VUWER Data Files and Geolocation Information

 

VUWER screen capture and camera image files are created in JPEG format with names containing vuwersc and vuweris respectively.  The IP address data files are text files with names containing vuwerip.  For Installation Option 1, the data files are sent as email attachments with a timestamp in the message body.  For Installation Option 2, you must log in to the remote account to view the files, and for Installation Option 3, you must login into the VUWER Dropbox account.   In these cases, each filename will include a timestamp.  The vuweris- and vuwersc- JPEG images can be opened using any standard graphic viewer, e.g. Preview in OS X.

 

If the camera is in use by another application (e.g. Skype), or no camera or webcam is connected to the computer, the camera image capture will fail, and VUWER will not send an image.  Also, if the screen shuts down due to the computerŐs Energy Saver settings, the screen capture may also fail, and VUWER will not send a screen image, or it may re-send a previously stored image.  Normal image capture will resume as soon as the camera is again available, or the thief starts using the computer again, reactivating the screen.

 

The vuwerip- files can be opened in any text editor, and will have a format similar to the example below.  The first line shows the VUWER version number, followed by the hardware and software profiles for the computer.  (Note that the serial number of the computer is very useful for a police report.)  The next section shows the external IP address, i.e. the IP address that a web server sees when the laptop connects to it, and the geolocation data (e.g. city, state, latitude, longitude) associated with that IP address provided by IPInfoDB.com.  In many cases, a Ňreverse DNSÓ search of this IP address can also be performed to determine the Internet service providerŐs host name.

 

The next five lines show the first five network links (via traceroute) from the computer to the Internet.  If the computer has an active Airport card, information about the wireless network (e.g. Jones Airport) that the computer is connected to, and any other nearby networks (e.g. smith house) that the laptopŐs Airport card has detected, is included in the next two sections.

 

If the laptop has a wireless Internet connection, the final portion of the file shows the geolocation data provided by the Google Maps WiFi database, based on the MAC addresses and signal strengths of the routers detected by the computer.  In general, Google geolocation is much more accurate than the IP address geolocation information provided by IPInfoDB.com, and can often pinpoint the laptopŐs location within a radius of one hundred meters or less, provided the routers are listed in the database.  (Geolocation accuracy in North America and Europe is generally excellent.)  If the database does not contain valid data for nearby routers, Google may provide the best estimate of the computerŐs location based on the IP address, which is generally equivalent in accuracy to the estimate provided by the IPinfoDB.com database.  The very last lines of the file show two URLs that can be copied into any web browser, and will generate a Google map of the computerŐs location according to the Google WiFi database.

 

With luck, the combined information in this file should be sufficient to enable you and/or the police to determine the physical location of the laptop.  Note that in the USA, a search warrant is typically required to legally compel an Internet service provider (ISP) to provide the exact street address corresponding to a particular IP address.  You should also keep in mind that the thief may be connecting to the Internet through a neighborŐs wireless network instead of his own, so donŐt jump to any conclusions about the location of your missing computer.

 

VUWER version: 1.7.2

 

Hardware:

 

    Hardware Overview:

 

      Model Name: MacBook

      Model Identifier: MacBook2,1

      Processor Name: Intel Core 2 Duo

      Processor Speed: 2 GHz

      Number of Processors: 1

      Total Number of Cores: 2

      L2 Cache: 4 MB

      Memory: 2 GB

      Bus Speed: 667 MHz

      Boot ROM Version: MB21.00A5.B07

      SMC Version (system): 1.13f3

      Serial Number (system): WGL12345678

      Hardware UUID: 00000000-0000-1000-8000-001DF2D58340

      Sudden Motion Sensor:

          State: Enabled

 

Software:

 

    System Software Overview:

 

      System Version: OS X 10.9.3 (13D65)

      Kernel Version: Darwin 13.2.0

      Boot Volume: Minerva HD

      Boot Mode: Normal

      Computer Name: Minerva

      User Name: Tim Holman (timholman)

      Secure Virtual Memory: Enabled

      Time since boot: 5 days 23:40

 

 

External IP information:

<?xml version="1.0" encoding="UTF-8"?>

<Response>

      <statusCode>OK</statusCode>

      <statusMessage></statusMessage>

      <ipAddress>129.59.70.42</ipAddress>

      <countryCode>US</countryCode>

      <countryName>UNITED STATES</countryName>

      <regionName>TENNESSEE</regionName>

      <cityName>NASHVILLE</cityName>

      <zipCode>37203</zipCode>

      <latitude>36.1553</latitude>

      <longitude>-86.7891</longitude>

      <timeZone>-05:00</timeZone>

</Response>

 

1  10.0.1.1 (10.0.1.1)  11.500 ms  0.857 ms  0.748 ms

2  * * *

3  ge-1-2-ur01.blairblvd.tn.nash.comcast.net (68.86.150.29)  351.995 ms  265.977 ms  13.728 ms

4  te-9-2-ur02.blairblvd.tn.nash.comcast.net (68.86.148.41)  14.330 ms  9.139 ms *

5  te-8-2-ar01.nashville.tn.nash.comcast.net (68.86.148.9)  9.089 ms  9.846 ms  9.735 ms

 

     agrCtlRSSI: -46

     agrExtRSSI: 0

    agrCtlNoise: -96

    agrExtNoise: 0

          state: running

        op mode: station

     lastTxRate: 54

        maxRate: 54

lastAssocStatus: 0

    802.11 auth: open

      link auth: wpa2-psk

          BSSID: 0:7:a2:a1:e5:1c

           SSID: Jones Airport

            MCS: -1

        channel: 3

 

          SSID BSSID             RSSI CHANNEL SECURITY (auth/unicast/group)

 Jones Airport 00:07:a2:a1:e5:1c -46  3       WPA(PSK/TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)

   smith house 00:2d:4f:c9:81:a4 -63  6       WPA(PSK/TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)

 

Geolocation data for Tim_s_Laptop:

Latitude (degrees): 36.1369532

Longitude (degrees): -86.7868922

Accuracy (meters): 38.0

 

Closest address to these coordinates:

1420 Alpine Avenue, Nashville, TN 37211, USA

 

http://maps.google.com/maps?q=36.1369532,-86.7868922+(Tim_s_Laptop location within an accuracy of 38.0 meters.)

 

http://www.freemaptools.com/radius-around-point.htm?clat=36.1369532&clng=-86.7868922&r=0.038&lc=FFFFFF&lw=1&fc=00FF00&fs=true

 

 

An example of a vuwerip-*.txt file.

 

 

á      Some Comments on VUWER Geolocation

 

In 2011 Apple introduced iCloud, which provides wireless geolocation to Apple computers running OS 10.7 (Lion) or later.  VUWER provides a similar capability, but it operates independently of iCloudŐs Find My Mac service.  As shown above, VUWER provides additional information about IP addresses and wireless network names that iCloud does not.  Furthermore, VUWER does not require an Apple ID account in order to function.

 

You should always keep in mind that the geolocation techniques used by VUWER have inherent limitations.  For the USA, the geolocation data based on an IP address query through IPInfoDB.com is currently about 80% accurate within a radius of 25 miles.  For other parts of the world, the accuracy may be even worse.  (However, the database is updated monthly, and accuracy may improve over time.)

 

The Google Maps wireless geolocation database is much more accurate, but it also has limitations.  Typically, it only pinpoints location within a radius of several tens of meters, which may overlap several different homes in a densely populated area.  Second, the database can generate spurious results due to the fact that people living in the U.S., Europe, Australia, etc., tend to be quite mobile.

 

For example, assume you buy and install a wireless router while living in the city of Smithville.  A few weeks later, Google does a survey of your neighborhood, and adds the MAC address of your router to their database, along with the latitude and longitude of the router at the time of the survey.

 

Six months later, you move 400 miles north to the small town of Jonesburg, and take your router with you.  Now assume that your router and a neighborŐs router are the only wireless access points on your street.  A Google database query of the two routers will tell you that your computer is located halfway between your router and your neighborŐs router – in other words, about 200 miles to the south!  These spurious events are most likely in small towns and rural areas, where relatively few wireless networks may be available for triangulation.  Eventually, Google will perform another survey of your new neighborhood, and correct its database entry for your router.

 

Finally, keep in mind that geolocation alone will rarely be sufficient for finding your stolen computer.  The most useful data will probably be the information you get from the VUWER camera images and screenshots, e.g. the name, address, and photograph of the thief, if you are lucky!

 

Main