//----------------------------------------------------------------------- Phorp: Phone Home Robot Pro http://www.donationcoder.com/Software/Mouser/phorp/ by mouser@donationcoder.com Coded in cross-platform compliant C++ for Windows/Linux/Mac/etc. //----------------------------------------------------------------------- //----------------------------------------------------------------------- NOTE: THIS IS JUST THE INTRO README - SEE 'INSTRUCTIONS.txt' FOR FULL DETAILS //----------------------------------------------------------------------- //----------------------------------------------------------------------- CHANGE HISTORY: Version 1.00.01 - Dec 07, 2006 First alpha release Modifications for linux build by Gothic Documentation started //----------------------------------------------------------------------- //----------------------------------------------------------------------- WHAT IS PHORP? Phone Home Robot Pro (phorp) is a program that runs on your pc or laptop, and periodically "phones home" to a server somewhere to check if it has been stolen, and gets instructions on what to do if it has been. There are a lot of services you can buy that perform similarly to phorp, in that they connect regularly to a central server so that you can hopefully track them down when they are stolen. In general, phorp is different from these services in that it attempts to be extremely lightweight and minimalistic, and in that there is no single service you need to subscribe to. Instead, you can use your own web servers or ftp accounts as the home page for the program to phone home to and for you to leave instructions for. It is extremely rare for a computer to actually be stolen or lost, so rather than installing a bloated program on your pc that tries to anticipate all the possible things you might need to be able to do if your pc is stolen, phorp works by checking a server for instructions from its master (you!). Normally there will be nothing for it to do. But, if your pc is stolen, you would upload some programs on your server for phorp to execute. Assuming the instructions have been authenticated for security to prove that you uploaded them, they will be executed by phorp silently the next time it phones home. What programs would you have phorp execute? Well typically a good option might be to run a remote control program that would let you connect in and observe and control the pc. Other choices might be to install a keylogger, or a program to erase all of your sensitive data. The choice is up to you. //----------------------------------------------------------------------- //----------------------------------------------------------------------- CAUTIONARY NOTES! For the love of jeebus please be carefull with phorp. Every effort has been made to make it impossibile for someone else to trick your computer to executing malicious code. The program does not accept connections from other pcs, and only connects to the url you specify. So the first thing an attacker would have to do is be able to modify the file at the url that you configure phorp to connect to. But even if they were able to hack into the server and replace your update file maliciously, unless they know the secret passphrase that you alone create and store on your local pc (and not on the remote server), they will not be able to create a file that your phorp will execute. Our feeling is that if they are able to hack into your local pc and determine the secret password you have configured for phorp, then you are already fuxored. //----------------------------------------------------------------------- //----------------------------------------------------------------------- HELPER PROGRAMS TO USE WITH PHORP Keyloggers Hidden activity mointors / screenshot mailers Hidden Remote Control Apps File Wipers //----------------------------------------------------------------------- //----------------------------------------------------------------------- CREDITS This program is made up of a bunch of other open source libraries, which do most of the work. The libraries used are: TinyXml - http://www.grinninglizard.com/tinyxml/ - handles all xml stuff libcurl - http://curl.haxx.se/ - cross platform internet file getting sha - http://www.saddi.com/software/sha/ - sha hashing for security Special thanks to Gothic for help making it linux compatible. //----------------------------------------------------------------------- //----------------------------------------------------------------------- LICENSE phorp is open source software; you are free to use the code in your own projects, but please give credit to the author when you do. You may not sell this program. If you use phorp or extend it, please pay us a visit on the donationcoder.com forum and let us know! //----------------------------------------------------------------------- //----------------------------------------------------------------------- DISCLAIMER Every attempt has been made to ensure that no security risks exist in this program. Due to the advanced nature of its operation, and inherent risk involved in a program of this sort, you should only use phorp if you are comfortable with this kind of tool, and no warranty is provided should you shoot yourself in the foot with it. //----------------------------------------------------------------------- //----------------------------------------------------------------------- RELATED PROGRAMS AND SERVICES I've not tested these; if you have another program or site to add to this list, drop me an email: mouser@donationcoder.com http://www.pcphonehome.com/ http://blogs.ittoolbox.com/security/investigator/archives/stolen-machines-phone-home-10506 http://www.thecyberangel.com/ http://www.computersecurity.com/stealth/ http://korflab.ucdavis.edu:16080/weblog/keith/Oddsandends/2006/08/23/Trackingstolencomputers.html http://www.geek.com/news/geeknews/2003May/gee20030528020151.htm http://www.worldsecuritycorp.com/Order_Computrace.htm //-----------------------------------------------------------------------