LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-14-2006, 09:17 PM   #1
roclok
LQ Newbie
 
Registered: Jun 2006
Posts: 16

Rep: Reputation: 0
Linux keylogger


Is there any way that I can write a script that runs all the time, every time i start computer that will log ever keystroke? If so how do I do this, or must I download a program.
 
Old 06-14-2006, 10:57 PM   #2
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
It seems to against the principle of the forum to talk about cracking stuff. You can google by yourself.
 
Old 06-15-2006, 12:32 PM   #3
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
Cool Key logs

Keylogging is very simple. It's all there in the kernel. You need to use module evbug (or evdev). If you modprobe evbug and do a dmesg you'll see something like this
Code:
[4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 0
[4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 4, Code: 4, Value: 200
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 1
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 4, Code: 4, Value: 200
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 0
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
All you need to do now is interpret the Codes, Values and Types to produce a readable output, something like
Time: 'key pressed on which device'. This means you need to build a program in Python or whatever. You also need access to the logs (/var/log/).
BTW in my example I typed 'a Space b Space c Space' and so on.

EDIT: Correct me if I'm wrong.

Last edited by Worksman; 06-15-2006 at 12:36 PM.
 
Old 06-15-2006, 01:12 PM   #4
roclok
LQ Newbie
 
Registered: Jun 2006
Posts: 16

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by fedora4002
It seems to against the principle of the forum to talk about cracking stuff. You can google by yourself.

You must have misunderstood me. I didn't want to crack anything. I wanted to be able to see everything that was typed on my computer. every keystroke. and I said "or use a program" to do this?

I dont understand how to program yet. so I will need some help Worksman
 
Old 06-15-2006, 02:41 PM   #5
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
I'm sorry I can't help you further. I don't program yet.
I only know Pascal ^_^. Python soon, C, C++ later.
You could start by googling for evdev and evbug + logging and reading the Documentation (/usr/src/linux/Documentation/).
Good luck.
 
Old 06-15-2006, 03:24 PM   #6
cpbills
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware and/or debian
Posts: 5

Rep: Reputation: 0
this might be something i'd be interested in working on...

if i get anything done, roclok, it'll be a perl script to attach to whatever logfile evdev logs to...

i can see the uses for this, in a non-cracker facility...

for example, my ex isn't quite trustworthy, and i still let her in my apartment, etc...

it'd be interesting to see if she was snooping around on my computers while i'm away...
 
Old 06-15-2006, 03:34 PM   #7
cpbills
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware and/or debian
Posts: 5

Rep: Reputation: 0
well, evbug doesn't seem to be the most efficient way to do this...

the first code it records is the key you press, then the next line is whether that was up or down...

so you have to catch the code and then read the next line to see if it was a down code, etc... kind of irritating...

but, doable... *shrug*
 
Old 06-15-2006, 03:35 PM   #8
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
evbug logs in the syslogs - /var/log/{messages,dmesg,'and others depending on syslog configuration'}

Not irritating, you just make your app do the right stuff.
There may sure be other ways... it all has to do with the kernel and the driver used for the peripheral. I don't know about evdev which IIRC creates a character device in /dev/input/event. But I you are to think this logically a better way is to read the keyboard like the rest of the system does... I'm not an expert in linux but that's what I think about this keylogging matter and I'm sure there are places on the net where you could read about it but I'm not really interested in it right now.

Last edited by Worksman; 06-15-2006 at 03:41 PM.
 
Old 06-15-2006, 03:49 PM   #9
cpbills
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware and/or debian
Posts: 5

Rep: Reputation: 0
i think (and this is what i'm working on, until ADHD kicks in...) that the best approach might be to make a modified module, using the evbug code...

this way you can control where the output is logged, and perhaps join the keycode with the event type, to make parsing easier.

we'll see where that goes, but afaic, logging to /var/log/debug (in my case) is extraneous, and would be better to log to /var/log/keylog or something similar.

edit: ah, didn't read the bit about /dev/input/event[?] ... i'll look into that, seems to create (again, in my case) /dev/input/event1 ... likely some way to easily read from the device, rather than a log...

Last edited by cpbills; 06-15-2006 at 03:52 PM.
 
Old 06-15-2006, 04:11 PM   #10
roclok
LQ Newbie
 
Registered: Jun 2006
Posts: 16

Original Poster
Rep: Reputation: 0
ok cpbills, let me know if you come up with anything. rcastoro@tampabay.rr.com I'm learning C++ so If I come up with anything Ill also let you know, as I have a fiancee thats not quite trustworthy yet,... lol THANKS!
 
Old 06-15-2006, 05:03 PM   #11
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
Are we all learning some language here? :-? Hey... let's get togheter somewhere! :-P Make this a common project. But I'm more into XHTML right now... http://brokenthorn.xmgfree.com/ | http://brokenthorn.xmgfree.com/music.html | http://brokenthorn.xmgfree.com/jokes.html
 
Old 06-15-2006, 08:07 PM   #12
roclok
LQ Newbie
 
Registered: Jun 2006
Posts: 16

Original Poster
Rep: Reputation: 0
XHTML Huh? Thats a great web-based language. I learned PHP a while back... Never got TOO far in it, just could do Common things like multidirectional loops and if's and all that bs. Learning C++ ON page 10 THis seems challenging..... (challenge = fun!!)

I would like to see keylogger made for many purposes other then just suspicious people looking to see if their partner is cyber-sexing it up with some perverted 80 year old in Quatamla. One reason, to recap everything that YOU did, and any mistake you could have possibly made. Maybe it would have a Find and Find Next option in it.
 
Old 06-15-2006, 08:14 PM   #13
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
I got past page 10 on C++. I stoped at 80 or so. Btw what resources do you learn from? This thread is not the place to talk about this but maybe we could start a new one in the right place and move all this there. I'd really love to talk to other C learners so that we could exchange ideeas, P'sOV and so on. I'll be back on C soon. I'm currently using the Anjuta IDE for C/C++ and DevHelp.
 
Old 06-15-2006, 09:09 PM   #14
NetBlaster
LQ Newbie
 
Registered: Aug 2005
Location: Nottingham UK
Distribution: openSuSE Factory BETA
Posts: 11

Rep: Reputation: 0
hi there, i learnt C, but then im kind of still learning now though, im gonna take a step to C++ when i fond a decent book to learn from, and some reasonable resources, then eventually il take a look at python or perl, wanna talk about summat, just ask!
 
Old 06-15-2006, 10:45 PM   #15
j13ett5
LQ Newbie
 
Registered: Nov 2005
Distribution: debian
Posts: 13

Rep: Reputation: 1
/dev/input/event0 seems to be the device to read.

as root the command:

od -tx1 /dev/input/dev0

will give a hex dump in real-time.
every up/down produces 16 bytes of data.
no doubt the details of it are in the kernel documentation somewhere.

It looks to be a good project to learn C or familiarise youself with
a linux based pascal compiler. (eg FPC )
 
  


Reply

Tags
keylogger


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
keylogger? |2ainman Linux - Security 4 08-21-2013 03:48 AM
anti keylogger lini Linux - Security 4 01-07-2006 05:56 AM
keylogger in java? Laptop2250 Programming 2 01-08-2005 05:27 PM
help with lkl keylogger br0k3n Linux - Software 0 07-22-2004 04:55 PM


All times are GMT -5. The time now is 11:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration