Jump to content

Recommended Posts

So after having a laptop stolen, and finding really no help to recover it, I had to come up with an idea of my own, or maybe it exists, and I don't know.

I want to exploit my own laptop by soldering a USB to the motherboard.

This USB, once the computer is turned on and logged into, and detects a network, will do one, or all of three things:
1) Will drop a specific remote access file matching one that is pre-saved in a cloud server, allowing the original owner to remotely access their stolen computer.
This file will be dropped every single time on startup, and if the file already exists, will write over the existing one, instead of dropping a new one.
2) Email the owner the IP address of the computer when internet is detected.
3) Email the owner GPS coordinates if available.

This would be extremely discreet, and, except the motherboard in which it's soldered to, even if the hard drive was swapped out, or the BIOS or OS was wiped and reinstalled, the drive itself would be present, and persistent, allowing the device to be recovered, remotely wiped, etc. at any given time.

An added Idea I was given, was to have this soldered USB contain personal information, and proof of purchase, so the rightful owner can't be contested.

Would anyone want to help make this possible?  I feel I'm in the right place for this, and I also feel that this would be a product that a LOT of people would really want.

Share this post


Link to post
Share on other sites

This would require a microcontroller if you plan on protecting it from system wipes.  You would basically need a stand alone low jack.  The next issue you will face is interfacing the built in WiFi adapter to the system for sending data. 

There are some things out there similar to this but are something usually the manufacture has be installed/setup that the owner activates. 

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

There's a few ideas that I'm mulling over.

First:

I think this could be relatively possible with a Raspberry Pi Zero W.

If i connected it directly to a power source on the motherboard, it could boot up when the power gets turned on, and be programmed to email out whatever data it can find.
There's already some pretty decent code written that is set up to do just that.  The problem I'm currently running into is what you mentioned, getting it to interface with the wifi.  It can't work if it doesn't know the login info, and in order to do that after a wipe, and the laptop being put on a new net work, it would have to be able to talk through the new network.

I haven't been able to figure out how to do that yet.

A second idea was removing a USB port and putting in a 3D non-removable cover and soldering a Ducky to the ports inside, programming it to wait a certain amount of time after receiving power (in order to wait for boot, login, and connecting to wifi) and have it execute a command to copy data and send out an email.  An email could be sent out pretty covertly using commands in  powershell, as seen here:  https://www.howtogeek.com/wp-content/uploads/2012/07/Sample.txt

Any help or ideas would be appreciated.

Share this post


Link to post
Share on other sites
On 6/27/2020 at 12:36 AM, AHS said:

A second idea was removing a USB port and putting in a 3D non-removable cover and soldering a Ducky to the ports inside, programming it to wait a certain amount of time after receiving power (in order to wait for boot, login, and connecting to wifi) and have it execute a command to copy data and send out an email.  An email could be sent out pretty covertly using commands in  powershell, as seen here:  https://www.howtogeek.com/wp-content/uploads/2012/07/Sample.txt

I would for the time being look at this method.  The Pi zero W would be really cool but as you said, it is not realistic interfacing wifi to work jointly with computer login.  You could even look at adding a small GPS module if the laptop has internal room for it.  Write a script to pull data from whatever sources you want and email out at regular intervals.  This should protect against the laptop being wiped as well.  Just a waiting game for it to be connected to internet. 

Share this post


Link to post
Share on other sites

Why not create a guest account on the laptop with no password. When that account logs in, have it run the scripts to do what you want. Thieves are more than likely to take the path of least resistance. If they can log in and connect it to the internet, they'll use it. all others will factory reset/wipe if they can't get in. Limit the the rights on the account. Install and configure remote monitoring software. I use a very similar thing on my son's PC  with a reverse meterpreter shell/custom scripts and tools.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...