What is it ?
Pombo can help you recover your computer in the event it's stolen.
How does it work ?
Pombo works silentely in the background, hidden, and
sends tracking information to a webserver of your choice.
If your computer is stolen, just log into your webserver to get the
file uploaded by Pombo, decrypt and hand it to the police. They will
have all they need to catch the thief: IP address, date/time, nearby
routers, screenshot, and even a photo of his/her face if you have a
Pombo protects your privacy: Tracking information is encrypted with
rock-solid GnuPG and only you
Less than 300
lines of code.
- Protects your privacy:
Tracking information is encrypted with a public key before sending, and only you can decrypt it
corresponding private key.
- Secure: No port to open, and does not permit remote access.
- Does not rely
sites/services: You control the client and
the server. You can change servers anytime.
- Totally free: No software fee, no service
You can hack
it, adapt it.
backends: Pombo does not try to re-invent the wheel and
uses solid backends (eg. no
home-made encryption, uses rock-solid GnuPG)
takes a snapshot if an
internet connection is available.
Uses zero CPU,
zero memory and does not appear in process list when not active (not a
- Information collected:
- System name
- Public IP address
- Information about all network interfaces (wired and
wireless), including hardware address (MAC) of WiFi
access point the computer is connected to.
- Current network connections
- Nearby routers information
- List of all nearby WiFi access point, with their hardware
address (MAC), SSID and power.
- Webcam snaphot (if you have a webcam)
Pombo sends only GnuPG encrypted zip files (for example
) but for
practical reasons, here is an
example of what they contain:
Computer: Linux ubuntu 2.6.28-
Public IP: 220.127.116.11
Date/time: 2009-08-24 15:55:01
eth0 Link encap:Ethernet
What is provided
- pombo.py (to install on the computer to track)
- pombo.php (to install on the webserver which stores tracking information)
- The computer to be tracked must run Linux (altough there is a Windows version here, developed by BoboTiG)
- Software: Python, GnuPG
- Your GPG public key
- A website where you can install the php script (php4 or
- A small Linux and GnuPG knowledge
- scrot (for screenshots)
- streamer (for webcam snapshots)
- pngnq (to reduce the size of screenshots)
- traceroute (to get nearby routers information)
- Enable auto-login: The thief will not be blocked by the
login screen and will be less likely to wipe the harddisk.
- Copy your private key in a safe place. If you keep it only
computer and it gets stolen, you also loose your private key, and the
capacity to decrypt tracing files.
- Don't leave your private key
on the computer to protect. Although the private key is itself
encrypted and password-protected, it's better not let your private key
in the hands of the thief.
- To protect your private files from prying eyes, use VeraCrypt,
safe and reliable.
This program is distributed under the OSI-certified zlib/libpng license.
This software is provided 'as-is', without any express or
In no event will the authors be held liable for any damages arising from
the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
subject to the following restrictions:
1. The origin of this software must not
be misrepresented; you must not
you wrote the original software. If you use this software
product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be
plainly marked as such, and must not
misrepresented as being the original software.
3. This notice may not be removed or
altered from any source distribution.