Track Your Stolen USB Pen
When taking my USB drive into college i constantly forget to take it out of the usb port. About a week ago i left by accident and when returning to find it missing to nobody’s surprise it was long gone. What did i expect nobody was going to hand it in, i mean would you keep a 50 pound pen drive? i would.
This made me think of ways i could get my USB drive back, i came up with an idea of making an Autorun.inf file which would be placed on the drive to automatically run a php script which emails me the IP of the computer which the USB drive was inserted into. I couldn’t get the Autorun.inf file to work with the USB drive, so i created a html file when clicked secretly redirects the browser to a php logger on a server. This method worked great, it would email me the IP address which would directly tell me the computer which had my USB drive in.
To use this method you need a server that supports php files and sendmail.
——————c.php———————-
$browser=$_SERVER[’HTTP_USER_AGENT’];
$ip = getenv(”REMOTE_ADDR”);
$msg = “ip: $ip\nbroswer agent $browser “;
$subject = “i stole ur usb pen”;
mail(”email@mail.com“, $subject, $msg);
header(”Location: http://google.com“);
?>
You can create a meta refresh .html file to redirect to http://site.com/c.php
Posted: October 14th, 2007 under Technology Tips.
Comments: none
74 Responses to “Track Your Stolen USB Pen”
Stuart
May. 25/2006/1:58 pm
Hey, neat idea - I wonder if there’s a way you could run an application to gather more useful information, such as usernames or email addresses?
Maybe you could even automatically report the incident to the police, as well
Kisumi
May. 25/2006/2:32 pm
Neat!
Unworkable
May. 25/2006/2:35 pm
This idea is unworkable for a couple of reasons. The most obvious one is that the thief needs to execute the file voluntarily, and the one time he does open it he needs to be connected to the internet. The only reason a person would keep opening it is if you created a reason, and i cant think of a good one so you only got one shot if that much.
A better idea would be to create a trojan, the thief would still need to manually execute it, but that way his system is infected and will report back to you any information you chose. You are no longer limited to what a browser can grab since you essentially have root access to the computer.
admin
May. 25/2006/2:47 pm
Well Unworkable it is workable if you stole somebodys usb pen first thing you would do is run it and see what files was on there why wouldnt you open a .html now, and come on what computers dont have the internet these days at college or unveristy? installing a trojan would be breaking the law.
Chris Goetschius
May. 25/2006/3:42 pm
In reply to Unworkable:
If you call the file something like “Passwords & Credit Card Info.html” then I doubt there’d be a single theif in existence that WOULDN’T open it lol. They do still need to be connected to the internet, so another idea might be to put fake information in that file.
admin
May. 25/2006/3:58 pm
Exactly chris once the ip is sent directly to your email address you will have the ip and the end ip will locate the exact computer its plugged into
seattle98104
May. 25/2006/7:21 pm
label the file/files my_bankaccounts.html, my_passwords.html, contacts.html
etc. of course they’ll open it.
or take this route: my_girlfriend.jpg.htm
seattle98104
May. 25/2006/7:22 pm
or TOP_SECRET_DO_NOT_OPEN.html
AC
May. 25/2006/7:46 pm
Jeez, if you wanted your pen back so badly you should have just said so.
Anony
May. 25/2006/7:47 pm
But if you leave it in a university computer, chances are they will open your file on that computer, see it is garbage and never open it again.
Denfro Licious
May. 25/2006/7:48 pm
I’ve got a better idea, why not have a file that, once clicked on, will throw out a giant hammer and pound the guy in the face?
Then just look for the guy with the hammer marks.
Mike
May. 25/2006/7:48 pm
I admire your ingenuity, but - what would you do with an IP address? I don’t think you’d find the parent ISP very co-operative in revealing which client the address had been leased to at the time.
Nate
May. 25/2006/7:48 pm
Every tried tracking down a particular computer at a university with only having its IP address. You first must have a layout map so you know which labs are which octets. You then have to hope that the person stays there long enough for you to be checking your email while this is going on. If you don’t check your email every 5 or 10 minutes, i’m sure they’ll be long gone when you get there an hour later. Also, if it was me, i’d open things up in notepad before executing anything if i found a usb key.
Joe
May. 25/2006/7:50 pm
The other problem: What university has public IPs on all their systems? At best, you’d be able to tell that your drive was inserted into a univeristy PC, but no further info would be available, unless you had some way of accessing WMI data to give you the local IP and hostname.
Bill
May. 25/2006/7:52 pm
Umm… you might as well name the file
dont_click_me.htm
This would be a good idea if there WAS an autorun method.
Adam Plocher
May. 25/2006/7:52 pm
thats a really cool idea. are there any text files that windows stores that might contain the owners name? it would probably require more than a simple html page to be able to extract the data from the text file (such as a bat file or an app), but you could send that via the query string to your php script. of course ppl are less likely to dbl click an exe file than a .html file
P00F
May. 25/2006/7:53 pm
If you name the HTML file to something like My Credit info…. or MyBankAccountPin.html the theif would definately do it…
Perhaps even name it, MyNakedWife.html…
or
MeAndThatMinorPleaseDontBlackMailMe.html
topsecrate.html
at the university or collage:
HackedTeachersGrages.html
just make it something of value to the theif, curriosity and greed will bait him exactly where you want him! (or Her! some of the most filfthy dishonest people I know are femail)
bryan
May. 25/2006/7:54 pm
Good idea. Though some people do return drives. I found a 512 Sandisk on a campus sidewalk and went to great lengths to track down the owner; which I finally did (thanks to google), and returned it. Keeping your email address in a plain text file is a good idea too.
Denfro Licious
May. 25/2006/7:57 pm
Matter of fact you could query the WMI or current user info from a vbs file, have it open a browser window with the query data.
Default XP installs dont show known filetype extensions… so a simple “passwords.txt.vbs” could work.
Or take it one step further and create an EXE file, compile the EXE’s with the icon being a windows folder icon (or TXT icon) and ta-da!
Miles
May. 25/2006/7:58 pm
“i came up with an idea of making an Autorun.inf file which would be placed on the drive to automatically run a php script”
Autorun.inf, so windows only right?
Spiffy Skipjack
May. 25/2006/7:59 pm
Back in ‘Nam in ‘68 I developed this same technology. Except I used bullets instead of USB pens and the Vietcong instead of laptop computers. The way it worked was highly radioactive slugs, satellites and Everclear.
Check my website for more info and “code” for ya.
-Spiffy.
Me
May. 25/2006/8:01 pm
You over looked the fact that if the user is a mac user they open the drive and see something they can’t exicute and find it a bit suspicous with other strange files so they would just wipe the whole stick anyway.
Matt
May. 25/2006/8:02 pm
You should name the file Free Porn! Heh
MW
May. 25/2006/8:02 pm
Thats great but how are you going to figure out who has the IP address? The ISP is not going to give that to you, thier customers have a right to privacy. At best you can only tell the ISP of the person who stole your drive IF they click on your files. I would just erase the thing.
Dudemullet
May. 25/2006/8:04 pm
It’s a nice method but rather than IP adress, you need to get their MAC, I dont know about your college but mine needs to have your MAC registered in order to use the campus internet. So having the MAC adress will give you his ID number making it a hell of alot easier to track. Again the only problem is getting them to click the file. Good idea though.
Ryan Metcalf
May. 25/2006/8:06 pm
You could always make a VisualBasic program that actually did mnagae passwords, input a bunch of passwords for lame/sites you don’t use/need and make it still run the pingback script in the background. Then set it to autoclose every 10 seconds with a visible timer. That way the theif has to run it multiple times
huh
May. 25/2006/8:07 pm
“installing a trojan would be breaking the law.”
exactly in what world is it illegal to install a trojan on your own USB drive?
phix
May. 25/2006/8:08 pm
make a version which does with with a pc’s inf, this would be great for people who have laptops and they take them home and connect them to the internet.
biotech
May. 25/2006/8:11 pm
ha ha ha ha!!! good one. really made me laugh.
anyways i thinkt that autorun thing should work…
n. nescio
May. 25/2006/8:11 pm
Firstly, a trojan? You’ve GOT to be joking. The IT people will just *love* you when they plug your lost thumbdrive into a computer to figure out whose it is and get infected with something. That’s pure genius….keep in mind that not everybody who finds that thumbdrive will be a thief.
Then there’s this choice thought: “if you stole somebodys usb pen first thing you would do is run it and see what files was on there”. If you’re actually going out of your way to steal USB thumbdrives, I’m willing to bet that you don’t really give a fuck about what files are on it. The physical device itself is much more valuable than some college kid’s term papers. At least the writer of this article is smart enough to know better than to use a trojan.
Like I pointed out earlier, not everybody who’ll come across somebody else’s USB thumbdrive is a thief. I work IT for a major US university, and I find USB drives maybe 3-4 times a week in the course of my work. We’ve tried to return as many of them as we can, and I rather resent the assumption from people here that everybody who finds what you’re not smart enough to keep track of is a thief. If it matters THAT much to you, then you need to make checking USB ports part of your log-out process.
Which I guess brings me to my biggest point…what exactly do you intend to *do* with that IP address once you get it? Do you honestly think the uni or any other ISP is going to give you the personal info associated with that IP? “Oh Mister Sysadmin, I am a l33t PHP hax0r, please to give name and address of person with my USB drive!” Please.
Warren Gray
May. 25/2006/8:15 pm
I’ll admit that you’re going to have a hard time getting the user to click on the file. However, as far as information (note that this will only work on PCs with Windows and the VB Runtime files):
Grab the user’s username by using the VB6 command:
Environ(”Username”)
Grab the local IP by using a winsock control and typing:
Winsock1.LocalhostIP
Save this to a file, and then have your PHP script email it to you by telling the html file to launch after the file has been saved.
This way you can grab the login that is being used and the computer’s IP address.
Robin
May. 25/2006/8:17 pm
All well and good, but did you have the forsight to do this _before_ your drive got stolen? I think not.
Ron Krauter
May. 25/2006/8:17 pm
I don’t think this will work. IMHO, you are assuming the victims computer has php installed. A better way would be to create an exe.
Nullness
May. 25/2006/8:21 pm
Not sure if this helps, but according to microsoft:
Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.
The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request.
For more information about the SCSI Inquiry command, see the T10 committee located at http://www.t10.org. This link leaves the Microsoft.com site
For more information about the StorageDeviceProperty, see the STORAGE_DEVICE_DESCRIPTOR storage structure in the Windows DDK, located at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/storage_r/hh/storage_r/structs-general_3c393126-f5c8-47d8-bfb5-6127ce656e9a.xml.asp.
For more information on Autorun.inf files see the “Creating an AutoRun-Enabled Application” article located at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/shellcc/platform/shell/programmersguide/shell_basics/shell_basics_extending/autorun/autoplay_works.asp?frame=true.
Dave
May. 25/2006/8:21 pm
Can someone put an idiot proof guide of how to set this up?
I need to make this c.php file and upload it to a server I have? Then I need to make an html file that redirects the person to that c.php file?
Any help is greatly appreciated, thanks!
OBCENEIKON
May. 25/2006/8:21 pm
Please call: 555-555-1234
Or C.O.D. this to:
Name
Address
And by the way, your IP Address has been logged and failure to contact me (the owner) could result in jailtime.
HTML;
?>
Name it something curious, I like the 2 suggestions TOP_SECRET.HTML
and My_girlfiend.html
OBCENEIKON
May. 25/2006/8:22 pm
bleh, the PHP didnt show up in the above comment…
kyle
May. 25/2006/8:24 pm
50 pounds? wow that’s a heavy thumb drive. not too portable (^_^)
Keith
May. 25/2006/8:25 pm
Incredible!!! I am going to this and try it out.
This is certainly going to do a great deal of help in tracking lost USB pen. Furthermore, since this is mobile, it should be implementable in DVD and CD as well, as long as the autorun.inf file captured the PC’s attention.
Ron Krauter
May. 25/2006/8:26 pm
Ok..never mind.. the html page redirects to a php script on a server. That will work.
Matt
May. 25/2006/8:28 pm
“# Stuart Says:
May 25th, 2006 at 1:58 pm
Hey, neat idea - I wonder if there’s a way you could run an application to gather more useful information, such as usernames or email addresses?
Maybe you could even automatically report the incident to the police, as well
”
Look at the latest 2600, The Ipod Fun Section.
drew
May. 25/2006/8:29 pm
Well, two points.
First, if there is a theft involved, and you present evidence that a user at a certain IP has possessed your stolen device, the police could very easily issue a warrant to the university or ISP, who would, in turn, reveal the identity of the user who was using that IP. You might be able to present this evidence to IT Security at the university itself… ISPs only refuse to reveal names if there is no evidence that crime has taken place. If you have documented the steps you took to track down the IP of the user who has your device, I would consider that sufficient evidence to warrent the, uh, warrant.
Second, there are a lot of universities that use static IPs for their systems, both public and private. If your “thief” was nothing more than some kid who just went, “Whoa, free drive. Sucks for them,” then they might very easily just plug the thing into their dormroom windows machine. Against a skilled and paranoid thief, however, you’d probably be SOL.
All in all, I like the concept. It might be slightly more useful to send the e-mail to your phone, though, so you don’t have to be checking your e-mail at the time. Have it send to 5555555555@verizonwireless.com or something…
Ed
May. 25/2006/8:31 pm
I found a way to track my USB key also, I clipped it to a string and when I plug it in I tie it to my backpack, now there is no way to forget it….unless i forget my whole backback
SG
May. 25/2006/8:32 pm
For all the reasons identified, it is an exercise in futility to get it returned. Probably the best way is to encrypt the data on the drive, and offer a juicy reward for anyone who finds it. Set up a file with your name and address and hope for the best.
If you want to screw with a thief, there are plenty of trojans you could drop on the drive. Heck, you could even get a bunch of small drives and rebadge them to 1GB. Then put on the outside “USING THIS DRIVE MAY CAUSE DAMAGE TO YOUR PC” With a return address on the outside. Then just short the power pin.
Then maybe we would all think twice before inserting strange hardware into our ports…:)
BH
admin
May. 25/2006/8:32 pm
Awesome topic.
EgyptianWarrior
May. 25/2006/8:33 pm
This seems like a great idea until one considers all the problems that are encountered.
1) The user needs to run the file.
- Problem with this is that the user may never open this file.
- The user might just delete or format the entire drive before looking at the file.
2) The user did run the file and you know have the IP you needed.
- Problem, unless you work for the University you probably don’t know which computers have what IP or at the very least what computer lab is using which subnet.
- The IP might be a campus wireless IP meaning the culprit could be any where on campus. I’m not sure about other Universities but mine has its own IP pool for wireless connections.
3) You manage to find the computer the culprit was at.
- Problem, the culprit could be long gone.
- There could be someone else there who has the same USB Pen and is not the theif.
4) You manage to find the theif with the the USB Pen.
- Problem, you need to prove that this is your pen and if the person actually stole it they won’t just give it to you. Even if you can describe the files on it you are assuming that the user hasn’t just formated it already, deleted several files, renamed files or copied the data somewhere else and erased everything.
There are a lot of problems with this. The best thing I could think of that would apply to my University and perhaps a few others is have a file that emails the names of the current drives. We have a networked drive that we can access from any campus machine that has the users net id as the name of the drive and the net id is also the email address. Now you can email the person and tell them when they clicked on the file and that they should return it to you.
Of course this is just a shot in the dark cause like I said the culprit could just format the entire drive.
yourwar
May. 25/2006/8:38 pm
Well I think if your not responsible enough to keep your USB drive with you and remember to take it out, you deserve to lose it.
Still a neat idea though. =)
blacklotus
May. 25/2006/8:43 pm
will if this was on a univerity computer then it would it would matter even if the person has logged off. the reason why in computer forensics we go also by time, date, when , where . so if you have an ip address then the lab tech at that time could give info of what the person looks like .
Blah
May. 25/2006/8:45 pm
Your method is ok, but not novel and still is reliant on the user executing the file. The autorun file should autorun.inf not ini!
Another tip is to encrypt the drive, their is free software that will let you encrypt the entire usb drive, so you can make a file on it like a txt file with your info - how to contact you so that you can get it back, and then make it so that file can be read - while the rest of the drive is encrypted ensuring that nothing can be stored on it - a sort of give it back to me or its useless technique.
chillingdk
May. 25/2006/8:46 pm
Great idea. But needs dedicated server so of no use to me. This reminds me of something else which can save my data to be fallen in wrong hands.
Is there any software available which encryptes all my files on pen drive or allows me to assign some password to it?
BTW I’ve 512 mb Sandisk mini cruiser.
Thanks in advance.
n. nescio
May. 25/2006/8:47 pm
What *REALLY* gets me is that people here seem to forget that (at least this holds true under American law) FINDING A LOST OBJECT DOES NOT EQUATE TO STEALING AN OBJECT. Possessing a lost object does not make one a thief, and at least under American law you’d have a hell of a time getting a search or arrest warrant based on some kid waving around an e-mail with an IP in it.
sirkism
May. 25/2006/8:50 pm
I thought there was a program that creates an autorun for usb drives?
Andy Walker
May. 25/2006/8:54 pm
You didn’t even try this, did you? Windows either ignores or prompts for execution of autorun.inf on a temporary removable storage device. The only way to get thumbdrive autorun to run transparently is to have a thumbdrive that does not report itself as removable (as certain partitions of so-called “secure drives” do), or to hack the driver of the client machine to use a non-thumbdrive driver.
Totally unworkable solution as written. Now, as for the sociological techniques of makeing a my_girlfriend.jpg.htm, well that’s another story.
Samh
May. 25/2006/8:55 pm
It will not work for a number of reasons, for example the IP address might not be static, they may be behind a corporate firewall in which case the IP address will not be theirs, and once you have the IP address, then what ? tracking that down to a user is not really going to happen now is it ? The only way it will work is if you are both on the same network at the same time. Maybe that happens in colleges, but it doesn’t happen anywhere else.
elaz1
May. 25/2006/9:05 pm
Can sum one pls upload the relawent files tat could be simply put on to my USB.
Thankx
RS
May. 25/2006/9:07 pm
make password.exe.txt, in which you make virus that ecrypts all hit jpg, doc, mpg, mp3 files… then just show your email and say he will get antivirus, if he returns that usb drive… the antivitus can be even on that same drive - protected with password…
)
(beside, as this is very useful, i’ll make one such program
youresam
May. 25/2006/9:35 pm
I created all the files you will need and instructions. I even hosted the php file!
http://forums.qj.net/showpost.php?p=670342&postcount=10
Your welcome!
cort
May. 25/2006/9:45 pm
How about adding a selfdestruct file; is that possible. If you back up your info often you wont lose anything, and if there is something you don’t want anyone else to see it’ll wipe it out.
yo yo
May. 25/2006/10:04 pm
You can also rename the drive and give it your name, that way when it’s plugged in your name is showing as a property of the drive.
If someone is honest they will see this and know who to contact.
moolder
May. 25/2006/11:24 pm
Why not put a file on the USB drive that contains your cell phone number. The dumb person who picked up your USB drive by accident could call you then and give back the stick to you
Never stop to believe…
mat
May. 26/2006/12:15 am
i know programs that notify your cell phone with ip adress when the usb drive is inserted
truth machine
May. 26/2006/2:05 am
“This method worked great”
Liar. You lost the your drive before you came up with the script. If you then went out and bought another drive, lost it too, and then recovered it via this script, you would have provided excruciating details.
“You didn’t even try this, did you? Windows either ignores or prompts for execution of autorun.inf on a temporary removable storage device….”
Hey, moron, he saud he tried autorun.inf but couldn’t get it to work.
truth machine
May. 26/2006/2:08 am
“How about adding a selfdestruct file; is that possible.”
Yeah, sure, it’s possible because we’re all living inside a Mission Impossible movie.
“if there is something you don’t want anyone else to see it’ll wipe it out”
His objection is to get back his drive, not to prevent people from seeing his worthless drivel, you cretin.
Reno
May. 26/2006/3:48 am
So very sneaky and so very right of you to do. Very cool idea. Though I keep mine on a yoke around my neck. No way I’m forgetting that when I leave a terminal.
admin
May. 26/2006/1:15 pm
I did try autorun.inf and it does promt, i can assure you i fully researchd the area, there is no boot sector but windows does reconise it and prompts you, which his no good.
pete
May. 29/2006/2:19 pm
why not have you files on the usb pen upload to a ftp server
if a certain file is clicked on
least then you get the files back and so what if you lose the pen
Paul
May. 31/2006/7:28 pm
dear youresam, could u give me that php file?
or anybody give me that php can send mail with smtp authenication?
host must have The IMAP module installed on PHP setup
or explain how it email us?
Radu
Jun. 3/2006/5:03 pm
I’ve read a lot of oppinions on this article, but isn’t it simpler to point the autorun to a program that reminds you every 10 min not to forget your stick? I think it would be a lot easier for you and people ariund you… Altough it’s a good ideea…
Rychan
Jun. 11/2006/3:10 am
Or maybe wire a flashing LED into the pen drive for total overkill so you notice with greater clarity where your pen drive is.
Students actually leave their pen drives lying around in university.
Well yeah, I found a few vacant PCs in the uni i was at but i handed them in. Still best bet would be to y’know check the pc your’e at doesn’t have an odd, stick shaped plastic thing sticking out of it.
Don’t be a data litterbug!!
root
Jun. 20/2006/9:20 am
I know that at my school running viruses through the school computers is not appriciated, so if you did write a Trojan and had your name associated with the USB pen drive, you would be in a position of trying to explain to the dean why you should be allowed to continue spending your time on that campus.
The only thing I don’t like about all of this autorun buisness is that the flashdrive itself can’t tell the difference between you and the next guy, so whatever you assign to this drive will happen everytime that YOU want to use the thing! I realize that you can just kill w/e app you start running, but that could get old in a hurry. IF you really want to not lose it, attach somekind of GPS to it. Besides, then you could say that you own a 80 pound pen.