I recently bought a used Sony Notebook for a really great price that could not be passed up, is there any way to find out if its stolen? Someone told me that there are programs that can trace your IP information once online and then proceed to find the "thief" if a laptop is reported stolen but I dont want to be the one being called the thief if this is the case, Is there a way to find these tracking programs or any sign of funny buissnes? I just basically want to make shure someone didnt get ripped off down the line and the comp is on the "up and up" any help is appreciated.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Is It Stolen??
- Thread starter appatula
- Start date
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
A lot of OEM notebooks and some desktop systems have a tiny partition on the drive that's inaccessable by doing a normal FDISK. I'm pretty sure that's where they put the info that will be sent out to check serial numbers against police reports.
Have to use a disk utility to get to that one. Drawing a mental blank on what I used last time.
Have to use a disk utility to get to that one. Drawing a mental blank on what I used last time.
Thanks guys but is there a way to see if any tracking software is installed such as Absolute Tracking or Trakion ect. because I dont want the law enforcment knocking on my door. HTPC Rookie is right about the partition I was reading about somthing like that on Absolute's website. What else can I do other than wiping? can I just find out of anything like that is installed to begin with?
-Appatula
-Appatula
Komataguri
2[H]4U
- Joined
- Jan 29, 2004
- Messages
- 3,355
a very powerful magnet could also work [j/k] 
Zardoz
2[H]4U
- Joined
- Aug 27, 2000
- Messages
- 3,251
HTPC Rookie said:
That's a new one, you have some proof? both hard drive and computer manufactures do not have the time let alone want to spend the extra money to do what you are saying. about the most they do is to create a hidden partition to put the factory image of that system on. this is done in the image process and is very automated.
Dell, has service tag numbers on all there systems, if a system becomes stolen they will flag the system for you. that way if it ever gets called for support or sent in, they will know...
lithium726
[H]F Junkie
- Joined
- Jun 16, 2004
- Messages
- 8,195
if you are talking about tracing hte MAC address, you need a new NIC (wether it be wireless or rj45)
the MAC address cant be changed, so if the owner wrote this down and is using it to trace the machine whenever it becomes active on the net, your only choice is to use a different nic in the card (PCMCIA for rj45, new mini-PCI card for the wireless)
the MAC address cant be changed, so if the owner wrote this down and is using it to trace the machine whenever it becomes active on the net, your only choice is to use a different nic in the card (PCMCIA for rj45, new mini-PCI card for the wireless)
-(Xyphox)-
Supreme [H]ardness
- Joined
- Sep 9, 2004
- Messages
- 6,518
i would get a new HD/Nic and do a fresh install
if it is stolen not like its your fault you dident steal it
if it is stolen not like its your fault you dident steal it
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
Zardoz said:
No 100% positive proof...just a suspicion, because of some odd stuff that goes on when we buy a bunch of IBM systems for work. We bring them up using V2i software and immediatly replace the image on the drive with a master we set up for whatever system type we bought at that time. So the OEM software suite is toasted long before we hook it to the network.
Then, when they're up and running, and able to get to the 'net, somehow when we check IBM's website, the systems have already registered themselves with IBM. But if we enter a systems serial number before we plug it in at all, IBm wants us to register it.
So right now all we can figure is that little partition we don't overwrite / get rid of is doing something sneaky.
Hopefully someone can tell us the real method they register themselves with.
Yeah exactly I just bought the thing, The other thing to note it looked like it was a kids personal notebook for school from the files that were left on it (that are now erased, not my biz) now this mac address thing how would they trace the mac address? wouldent they have to find it or scan for it? some of the tracking programs I was reading about just send out IP addresses when reported stolen nothing about Mac addys from your NIC and yes it does have integrated wirless LAN. I just dont feel like going through all this rigamoroue and i dont have a win XP disk to do a reinstall let alone the serial on the back of the notebook might not work what can i do???
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
appatula said:
You just touched on something we considered, IBM sees the system's on-board NICs MAC. But what would cause the NIC to broadcast the MAC? Or does the MAC go with every packet anyways?
I don't think it would be too difficult for OEMs to customize that little partition to individual machines...no more difficult than pre-loading XP with individual SNs per machine.
lithium726
[H]F Junkie
- Joined
- Jun 16, 2004
- Messages
- 8,195
its a protocol named ARP. adress resolution protocal. when a system connects to the net, it is asigned an IP. that IP needs to be linked to the MAC - this is where ARP comes in. the router keeps a table of what IP goes to where so it knows where to send stuff. IP's are changable. MAC's arent. im not talking about that little home router you got either, im talking about any router you ping too (ie, any router that is infront of a server, or any router out there on the WWW) will know your mac address.HTPC Rookie said:
yes. htey can trace it.
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
appatula said:
I think just to be on the safe side I'd put a PCMCIA NIC in it and disable the on-board (if it doesn't disable itself, my Dell's doesn't, so I do it in BIOS setup).
Even though you didn't steal it, if it is stolen, receiving stolen property is still against the law. Usually (quote "usually") the cops will just ask you who you got it from, they're more interested in who stole it than who has it now. But they would take it from you.
lithium726
[H]F Junkie
- Joined
- Jun 16, 2004
- Messages
- 8,195
as long as you dont plug it in, its not gonna broadcast anythingHTPC Rookie said:
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
lithium726 said:as long as you dont plug it in, its not gonna broadcast anything
aye, this is true!
lithium726
[H]F Junkie
- Joined
- Jun 16, 2004
- Messages
- 8,195
yeah, the wireless lan card is user removeable. just get a new one off ebayappatula said:
the wireless lan card is a nic
nic= network interface card. the RJ45 is just hte normal Cat5 plug.
Komataguri
2[H]4U
- Joined
- Jan 29, 2004
- Messages
- 3,355
I think if your so god damn scared of it being stolen, that you wouldn't have bought it.
So, either YOU did something suspicious yourself, or your being paranoid.
EIther way, this thread, as it seems to me, is asking " How do I keep my stolen laptop from broadcasting its info so people won't be able to find it? "
So, either YOU did something suspicious yourself, or your being paranoid.
EIther way, this thread, as it seems to me, is asking " How do I keep my stolen laptop from broadcasting its info so people won't be able to find it? "
lithium726
[H]F Junkie
- Joined
- Jun 16, 2004
- Messages
- 8,195
well, i think as long as you dont call it in for a servicing, youll be ok... if the machine is flagged and you call it in, theyll deny you and probably report it. the service tag is ebedded in teh bios
Ok kool thanks you guys and Komataguri that wasnt a very helpful post, Im not scared Im just trying to learn, but yes I am a little paranoid for a very reasonable matter I think. One thing I have to get across though I dont appreciate you subliminally suggesting that I am the thief, anyway thats what I got out of it, I found it quite disrespectful. But to all who helped thanks!! You are what makes [H] forums so great!
-Appatula
-Appatula
HTPC Rookie
Gawd
- Joined
- Dec 24, 2004
- Messages
- 588
ikari303 said:
I always thought the outside world only sees the MAC of your router, even with the cheap jobs. That's why a lot of routers let you do MAC cloning, so if you hooked up with your ISP with the MAC in your computer, then stuck a router in, you could clone the PCs MAC and send it out. Thought it was up to the router to worry about IP routing on the inside.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
Zardoz said:
I've got news for ya, I have Absolute Software's tracing program on a couple machines. So far it has survived fdisk, zero fill, and a few other deletion methods. The only way AFAIK to remove this software from the HDD is to do a *factory* low level format which the average joe cannot do.
I also recently purchase an IBM T43P Thinkpad which has Absolute's tracking software embedded in the firmware of the laptop which continues to work despite removing and replacing the hard drive with a new one.
Speaking from experience with Absolute's software, their system periodically logs hardware and software baselines and changes. Not to mention if the customer wanted, they can initiate a HDD wipe remotely the next time the system calls in for instructions.
None of the software based firewalls have detected it's callouts, nor has any antispyware, antitrojan, antivirus application detected it's presence.
SJConsultant
2[H]4U
- Joined
- Jan 14, 2004
- Messages
- 3,599
appatula said:
Yes I read that by your first post, I was simply making a few points:
1. There are a few OEMs who bundle tracking software with their products
2. IBM is setting a standard by incorporating tracking capabilities via hardware
3. Tracking software such as Absolute's can evade most detection methods.
4. Tracking software will survive conventional removal methods such as fdisk, zero fill, etc
5. Only by removing and destroying the hard drive will you be sure it's not there unless its hardware based (see point # 2)
HTPC Rookie said:
Nope, layer 2 addresses will never make it to a destination site on the internet. Here's how it works:
- Packet leaves your computer with your laptops MAC address, and hits your router.
- Router recieves packet, pulls the layer 1 data (raw 1's and 0's) off the wire, reads the MAC (layer 2) and realizes that the packet was destined for it. So it takes it, reads the layer 3 address to find out where it's supposed to go.
- The router then re-assembles the packet; it takes the existing piece of the packet (layers 4-7), adds a layer 3 address (which is is destination IP, and the source ip is it's doing some sort of NAT), then before it's sent out, the routers Layer 2 address (MAC) is placed in the packet.
- Then this packet is placed onto layer 1, which is the transport medium itself as a string of 1's and 0's.
As you can see, the MAC address never gets past your router.
Now MAC address cloning is used when your ISP ignores traffic from any MAC addresses besides the one they have on record for you. In this case, the above process still applies, except when it places the MAC on the packet, it simply forges it. Nothing special.
hokatichenci
Gawd
- Joined
- Oct 28, 2004
- Messages
- 722
lithium726 said:
MAC addresses can easily be faked in just about any operating system. I do this reguarlly (legally) under Linux to have my NIC and Wireless on my laptop receive the same DHCP IP over my home network. If the original poster wants to know if its stolen, they need to contact sony and local enforcement as referenced earlier, or perhaps review the remaining data on the hard drive to see if the information matches the person it was purchased from. But usually if a price is too good to be true, it usually is.
This thread went from "how can I tell if it was stolen" to how can I hide the fact that iit is stolen. Come on dood. What comes around goes around... What dod you pay for the thing 50 bucks? Our school just lost 28 notebooks in a charging cart, second time in a month. Receiving stolen property is still a crime and they can still bust you.....
Allright well a few people are misinterpreting this whole thread and before people start making a huge deal about it lets just drop it. I dont like the fact people think that I could be trying to hide the fact that it could be stolen, I dont know and deffdently wouldent buy it knowing that it was stolen, I also live by the same saying "what goes around comes around" but misinterpreting my questions then twisting them just to make me sound like a bad guy isnt were I wanted this to lead. Again thanks for the learning experince, Im just going to use the thing and even if it does end up being stolen I would be more than happy to give it back to the original owners as again I would put myself in there position. Thanks again
-Appatula
-Appatula
Gorankar
[H]F Junkie
- Joined
- Jul 19, 2000
- Messages
- 11,107
If you are worried about it being stolen you should not have bought it.. Now that you are attempting to hide the fact that it "may" be stolen, makes you a thief.. No two ways about it.. Call tech support or local police and find out if it stolen, they may know.. If it is not stolen, great, you did the right thing by making sure.. If it is.. Do the right thing, and turn it over..
Accepting stolen merchandise is a crime.. If you think I'm being direspectful, your right.. Your actions so far have earned none..
This thread should prolly be closed.. We are way outa spec on the forums rules imho..
Accepting stolen merchandise is a crime.. If you think I'm being direspectful, your right.. Your actions so far have earned none..
This thread should prolly be closed.. We are way outa spec on the forums rules imho..