White Rabbit

Have you ever wanted to be able to know when someone other than you has logged into your Mac? I wanted something that went beyond “Find my Mac”. I mean, that is nice functionality but I want to be notified when someone logs in, where they are geographically, and even what they look like!

So why “White Rabbit”? Because a Mac is a man’s cave and mine is protected by the Rabbit of Caerbannog. Google it, then giggle. I have had many digital white rabbits over the years.

The solution below is not perfect but it works well enough and can be improved. With some modifications, it might be made to work on a Linux box.

Requirements:

  • Automatically trigger upon login
  • Be as hidden as possible as not to attract attention
  • Send a text message to my phone with the current location and a picture taken from the Mac camera

What you need to know / have:

  • Basic terminal commands
  • shell scripting
  • cloud server

As this isn’t a tutorial, I won’t bore you with the logic of how the solution came to be, just how to get it working. This also serves as sort of self documentation for me. I can do that, it’s my blog.

I used an app on the Mac called “Automator”. It has the nice capability to be able to take a bunch of actions, string them together, and package them as a macOS application. This application can then be set to run on login.

Prepare – Get the following items taken care of first:

  1. Download and install LocateMe. This is a command-line utility that uses geolocation to return the location of your Mac. It has some nifty parameters too, which we will explain. It can be found here: https://sourceforge.net/projects/iharder/files/locateme/
  2. Sign up for textbelt.com, which allows you to send text messages, for a fee, from the command line. https://textbelt.com. They have different plans even for cheap guys like me. You will get a ket, which is a text string unique to you. Make sure you put it someplace handy and don’t loose it.
  3. Make sure you have a place to put the picture. I simply copy it to my server in the cloud. You should configure yours with a secure key like I did. All the cool kids do it that way. Again – this isn’t school so google it. It’s not that difficult.

Now, lets put everything together within the Automator app.

1 – Open Automator and start a new “application”.

2 – Add the action “Set Computer Volume” and configure it so that it mutes the volume. We don’t want the baddies to hear the camera, do we?

3 – Add the action “Take a video snapshot”. Configure it to place the picture it takes somewhere you will remember, I chose Downloads:

4 – Add the action “Run Shell Script”. Copy the script I provide later into it. In a bit I will explain what each line does for you:

5 – Then add the action “Set Computer Volume” again, this time to un-mute the volume. We don’t want them wondering why the volume went away and start investigating!

Ok, that’s the structure of the Automator app, 5 simple steps. All the fun happens in the shell script so lets take a look at it. First, before you rush and just copy and paste and go on your merry way, this WON’T WORK by just copying it into your app. You need to change stuff. So keep reading.

Code.

I am going to explain just the executable lines below one at a time, and then provide the entire script. My mom is reading this and she would want it that way.

First, we capture the current time into a variable using the date function. Here we captured the year, month, day and then the hour, minute and second. You know, for legal purposes. We will use this for a unique picture name here in a bit.

current_time=$(date "+%Y.%m.%d-%H.%M.%S")

Then we capture the name of the computer into another variable:

host=$(hostname)

Next, we rename the picture that we took so that they wont overwrite each other if multiple logins are triggered.

mv ~/Downloads/snapshot.tiff ~/Downloads/$host-snapshot-$current_time.tiff

Now upload the freshly renamed file. Replace the key, usernames and directories to make it work. I would test it as well…

scp -i ~/.ssh/white_rabbit.key ~/Downloads/*.tiff username@someserver.com:/somedirectory

Delete the file once you upload it. It is always good to clean up after yourselves children. Now, this is a bit of an aggressive approach below but I like scaring people with rm -rf and a bunch of asterisks… You know who you are.

rm -rf ~/Downloads/*.tiff

So now we have taken a picture and uploaded it to our online lair. Ok server. Whatever. Now we need to tell somebody what has happened!

Using the nifty LocateMe command, lets capture just that Latitude and Longitude. Lets capture it in a format that we can use in a URL for Apple Maps too, cause that will be handy!

LOCATION=$(~/LocateMe-v0.2.1/LocateMe -f "{LAT},{LON}")

Next, let us write the message to be contained in the text message we will send. Oh this is the fun part. Go wild. But lets keep it short. Ours will say what has happened and then provide two URL’s. The first will be the URL for Apple Maps to show the location. The second will be the URL to the photo that was uploaded.

message="Login performed from Brad's Mac: http://maps.apple.com/?ll=$LOCATION pictures: https://someserver.com:/somedirectory/$host-snapshot-$current_time.tiff"

AND finally, lets send ourselves a text with the results! curl is a handy command line utility that is basically a web browser for the command line. You can point it at sites and it does stuff. Yeah. It’s that cool.

curl -X POST https://textbelt.com/text --data-urlencode phone='5208675309' --data-urlencode message="$message" -d key=<yourkeyhere>

That’s it! Here is the whole script. Remember, you will need to change the important bits!

#upload the picture taken by automator
current_time=$(date "+%Y.%m.%d-%H.%M.%S")
host=$(hostname)
mv ~/Downloads/snapshot.tiff ~/Downloads/$host-snapshot-$current_time.tiff
scp -i ~/.ssh/white_rabbit.key ~/Downloads/*.tiff username@someserver.com:/somedirectory
rm -rf ~/Downloads/*.tiff
#phone home
LOCATION=$(~/LocateMe-v0.2.1/LocateMe -f "{LAT},{LON}")
message="Login performed from Brad's Mac: http://maps.apple.com/?ll=$LOCATION pictures: https://someserver.com:/somedirectory/$host-snapshot-$current_time.tiff"
curl -X POST https://textbelt.com/text --data-urlencode phone='5208675309' --data-urlencode message="$message" -d key=<yourkeyhere>

So, once deployed on login, the only thing a person sitting at the computer would notice is that the screen will flash on the Mac. That is the side effect of the “Take Video Snapshot” action. You will get a text message with clickable URL’s showing the location of the Mac as well as a picture of whatever happens to be sitting in front of the computer.

Some additional things I was thinking of doing with this:

  • Use the “say” command to have the Mac express some indignation to the person who logged in. You can even use different voices! Imagine their surprise when it says “Well, that’s no ordinary rabbit! That’s the most foul, cruel, and bad-tempered rodent you ever set eyes on!”
  • Have this trigger on other events, such as when someone wakes up the screen using “screenwatcher”, which would need to be installed. In fact, I may already have done this. Who knows. Just don’t come around my Mac without the Holy Hand Grenade of Antioch.

What other ideas do you have to extend this? Leave them in the comments!