... a little bug here eheh

Hi,
I installed today prey, and I set up the blocking feature. Just for testing if everything was working correctly. I'm using Ubuntu. I use an external monitor with my laptop, so my desktop is wider than normal. When prey blocked the laptop, It only blocked one part of the desptop (the external monitor part) whereas the other part was fully functional, being able to see the desktop, launch applications and so on. If you need more information tell me, and sorry for my english.

I was having issues in v 0.3.73 and also in v 0.4.1.
When i put the computer to sleep, and start it up again, i login, but then auto wificonnect starts automatically (tries to connect to an open network in the area), rather than letting my computer auto connect to the home wifi network. Not sure if its fixed in 0.4.3. Pls check and fix. This is annoying as I have to keep changing to my home wifi network.
Thanks

I am running the prey 0.4.3-ubuntu2 package under Ubuntu Lucid Lynx i386.

The 'useradd' utility which is being executed by prey-config.py does not create the user's home directory unless the '-m' option is specified.

Without a home directory the guest user account is not very functional. In my opinion it is unlikely that a thief would spend much time generating evidence if he/she cannot run any applications when logged in to the PC.

Output of "/sbin/ifconfig 2> /dev/null"

eth0 Link encap:Ethernet HWaddr 00:11:22:33:44:55
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:1000
Byte RX:0 (0.0 B) Byte TX:0 (0.0 B)
Interrupt:17

lo Link encap:Loopback locale
indirizzo inet:127.0.0.1 Maschera:255.0.0.0
indirizzo inet6: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3856 errors:0 dropped:0 overruns:0 frame:0
TX packets:3856 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:0
Byte RX:288752 (288.7 KB) Byte TX:288752 (288.7 KB)

wlan Link encap:Ethernet HWaddr 11:22:33:44:55:66
indirizzo inet:192.168.1.199 Bcast:192.168.1.255 Maschera:255.255.255.0
indirizzo inet6: f000::900c:600f:f007:800a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:280259 errors:0 dropped:0 overruns:0 frame:0
TX packets:254887 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:1000
Byte RX:260485706 (260.4 MB) Byte TX:37752680 (37.7 MB)

Output of "/sbin/ifconfig 2> /dev/null | grep "inet" | grep -v "127.0.0.1" | awk '{ print $2}' | sed 's/addr://' | head -1" is empty

EDIT: there is a file with the output...github messed up with it... http://db.tt/2d0D1BG

By Pagliaccio:

function get_uptime_and_programs {
uptime=net stats srv | grep Statistics
running_programs=tasklist 2> /dev/null
}

The up time is checked using the NET STATS SRV command. In my
computer, the SERVER service is not running. If I try to run this
command on a command prompt, the NET command ask me "Do you want to
start the service?", and wait for an keyboard input (yes/no). So, in
background, there is no keyboard input.

There is any way to check if server service is running before the NET
STAT SRV command?

http://groups.google.com/group/prey-security/browse_thread/thread/f9bcfedfcbf61a18

From Mike:

I noticed that when prey is run, it creates a file at /tmp/prey-
screenshot.jpg. This is a bad design because it creates a data
disclosure to anybody that is on the system when prey is run. Also, if
prey exits before it gets to its cleanup stage, the screenshot will
stay in /tmp until the next reboot, which is very bad.
A simple solution to this is to put the screenshot into /tmp/prey/
screenshot.jpg, and to set the permissions correctly on the prey
directory.

http://groups.google.com/group/prey-security/browse_thread/thread/e3bc183a5e260f26#

installed prey about 30 minutes ago and now in safari i get a message, titlebar "Keychain not found," body "cannot create a keychain to store 'Safari'" my options are "cancel" or "reset to defaults." i chose cancel and now have lost or cannot access all my bookmarks, settings, and saved passwords. it brings up this message repeatedly. i initially had prey set to delete credentials and delete safari data if missing, but disabled them after receiving the message. i am going to attempt to disable prey on this device and hope it resolves the issue.

also,
latest version of prey
safari v. 5.0.2
im on OSX 10.6.4
newest macbook model

The get_wifi_info function (in platform/mac/functions) either returns information from the scanner utility - (/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I)
or it returns nothing for the $wifi_points variable. The geo module uses $wifi_points to get the location, but if $wifi_points is empty it makes no attempt to activate wifi.

Wouldn't it make sense to turn airport on if the scanner returns an 'Off' status? Then recheck the status & only return an empty value for $wifi_points if that scan fails.

when creating a new account using the installer, an e-mail address with a plus-sign in it, is shown as not valid, though it's an allowed sign. see http://en.wikipedia.org/wiki/Email_address#Validation

When installing with your most up to date .deb the scipt does not seem to be available. In fact there is no /usr/share/prey

I have an e-mail address ending in .name. When I try to sign up for Prey inside the application it returns an error saying that the address "isn't valid." But it is!

I'm an experienced PC user but not a software developer.

When I downloaded Prey, I opted to install it in the usual Windows Programs directory (instead of accepting the default c:\prey). Of course I then looked to see if Control Panel was keeping track of the laptop but found that it was always "unverified". I did everything I could to be sure that the Firewalls were not the problem. Finally I uninstalled Prey and reinstalled it in the root directory. It then worked fine. The conclusion: perhaps, at least on a Windows 7 64-bit laptop, Prey must be installed in the root directory to work properly in "control panel" mode.

I (lazily) selected the option which provided for the Prey installation routine to create a Windows Guest account. Prey did create a user account BUT the account it created was a "Standard" account (named approximately "Guest Account"), NOT a true "Guest" account. Yes, the user of a "standard" account has limited authority, but he/she can still do more harm than the user of a true "Guest" account.

Suggestion: Why not create a third category for the "Missing" variable: in addition to "no" and "yes", you could add a response along the lines of "test". You would know not to shed tears, and more importantly, your statistics on how often computers go "missing" would be a bit more reliable.

Because Prey is now installed in the root directory, it is visible with Explorer even to a true Guest. I intend to create in my own ("administrator") directory shortcuts to the prey-config (and perhaps uninstall) components and to then "hide" the Prey directory. I think that will work and will reduce somewhat the chances that an illicit user of the laptop realizes that he or she is under (remote) observation. Do you have other, better suggestions as to how to "harden" the Prey installation so that an illicit user will neither find it nor be able to disable it easily?

I hope these remarks are helpful. If you would like more explanation or details, please let me know.

En la sección WiFi Info del reporte aparece el siguiente mensaje:
/usr/share/prey/platform/linux/functions: line 29: iwconfig: command not found

Asumo que es un problema en la linea 29 XD. Lo raro es que en la linea de comandos si puedo hacer un iwconfig.

In WiFi Info section of the report appears the following message:
/usr/share/prey/platform/linux/functions: line 29: iwconfig: command not found

I assume that is a problem in line 29 XD. The strange thing is that in the command line I can run iwconfig.

I found that with a password in the following format:
$H$.something
the Mac client will not login during the initial Mac setup application.

Device model: ADR6300
Firmware version: 2.1-update1
Kernel version: 2.6.29-cc1c2268

Prey seems to be crashing lately. Not sure what the problem is or what is causing it. Also, the Prey App no longer recognizes my password and they Forgot Password of not sending me an email.

Hello,
if auto-update is set to 2 min and the status to computer stolen. It works as it should.
Then, if you later set the status to recover and at the same time timing to 55min, there are still ping and curl every 2 minutes.
If you set auto-update to 55 min, and a few minutes later set the status to recover. It works ok.
(almost by the way: ping and curl every 55 min and also 5 min later... don't know why... a double check maybe !?)
Thx for this great service anyway!

I just installed prey on a dual-boot laptop, (Vista/Ubuntu Lucid), and asked for a hardware update on both systems.
To my surprise, they did not report the same serial number and UUID.
UUID may be normal, but serial number sure has to be the same, and pray on Windows got it all wrong.

Adding support for using sftp is trivial (have patch) and I believe it is more flexible and efficient than using scp. The scp solution doesn't seem to work with a restricted server setup, like rssh or scponly, because of the ssh mkdir operation. I cannot imagine giving ssh access to a laptop thief. Using sftp eliminates this problem. It also means we can do mkdir and upload in one session, which should reduce the effort involved.

I try to use the GEO option to see how it works and is not showed in my status report... I use the lastest version of Prey on Ubuntu 10.04 and im connected on a wifi connection

Prey 0.4.4 (at least on Linux) reports the current CPU speed when doing a hardware scan.
Since most CPUs are capable of underclocking themselves when idle (and the latest ones overclock themselves when thermal conditions allow), the current speed is irrelevant and Prey should report the nominal speed instead.

Hi,
I tried to translate the messages in Prey into French, but I noticed that a lot of them are hardcoded in English and can't be translated.
Maybe you could improve this in future versions.
Thanks for sharing this project.
Lionel

Hi. I am puerto rican but will write in english for the benefit of our international friends.

I found that in Xubuntu 8.10 the prey.sh script cannot run iwconfig and ipconfig unless the cronjob is installed in the system crontab on /etc/crontab. This is how the prey report looks with the default installation:

Datos de conexion

IP Publico: 196.32.130.16. IP interno: .

Enrutado de red

Direccion MAC: . Gateway:

Datos sobre red WiFi

./prey.sh: line 90: iwconfig: command not found

But when it runs from /etc/crontab the IP and interfaces information is complete. This is the crontab entry I added in /etc/crontab :

*/10 * * * * root cd /usr/share/prey; ./prey.sh

Then I deleted the one installed by default. The reports are coming out right.

Great script! Gracias.

Is it possible to have this running at the login screen, or do I need an account with no password set for it to activate properly?

When run as the cron job it fails to return the netstat connections, I can see the following error if I set the output to cron like this
cron:

*/5 * * * * /usr/share/prey/prey.sh &> /var/log/prey.log

error from the log above:

 -- Getting list of current active connections...
/usr/share/prey/modules/session/platform/mac/functions: line 10: -p: command not found

When using the Control Panel in linux, the prey-config.py script does not escape the password on the command line, so the command processor may perform token replacement. For example on an default Ubuntu system, using Bash as the shell, a password with a double-exclamation mark will result in the the replacement of that token with the previous command from the bash history. Log in would therefore fail.

I suggest replacing line 405 (version 0.4.3):

    result = os.popen('curl -i -s -k --connect-timeout 5 '+ CONTROL_PANEL_URL_SSL + '/profile.xml -u '+self.email+':'+password).read().strip()

with:

    result = os.popen('curl -i -s -k --connect-timeout 5 '+ CONTROL_PANEL_URL_SSL + '/profile.xml -u '+self.email+":'"+password+"'").read().strip()

I'm not sure if email addresses can contain such tokens, but it seems to me we may want to escape the email address too.

(This issue has existed since v0.4)

I'm running Prey 0.4.4 in standalone mode on Ubuntu and have found that Prey fails to send the email report when the SMTP password has spaces in it. Also, when it logs the error it inadvertently includes the all but the first word of the password in /var/log/prey.log which is obviously not good.

I found that it was caused by line 65 of prey/core/push. The password is quoted when it's passed to the decryption function but it needs to be quoted again when passed to mailsender or passwords with spaces will be interpreted as multiple arguments.

Line 65 currently is:
response=mailsender -f "$mail_from" -t "$mail_to" -u "$complete_subject" -s $smtp_server -a $file_list -o message-file="$trace_file.msg" tls=auto username=$smtp_username password=\decrypt "$smtp_password"``

It should be:
response=mailsender -f "$mail_from" -t "$mail_to" -u "$complete_subject" -s $smtp_server -a $file_list -o message-file="$trace_file.msg" tls=auto username=$smtp_username password="\decrypt "$smtp_password""

Prey configurator thinks that my dot info email address is not valid (Ubuntu 10.04)

When upgrading from 0.3 I got the message saying I should check the configuration now. I tried starting the config via the .desktop entry in the main menu but nothing happened (after the gksu). I checked and there is no /prey in /usr/share.

I then checked the package and tried to reinstall from the same package in case I missed something. gdebi gave me that:

(Reading database ... 204769 files and directories currently installed.)
Preparing to replace prey 0.4-ubuntu2 (using .../prey_0.4-ubuntu2_all.deb) ...
cp: cannot stat /usr/share/prey/config': No such file or directory dpkg: warning: old pre-removal script returned error exit status 1 dpkg - trying script from the new package instead ... cp: cannot stat/usr/share/prey/config': No such file or directory
dpkg: error processing /home/ghostlyrics/Downloads/prey_0.4-ubuntu2_all.deb (--install):
subprocess new pre-removal script returned error exit status 1
Errors were encountered while processing:
/home/ghostlyrics/Downloads/prey_0.4-ubuntu2_all.deb

I was able to work-around the lockscreen without entering a password just by pressing ctrl+alt+d (Show desktop) -> right-click on prey window in the windows list -> uncheck "always on top"
A solution might be adding these lines:
self.window.set_skip_taskbar_hint(True)
self.window.set_skip_taskbar_hint(True)
to the prey-lock python script but it's not a real solution since I was still able to minimize the window with a few tries.
Hope it helped!

I am running the prey 0.4.3-ubuntu2 package under Ubuntu Lucid Lynx i386. When marked as "missing" my PC produces a report that shows up on the Prey web site. However the following error appears in the WiFi Info section of the report:
/usr/share/prey/platform/linux/functions: line 29: iwconfig: command not found

I edited line 29 of /usr/share/prey/platform/linux/functions and added the full path to iwconfig to resolve the problem. Other instances of iwconfig in the functions script already specify the full path to the executable.

in platform/base, the check_net_status uses pings for checking if the network is on. However, sometimes pings are blocked by the network.
The script could try to create a tcp connection instead or in addition to ICMP packets, since the final transmission of the data to the prey server is done using tcp. In linux, this is easily done by the GET program. Just change the line with ping ... withGET $net_check_target &>/dev/null &&echo 1|| echo 0`.
"GET" works in linux (it's in the default installation of ubuntu and debian, I don't know about other distributions). I don't know about a default installed program in windows that does the same thing.
Keep up the good work,
Luca Invernizzi

During the auto-connect process, prey is not able to enable airport if it is disabled, which makes it impossible to pull or push any information.

It looks like the function to enable airport in try_to_connect() is

$ networksetup -setairportpower on

This command networksetup returns "The amount of parameters was not correct" as it expects the device name (on my mac, airport is en1) as one of the parameters in order to work successfully.

This line needs to read like:

$ networksetup -setairportpower en1 on

(Although I'm not sure airport is always en1 on all macs)

Hi there. I was having problems with a very dark (as in, black) picture in Linux. After a bit of reading about the 'streamer' command, I made a few changes to the /usr/share/prey/modules/webcam/platform/linux/functions file (this is from the 0.4.3 source):

line 8: tmp_picture="$tmpdir/picture0.jpeg"
line 17: $streamer -o "$tmp_picture" -r 0.5 -t 0:00:10 &> /dev/null
added at line 20: tmp_picture="$tmpdir/picture4.jpeg"

This allows the webcam to 'warm up' by taking a ten-second stream, saving a frame every two seconds, and only using the last frame. Honestly, it probably could have been five to seconds of streaming, but this will give a safe margin against really sluggish webcams.

The auto update feature still does not work.
I was running 0.4.3 and 0.4.4 version was out, but it did not update it.
I had to manually update it (download the latest version and run it)
Please look into this
Thanks
Windows 7 home premium 64-bit architecture (if that helps)

The glade script provided for the linux configuration provides for a very ugly control panel in some installations. For me on one of my computers the font used to describe settings is huge and over/underlaps the setting names and is not completely readable. The problem is that some font specs that are specified, while they aren't for the majority of items. Deleting all of the font size specs or setting them all so that they are all internally consistent on all installations fixes the ugliness

I was with Prey 0.4.1 and it did not automatically update. I did not even know there was 0.4.3 until I saw 0.4.3 was available to download. In addition, the change log was not updated.