//----------------------------------------------------------------------- Phorp: Phone Home Robot Pro http://www.donationcoder.com/Software/Mouser/phorp/ by mouser@donationcoder.com //----------------------------------------------------------------------- //----------------------------------------------------------------------- IMPORTANT NOTE: THESE ARE INSTRUCTIONS FOR HOW TO USE THE PROGRAM. FOR A MORE GENERAL INTRODUCTION AND OVERVIEW SEE 'OVERVIEW.txt' //----------------------------------------------------------------------- //----------------------------------------------------------------------- WHAT IT DOES Phorp is a small commandline program which you will set up to periodically connect to a website or ftp url of your choosing, where it will it will download instructions or programs to run that you will upload if your pc is stolen or lost. In other words, until your pc is lost or stolen, phorp simply downloads a file from your web page or ftp once a day or so, which contains no instructions and is simply ignored. Only when your pc is stolen would you upload a special file with instructions to phorp on what to do the next time it connects, and info about special programs to download and run on your stolen pc. See the README.txt file in this directory for a more gently introduction. //----------------------------------------------------------------------- //----------------------------------------------------------------------- SUPER QUICK WALKTHROUGH FOR PROS 1. Go into the deploy/ subdirectory matching your operating system. 2. Edit localconfig.xml and fill in USERNAME,SECRETPASS, and UPDATEURL 3. Run commandline: phorp -s "uploads/testapp.exe" to sign the test app. 4. Ftp the remoteconfig.xml and the testapp.exe to the location specified by UPDATEURL. 5. Verify everything by issuing the commandline: phorp -v 6. Test real execution by issuing commandline: phorp -r 7. After you verify it works, do commandline: phorp -s 8. Upload the new remoteupdate.xml and delete the pervious upload of testapp.exe which you no longer need. 9. If you are using *nix, create a cron entry to run "phorp -r" regularly once a day or so; check the operations.log file to check execution. 10.If you are using windows, set "phorp -r" to run with task scheduler, or run and configure the tray helper program. 11.Save your SECRETPASS someplace safe where you will remember it even if your pc is stolen or lost (if you can't then phorp is useless). //----------------------------------------------------------------------- //----------------------------------------------------------------------- THE CONFIGURATION FILES There are 2 configuration files that you will work with when using phorp. You will find examples of these files in the deploy/ subdirectory matching your operating system. They are both xml files exitable by a standard text editor. localconfig.xml The first file is localconfig.xml, and this is the file that stays on your local pc. Before using the program you need to edit this file and set the following three entries: USERNAME, UPDATEURL, SECRETPASS The USERNAME will be matched against a USERNAME in the remote file; phorp will ignore all entries with a non-matching USERNAME, which enables you to use a single remote file with multiple entries for different pcs. This value doesn't have to be kept secret. The UPDATEURL species the url for the remote file which contains the instructions for what phorp should execute. Ideally you would want to put this file on a server where only you have write access, but because of the additional password which is only on your local pc, it is not critical that this url be kept secret or that you are the only one who can write the specified file. The SECRETPASS value can be an entire sentence and is case sensitive. It should be kept secret and changed if anyone else discovers it. You will need to record it or remember it even in the case that your pc is stolen. This is important: if your forget your SECRETPASS and the only place it can be found is on your stolen pc, phorp is of no use to you!. The SECRETPASS is used to sign any instructions and files, so that only someone who knows the SECRETPASS can create an update file that your phorp will obey. remoteupdate.xml The second configuration file can be named whatever you want, but by default is called remoteupdate.xml. This is the file that you will upload to your server, and which phorp will be downloading once a day or so. Normally the file will be empty - only when your pc is stolen would you upload a new version of it with instructions for what you want phorp to do. The phorp executable will create a remoteupdate.xml file for you automatically using the settings in your localconfig.xml file. The file it creates will be empry or contain a securely signed entry for a file you specify. To create a blank remoteupdate.xml file, just run: phorp -s To create a remoteupdate.xml file which tells phorp to download and run a file called test.exe, you would execute: phorp -s "test.exe" If you look in he remoteupdate.xml file you will see that it contains an entry telling phorp about the file it should download and containing a secure signature which proves that you were the person who authoriszed this remoteupdate.xml file (based on the SECRETPASS in localconfig.xml). Now you need to upload the remoteupdate.xml file (and test.exe) to your server, at the location specified in the UPDATEURL field in your localconfig.xml file. //----------------------------------------------------------------------- //----------------------------------------------------------------------- OTHER FILES The 'operations.log' file is updated whenever the program runs; you can check it to see if everything went ok. Let's say your pc gets stolen, and so you upload some program you want phorp to run the next time it updates. What's to keep phorp from redownloading and rerunning the file each time it connects? To avoid this, phorp uses a UNIQUEFILEID entry in the remoteupdate.xml file items. When a program is downloaded and run by phorp it creates an entry in a file called ranuniqueids.exe signifying that the file has already been run. A default UNIQUEFILEID is added when you sign a file; you can change this to force phorp to redownload and re-run the file. //----------------------------------------------------------------------- //----------------------------------------------------------------------- ADVANCED USE Manually Editing your remote update file: The phorp executable will create a remoteupdate.xml file for you with the secure signature for a single file you specify. If you want to include muliple entries for multiple files or multiple pcs, then you will have to manually edit your update file and just paste in the file signature produced by the phorp program (make sure you store your real remoteupdate.xml file someplace so phorp won't overwrite it). //----------------------------------------------------------------------- //----------------------------------------------------------------------- TESTING OUT YOUR SETTINGS Because phorp is meant to run quietly and not alert a thief about it's functionality, it's critically important that you test the program out to make sure that it is properly connecting to the server and that you have configured it correctly. Although phorp isn't the easiest thing to figure out, it does have a verbose testing mode and it produces good log file as it runs, so you should be able to see when it is working quite easily. See the quick walkthrough above for steps to test your settings. //----------------------------------------------------------------------- //----------------------------------------------------------------------- TIPS AND TRICKS Let us know your suggestions via mouser@donationcoder.com //-----------------------------------------------------------------------