Prey in Standalone Mode (OS X)

Prey is a powerful recovery tool for lost/stolen computers and smartphones. Even better is that their software is largely open source available on github.

It’s something I’ve used for some time. They are increasingly pushing you towards using their command center, and freemium service. I understand why they would want to — they are a company that tries to make money, and perhaps more importantly it is far easier for people to get set up and running with their unified service.

However, I like to run what they call “Standalone Mode”. This means that the server will try to ping a webpage I specify, and if it gets a 404 (because you pull that page down when your device goes missing), then a report will be generated. I like having this control and approach. When I tried to install via the dmg provided at their website, my only option was to use their command center so here is what I did instead:

  1. Crack open the terminal (or use iTerm, like a boss). I’m assuming a basic knowledge of the terminal.
  2. First we need to get the client:
    git clone https://github.com/prey/prey-bash-client.git
  3. Edit the config file in the client root directory. Edit: "check_url", "post_method", "mail_to", "smtp_server", "smtp_username", "smtp_password".

    • If you’re using gmail don’t use @gmail.com in your username.
    • As noted in the comments, you need to Base64 encode your password:
      echo -n "password" | openssl enc -base64
  4. If you try to run ./prey.sh from the client at this stage it will complain about no active modules. Don’t bother running it yet.
  5. It was not immediately obvious to me but we also need to separately get the latest modules. Modules allows us to do things like determine geographic location and take a picture with the webcam:
    git clone https://github.com/prey/prey-bash-client-modules.git
  6. If like me you’re thinking well this is simple let’s link these:

    ln -s ../bash-client-modules modules

    You would be wrong. Prey is expecting to use find which will not traverse through symlinks. Copy the contents of module repository directly into the client project into modules/ dir.

  7. Don’t run the default modules. It will lock the screen and sound an alarm. The password is preyrocks, yes I found out the hardway.

    rm -rf modules/lock/
    rm -rf modules/alarm/
  8. Now let’s move the client to the conventional place and set up the cron task.

    sudo mv prey-bash-client /usr/share/prey
    (sudo crontab -l | grep -v prey; echo "*/20 * * * * /usr/share/prey/prey.sh > /var/log/prey.log") | sudo crontab -

    It might output:

    crontab: no crontab for root

    Don’t be alarmed — it’s doing this because the command first lists cron tasks to ensure that you don’t already have a prey task.

I think the code makes a number of reasonable assumptions about things like modules, but I didn’t understand them going into working on this which caused me to take a little more time than I had anticipated.

I think the project has an excellent goal — though it could be reasonably debated how effective it would be if you’re using full disk encryption, since the person who “finds” the laptop will have little option but to wipe the hard drive which would take prey out of the picture. However, if the machine hasn’t been restarted yet there would be hope…

I haven’t been able to publish too much lately about Mymail-Crypt for Gmail, but will try to post soon about both it and OpenPGP.js

One thought on “Prey in Standalone Mode (OS X)

  1. Hello, and thanks for writing this guide. I’m sorry it wasn’t that easy for you, and I hope future versions of Prey will be much easier to install, configure, and run. We’re working on a completely new client written from scratch in Node.JS which should be much simpler and robust. The code is on our GitHub repo, and the installer is here.

    About Prey’s effectiveness, trust honeypots. An open user session, a locked boot loader, and an encrypted hard drive are a killer combo.

Leave a Reply

Your email address will not be published. Required fields are marked *