Difference between revisions of "Script for theft alarm using HDAPS"
(→Ideas for improvement) |
|||
Line 48: | Line 48: | ||
==Ideas for improvement== | ==Ideas for improvement== | ||
Features awaiting contribution: | Features awaiting contribution: | ||
+ | |||
===Activation=== | ===Activation=== | ||
* Gnome and xscreensaver support (similarly to [http://fdd.com/software/radeon/lightwatch.pl lightwatch.pl]?) | * Gnome and xscreensaver support (similarly to [http://fdd.com/software/radeon/lightwatch.pl lightwatch.pl]?) | ||
+ | * Monitor X server presence and make noise on sudden X server shutdown (i.e. catch {{key|ctrl}}{{key|alt}}{{key|backspace}} events). | ||
* Monitor AC power and take it into account for alarm activation -- thieves seldom carry a UPS. | * Monitor AC power and take it into account for alarm activation -- thieves seldom carry a UPS. | ||
* Monitor proximity to a bluetooth device carried by the owner, and take it into account for alarm activation. I'll implement this if you get [[User:Thinker|me]] a [[IBM Integrated Bluetooth IV with 56K Modem (BMDC-3)|BMDC-3]] Bluetooth card. | * Monitor proximity to a bluetooth device carried by the owner, and take it into account for alarm activation. I'll implement this if you get [[User:Thinker|me]] a [[IBM Integrated Bluetooth IV with 56K Modem (BMDC-3)|BMDC-3]] Bluetooth card. | ||
* Don't arm the alarm if movement of similar magnitude was happening also before the screensaver was auto-locked (the owner might be in a moving vehicle, etc.). | * Don't arm the alarm if movement of similar magnitude was happening also before the screensaver was auto-locked (the owner might be in a moving vehicle, etc.). | ||
* Disarm the alarm (or hold it off for a few seconds, as already implemented for lid open) based on voice/sound recognition using the built-in microphone. | * Disarm the alarm (or hold it off for a few seconds, as already implemented for lid open) based on voice/sound recognition using the built-in microphone. | ||
+ | * Use fingerprint reader to disarm the alarm. | ||
===Precaution=== | ===Precaution=== | ||
Line 66: | Line 69: | ||
===Lockdown=== | ===Lockdown=== | ||
* Disable the volume buttons when the script is running so that a thief can't just turn the volume down. (Not an issue when <tt>ibm_acpi</tt> volume control is available - see [[#Prerequisites|Prerequisites]].) | * Disable the volume buttons when the script is running so that a thief can't just turn the volume down. (Not an issue when <tt>ibm_acpi</tt> volume control is available - see [[#Prerequisites|Prerequisites]].) | ||
− | * Disable suspend and poweroff (to the extent possible) when the | + | * Disable suspend and powersaving measures when armed. |
+ | * Disable poweroff (to the extent possible) when armed - or at least use the two seconds the power button acpi function comes active before poweroff to make as much noise as possible (it may take a while for a casual thief to actully remove the battery). | ||
===Alert=== | ===Alert=== | ||
* Start out quietly, and increase siren duration and volume if movement persists. Reset after a period of no movement. | * Start out quietly, and increase siren duration and volume if movement persists. Reset after a period of no movement. | ||
− | * Report theft via network (if you get a chance to). | + | * Report theft via network (if you get a chance to): |
− | * When the alarm is triggered, also show a visual warning on the display. Override screensaver/powersaving if necessary. | + | **Check for presence of wired or open wireless network and connect if not already connected. |
+ | **Send eMail to email to sms gateway or use an online sms service. | ||
+ | **If builtin webcam is present, take shots and upload them to a server or send via email. | ||
+ | (This could be activated over a reboot, so that even if the thief gets away with the laptop, it would | ||
+ | still be somewhat traceable.) | ||
+ | **If WAN of GPS devices are present, use it to detect position to a web server. | ||
+ | * When the alarm is triggered, also show a visual warning on the display. Override screensaver/powersaving if necessary. I.e., inform the thief that the notebook has a power on password and is useless without it. (This can be done by selecting a dedicated screensaver for that purpose.) | ||
+ | * Eject optical drive to irritate and hence slow down the thief. | ||
===Other=== | ===Other=== | ||
* Implement this functionality in the embedded controller, so that the alarm will work even when the laptop is suspended. It may be possible to do so without IBM/Lenovo's involvement, using the [http://forum.thinkpads.com/viewtopic.php?t=20958 embedded controller disassembly]. | * Implement this functionality in the embedded controller, so that the alarm will work even when the laptop is suspended. It may be possible to do so without IBM/Lenovo's involvement, using the [http://forum.thinkpads.com/viewtopic.php?t=20958 embedded controller disassembly]. | ||
* On Ubuntu, some of the paths don't work. alsactl is in /sbin, not /usr/sbin, and pidof is in /bin, not /sbin. These probably shouldn't be hardcoded paths. (Fix: create symlinks) | * On Ubuntu, some of the paths don't work. alsactl is in /sbin, not /usr/sbin, and pidof is in /bin, not /sbin. These probably shouldn't be hardcoded paths. (Fix: create symlinks) | ||
+ | |||
+ | ==Pitfalls (and solutions?)== | ||
+ | * The audible alarm can always be suppressed by plugging earphones into the audio-jack | ||
+ | (could be dealt with if software override for the audio-jack diversion is possible). | ||
+ | * The power button can be held to hard poweroff the notebook | ||
+ | (can be avoided by using usb/bluetooth detection, closing the lid and sounding alarm | ||
+ | if lid is opened before the usb/bluetooth device is present). | ||
+ | * The thief can unplug the battery to hard poweroff the notebook | ||
+ | (can't do anything about it, but to set the alarm settings so that it goes off quickly - | ||
+ | i.e., when using bluetooth detection, disable grace-period if activated manually) | ||
==Another Script (plugin-based)== | ==Another Script (plugin-based)== | ||
Line 88: | Line 109: | ||
It has almost the same features as the comprehensive script above, with a few improvements. It uses dbus to query the screensaver status and gconf for storing configuration value. To improve the delay before the alarm sounds, it has a built-in wav player, and it opens the file-descriptor of the wav at startup time (thereby removing the need to spawn an application to play the alarm; imagine someone stealing your laptop while you're doing heavy disk io). Furthermore, it has a trayicon allowing you to manipulate most settings stored in gconf aswell as showing you the current status of the alarm. The 0.2 release features activation on missing presence of a bluetooth or usb device. | It has almost the same features as the comprehensive script above, with a few improvements. It uses dbus to query the screensaver status and gconf for storing configuration value. To improve the delay before the alarm sounds, it has a built-in wav player, and it opens the file-descriptor of the wav at startup time (thereby removing the need to spawn an application to play the alarm; imagine someone stealing your laptop while you're doing heavy disk io). Furthermore, it has a trayicon allowing you to manipulate most settings stored in gconf aswell as showing you the current status of the alarm. The 0.2 release features activation on missing presence of a bluetooth or usb device. | ||
+ | |||
+ | ==Conceptional thoughts== | ||
+ | The above feature improvement suggestions partly require the theft protection software to be running as root (ACPI and hardware management), partly to be running as user (DBus SessionBus communications). Hence the following approach would be the one opening for the most coverage: | ||
+ | *theft-protection-daemon; run as root by init; controlling config, system related activation, lockdown and alarm | ||
+ | *theft-protection-trayicon; run in user-session; reporting desktop related activation criteria to the daemon and giving visual user feedback on the desktop | ||
+ | *theft-protection-properties; runnable as user; reporting configuration changes to daemon | ||
+ | |||
+ | Ideally, they would provide a plugin-system, with plugins consisting of a functional and a gui part. | ||
+ | With this scheme, the theft protection can't be circumvented i.e. by pressing {{key|ctrl}}{{key|alt}}{{key|backspace}}. | ||
[[Category:Scripts]] | [[Category:Scripts]] |
Revision as of 04:01, 21 January 2007
Contents
General
Recent ThinkPad models include a built-in two-axis accelerometer, as part of the HDAPS feature. This accelerometer can be put to another use: as a laptop theft deterrent. The following scripts detect when the laptop is moved, and emits a loud audio alarm.
This alarm can be an effective deterrent against a casual laptop-snatcher in a populated environment (e.g., typical office space). It's also useful when you're across the room from the laptop and want to know if someone fiddles with it.
Note that the alarm is disabled when the laptop is suspended or powered off. You can buy external (hardware) motion detector alarms to handle those cases.
A comprehensive script
This Perl script periodically samples the tilt data reported by the accelerometer, computes the variance over recent samples, and triggers the alarm when the variance exceeds a given threshold.
On a ThinkPad with Active Protection System running a modern Linux installation with the hdaps kernel module loaded, the script should work as is. Just run # tp-theft --arm
and see (or rather, hear) what happens when you tilt your laptop.
The volume and alarm sound can be adjusted at the top of the script. On a ThinkPad T43, the synthetic siren at $alarm_volume=100 (up from the default 70) is quite ear-splitting, and combined with $acpi_volume=15 it is dangerously loud.
The script is designed to run continuously in the background, so by default the alarm will be activated only when the KDE screen saver is locked. If you you open the laptop lid (or press the lid button) shortly before or after the beginning of movement, the alarm will be suspended (except for a brief warning) and you will get a few seconds of grace to unlock the screen saver (preferably, using the integrated fingerprint reader!). You can disable this functionality by passing the --arm parameter, by setting $use_kde=0 and $use_lid=0, or by using the simpler script below.
Prerequisites
- ThinkPad with Active Protection System
- hdaps kernel module loaded (included in kernel 2.6.14 and later)
- Optional: ibm_acpi module loaded with the experimental=1 parameter (included in kernel 2.6.14 and later; needed only for full volume control)
The following are included in all modern Linux distributions:
- ALSA sound system, alsactl, aplay, amixer )
- sox (SOund eXchange) sound utility
The script
A basic script
This is a simpler version of the above script, which omits the fancier functionality such as KDE screensaver detection, lid detection and state machine.
Prerequisites
- ThinkPad with Active Protection System
- hdaps kernel module loaded (included in kernel 2.6.14 and later)
- aumix mixer control utility (included in all modern Linux distributions)
- sox (SOund eXchange) sound utility (included in all modern Linux distributions)
The script
Ideas for improvement
Features awaiting contribution:
Activation
- Gnome and xscreensaver support (similarly to lightwatch.pl?)
- Monitor X server presence and make noise on sudden X server shutdown (i.e. catch ctrlaltbackspace events).
- Monitor AC power and take it into account for alarm activation -- thieves seldom carry a UPS.
- Monitor proximity to a bluetooth device carried by the owner, and take it into account for alarm activation. I'll implement this if you get me a BMDC-3 Bluetooth card.
- Don't arm the alarm if movement of similar magnitude was happening also before the screensaver was auto-locked (the owner might be in a moving vehicle, etc.).
- Disarm the alarm (or hold it off for a few seconds, as already implemented for lid open) based on voice/sound recognition using the built-in microphone.
- Use fingerprint reader to disarm the alarm.
Precaution
- Disable the alarm when headphones are plugged in -- it may cause hearing damage (if the user ignores the initial warning), and won't be effective anyway. Can we detect whether the something is plugged into the headphones/line-out socket?
- Theft attempts may be accompanied by rough handling, especially when the siren kicks in. So when starting an alarm also park the disk heads. Release the parking when a key is pressed (according /sys/bus/platform/drivers/hdaps/hdaps/keyboard_activity) so that the login prompt can start up. This requires kernel support for disk head parking and queue freezing, currently developed for the (original) HDAPS functionality.
Indication
- Use XOSD to ivisually ndicate state changes.
- Use TrayIcon to indicate state changes.
- Use Notifications to indicate state changes.
Lockdown
- Disable the volume buttons when the script is running so that a thief can't just turn the volume down. (Not an issue when ibm_acpi volume control is available - see Prerequisites.)
- Disable suspend and powersaving measures when armed.
- Disable poweroff (to the extent possible) when armed - or at least use the two seconds the power button acpi function comes active before poweroff to make as much noise as possible (it may take a while for a casual thief to actully remove the battery).
Alert
- Start out quietly, and increase siren duration and volume if movement persists. Reset after a period of no movement.
- Report theft via network (if you get a chance to):
- Check for presence of wired or open wireless network and connect if not already connected.
- Send eMail to email to sms gateway or use an online sms service.
- If builtin webcam is present, take shots and upload them to a server or send via email.
(This could be activated over a reboot, so that even if the thief gets away with the laptop, it would still be somewhat traceable.)
- If WAN of GPS devices are present, use it to detect position to a web server.
- When the alarm is triggered, also show a visual warning on the display. Override screensaver/powersaving if necessary. I.e., inform the thief that the notebook has a power on password and is useless without it. (This can be done by selecting a dedicated screensaver for that purpose.)
- Eject optical drive to irritate and hence slow down the thief.
Other
- Implement this functionality in the embedded controller, so that the alarm will work even when the laptop is suspended. It may be possible to do so without IBM/Lenovo's involvement, using the embedded controller disassembly.
- On Ubuntu, some of the paths don't work. alsactl is in /sbin, not /usr/sbin, and pidof is in /bin, not /sbin. These probably shouldn't be hardcoded paths. (Fix: create symlinks)
Pitfalls (and solutions?)
- The audible alarm can always be suppressed by plugging earphones into the audio-jack
(could be dealt with if software override for the audio-jack diversion is possible).
- The power button can be held to hard poweroff the notebook
(can be avoided by using usb/bluetooth detection, closing the lid and sounding alarm if lid is opened before the usb/bluetooth device is present).
- The thief can unplug the battery to hard poweroff the notebook
(can't do anything about it, but to set the alarm settings so that it goes off quickly - i.e., when using bluetooth detection, disable grace-period if activated manually)
Another Script (plugin-based)
there's another script with the same intention available at http://www.informatik.hu-berlin.de/~pilop/HOWTO_Gentoo_T43/#TheftAlarm
it uses a plugin-architecture for different checks (HDAPS, ethernet, power, lid, ...)
Yet another script (python/gtk based)
You can find yet another version of this script at
http://r3blog.nl/index.php/thinkpad-theft
It has almost the same features as the comprehensive script above, with a few improvements. It uses dbus to query the screensaver status and gconf for storing configuration value. To improve the delay before the alarm sounds, it has a built-in wav player, and it opens the file-descriptor of the wav at startup time (thereby removing the need to spawn an application to play the alarm; imagine someone stealing your laptop while you're doing heavy disk io). Furthermore, it has a trayicon allowing you to manipulate most settings stored in gconf aswell as showing you the current status of the alarm. The 0.2 release features activation on missing presence of a bluetooth or usb device.
Conceptional thoughts
The above feature improvement suggestions partly require the theft protection software to be running as root (ACPI and hardware management), partly to be running as user (DBus SessionBus communications). Hence the following approach would be the one opening for the most coverage:
- theft-protection-daemon; run as root by init; controlling config, system related activation, lockdown and alarm
- theft-protection-trayicon; run in user-session; reporting desktop related activation criteria to the daemon and giving visual user feedback on the desktop
- theft-protection-properties; runnable as user; reporting configuration changes to daemon
Ideally, they would provide a plugin-system, with plugins consisting of a functional and a gui part. With this scheme, the theft protection can't be circumvented i.e. by pressing ctrlaltbackspace.