Tracking Down a Lost Macbook
Jan 19 2019, walked out of restaurant to find my car with smashed window behind driver side. My Mac and wife’s Dell laptops were taken. Filed police report, Mac’s Find My Mac is pretty useless unless computer is online. But computer can’t be online because thief didn’t have credentials to login.
I had to get a replacement computer quickly and not wanting to pay full retail price, I picked up a used Macbook Pro with same spec as the lost one. I asked seller for his driver’s license in order to make a purchase receipt since it’s a big purchase item. For some reason, seller initially was hesitant to comply, which made the transaction seemed a bit fishy but eventually he gave in and whipped out his license.
First thing I did with newly purchased used Macbook Pro was to wipe everything inside and reinstall operating system. Everything worked, until after installation, a curious message box popped up.
Some company can automatically configure this Mac? What is going on?
Surprised that fresh installed OS could be controlled by external entity so I started to look how this is possible. And after some research, this is what the pop-up message meant:
This used MBP belonged to some company before and still under its control.
Luckily, seller was willing to take the machine back and refund the money. Having that receipt with his driver’s license number probably saved me from purchasing a potentially stolen laptop.
Then a lightbulb lit up in my head.
If previous owner of this laptop can configure machine after I purchased and wiped it clean, that means if I can somehow claim to Apple as rightful owner of my lost laptop, then maybe I can do the same thing?
Turns out, it is possible and can be done with Apple’s Device Enrollment Program(DEP). When machine is reinstalled, as part of installation, it will contact Apple to check if it belongs to a DEP. Now, DEP itself doesn’t configure the machine. You have to configure DEP with MDM(Mobile Device Management) service provider. MDM is the service that configures iPhone/iPad/MBP.
For MDM, I chose Jamf Now because..it allows 3 free devices. That was enough for home use.
But there’s a caveat. If you purchase laptop from Apple directly, you have to tell Apple to enroll the device at purchase time. It is NOT possible to enroll device into DEP after purchase.
However, which still seemed dumb, if you purchase from authorized 3rd party vendor such as B&H, you can ask vendor to add the device into your company’s DEP AFTER purchase. To me, this is just non-sense that Apple could’t do this themself. Luckily, the lost laptop is purchased from authorized 3rd party.
To get into DEP, you’ll have to be either a school or business. I run a consulting business, so opt to setup a business account which involved jumping through a few hoops. Apple has to verify if business is legit, so self employee folks without business entity might be out of luck. Apple uses Dun & Bradstreet (D&B) record to validate business. Apple even called multiple times to check. Not a lot of pain, but not straightforward either.
After setting up business account, enroll in DEP and get a DEP number. Email B&H customer service, cs@bhphoto.com, request your MBP to be added into your DEP. You’ll have to provide receipt to prove that you are the rightful owner of laptop. Once B&H added laptop in DEP, you’ll receive an email from MDM that laptop is now under your control.
Achievement Unlock!
Now that we can do anything with machine, we need to install some sort of monitoring/tracking software onto this lost MBP. For that, Prey was chosen. Also free with 3 devices.
Next challenge was to install it without user interaction since I can’t login to this machine. (Or can I? If I have MDM, I should be able to create myself a user and enable remote access. Maybe we can try that next). In order to install tracking software without interaction and have it start sending homing info, I need to build a software package around this software to install and automatically run.
So here’s the biggest cost of this whole game, $99/year Apple Developer account in order to sign the package with valid crypto key that allows Mac to validate source of the package. Without this digital signature, Mac won’t install this app automatically and Jamf Now also requires signed package for installation. It’s a good thing. I have documented steps to build your own tracking package with Prey Project on this github repo: https://github.com/kloktech/recover_lost_mac. It was quite a bit of wrestle due to my lack of experience with MacOS packaging, but all that is now encapsulated in a script.
To build your own package, clone the repo, go through README.md and supply your own PREY_ID and Apple developer ID to build script, it will build your own automated Prey package that once install by MDM, starts to send homing info to your Prey account. With newest MacOS, 10.15, Prey requires permission to turn on webcam which would probably startle current user. But even they deny webcam access, screenshots and many information can still be tracked.
After package is prepped, use Jamf Now to create new app, then add new app to a profile and assigned lost MBP into the profile. So next time Lost MBP is reinstalled, Jamf Now will be contacted to configure the machine and this package will be pushed to it, install and start running.
With everything prepped, tested and configured, it’s now a waiting game. I knew the process works in my lab and tracking app really can track, but I can’t tell when The Lost One will get its OS reinstall so Jamf Now can install package.
About a week in, this email from Prey showed up.
WOW.
I can’t believe this long shot of an idea actually worked! Click into Prey Project portal and turn on “Report Missing” for this MBP and it starts to gather data.
At the end, with webcam pictures of user, bank PDF, screenshots of various online services such as Gmail, Facebook, Spotify and their account names, I decided not to pursue further.
I can’t bear the thought of a person being scared by police officers knocking on the door with a charge of potential felony on stolen property.
We did learn how to find a lost MBP without any previously installed software AND where to fix car window cheaply.
That, was a fun ride worthy of Lost MBP.
Summary:
- Get yourself a DEP(Device Enrollment Program) from Apple.
- Associate machine under DEP. Can be done at purchase time if purchase from Apple, or after purchase if bought from 3rd Party.
- If machine is still in your possession, install tracker software, then encrypt both disk and boot sector to prevent OS reinstall. Then create a no-password guest account so whoever taken the laptop can login with such guest account and we can track them when they connect to Wifi. Jump to next step if machine is not in your possession.
- Setup MDM(Jamf Now) with your Apple account so machine can be supervised by you. When machine is wiped and reinstall, it will automatically check against DEP by which point it will be pointed to your MDM, and tracker software will automatically install.
- Bonus: Setup disk encryption as part of configuration.
