I was analyzing the logs from my backup software. (We all do that, right?) And I noticed that prey.conf is getting backed up several times a day.
I’m not reconfiguring prey several times a day. The file contents aren’t changing. But the mod time is getting updated. So I went to high alert.
I confirmed with support that behavior is intentional:
Now I will accept that I’m just a stupid newb. I haven’t even been using GNU+Linux for 30 years yet.
I’m going to go out on a limb though and say magically touching it doesn’t do that. Have an immutable bit why dontcha. But touching is not necessary if the file hasn’t changed. If anything, check it’s hash on the hour and alert the portal if its changed and THEN (and only then) revert the change. Or use inotify or incrond to DETECT changes. but repeatedly overwriting it seems amateur/desperate.
But before they responded to me I got to looking. it appears that prey stores its settings in a sqlite db file called command.db, not just the prey.conf file that you might expect.
Here’s whats in that command.db sqlite file. (with unique values redacted, of course)
user@x360:~$ sqlite3 /etc/prey/commands.db <<<".dump"
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE versions (id TEXT PRIMARY KEY, “from” TEXT, “to” TEXT, attempts INTEGER, notified INTEGER);
CREATE TABLE keys (id TEXT PRIMARY KEY, value TEXT);
INSERT INTO keys VALUES(‘public_key’,‘LS0mypublickeyredactedtLQ==’);
INSERT INTO keys VALUES(‘private_key’,‘LS0myprivatekeyredacted0tLQ==’);
INSERT INTO keys VALUES(‘last_connection’,‘1711redacted649’);
INSERT INTO keys VALUES(‘hostname’,‘elitelaptopdotelitehaxordotcom’);
INSERT INTO keys VALUES(‘shouldPreyCFile’,‘true’);
INSERT INTO keys VALUES(‘preyconf’,’{“auto_connect”:false,“auto_update”:true,“download_edge”:false,“send_crash_reports”:true,“try_proxy”:null,“api_key”:"",“device_key”:"",“control-panel.host”:“solidpreyprojectcom”,“control-panel.protocol”:“https”,“control-panel.api_key”:“6f8redactedbecausewhynotcb”,“control-panel.device_key”:“dredacrtedc”,“control-panel.send_status_info”:true,“control-panel.scan_hardware”:false,“control-panel.location_aware”:true}’);
INSERT INTO keys VALUES(‘last_wifi_location’,’{“lat”:“69.redacred”,“lng”:"-42.0redacred",“accuracy”:“106219.34844531081”,“method”:“wifi”}’);
CREATE TABLE responses (id TEXT PRIMARY KEY, action_id TEXT, opts TEXT, out TEXT, error TEXT, status TEXT, action TEXT, time INTEGER, retries INTEGER);
CREATE TABLE commands (id TEXT PRIMARY KEY, command TEXT, target TEXT, options TEXT, started_resp INTEGER, started INTEGER, stopped_resp INTEGER, stopped INTEGER);
INSERT INTO commands VALUES(‘54red-ac-tedb5’,‘start’,‘alarm’,’{“sound”:“alarm”,“target”:“alarm”}’,0,‘2024-03-18T16:57:52.747Z’,0,‘2024-03-18T16:58:24.019Z’);
INSERT INTO commands VALUES(‘27d9redacted0df’,‘start’,‘alert’,’{“alert_message”:“Please contact elitehaxoremailatelitehaxorwebsitedotcom to arrange the return of this laptop. Or I will cut you.”,“target”:“alert”}’,0,‘2024-03-18T16:58:52.404Z’,0,‘2024-03-18T16:59:03.192Z’);
CREATE TABLE files (id TEXT PRIMARY KEY, name TEXT, path TEXT, size TEXT, user TEXT, attempt INTEGER, resumable INTEGER);
CREATE TABLE geofences (id TEXT PRIMARY KEY, name TEXT, state TEXT);
CREATE TABLE triggers (id TEXT PRIMARY KEY, name TEXT, persist INTEGER, synced_at INTEGER, last_exec INTEGER, automation_events TEXT, automation_actions TEXT);
COMMIT;
It’s a little interesting that I was able to read this config file as a regular user (not root) but that’s the privileges it installed with. I’m the only user of my laptop so I don’t are much, but the Prey devs might want to tighten that down. Or maybe they can’t, if they expect a gui agent running as a user can read those settings. But then maybe it should be split into a gui element and a root backend that provides a socket for the gui to talk to.
Anyway. I STILL have not gotten support to answer me what shouldPreyCFile is for. So I’m putting it out to the community. Any ideas folks?
I thought I’d just read the source myself since I thought it was open source, but searching on the site turned up nothing. I’d link here but the damn forum is limiting me links.
I found a “prey” user on on github, but it’s not clear to me that’s what I’m running on my debian laptop. node.js? really? for a tracking/wipe/alerting daemon? shoot me.
So where’s the source for prey_1.11.4_amd64.deb ?
And what does shouldPreyCFile do?
I swear. I looked in the source. at least what’s on github…
But its not super commented and still not clear to me what it actually does.