Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Well, it looks like other attempts have been posted in this thread, so ok, here it is, my awesome keylogger !
Actually I wanted a good keylogger, but couldn't find any, so I decided to write one, and so I did, with some code from another project.
Benefits of this keylogger: Works with USB keyboards ! (tested with 2 different keyboards) Uses no noticeable CPU time ! (this cannot be said for any other Linux keylogger that I have tried, and was a must for me, most of them use 100% CPU time) Is minimalistic (3 includes, 2 ints, 1 file, 0 libs, 21 lines of effective code) ! (I like minimalistic)
There are two parts to the keylogger, the keylogger, and the decoder.
so probably the license is their license (really I only change a few things to make this into a keylogger):
Code:
Copyright (c) 2006 Purkka Productions
Toni Spets <toni.spets@gmail.com>
Markus Lindqvist <markus.lindqvist@gmail.com>
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Although there are two entries for my keyboard here, the one for event9 works, so you would run the program like follows:
Code:
keylogger /dev/input/event9
and it will log everything typed on the keyboard as numbers to /var/log/keylog. Now, there is a catch in that it writes to this file every 5 keystrokes (average length of English word), but you can change that if you want, it has to do this because the user may shutdown the computer (or the computer may crash) and we wouldn't know when. Of course, you can redesign it to write to the file at shutdown.
Now, it writes only numbers so you need a program that interprets the log. So you would write something like:
This I release under GPLv2, because I wrote it alone.
The decoder:
PHP Code:
#include <stdio.h> #include <stdlib.h>
int main (void) { FILE * infile; FILE * outfile; int num;
// open infile for reading text infile = fopen ( "keylog" , "r" ); if ( infile == NULL ) { fputs ("ERROR: failed to open input file 'keylog' !",stderr); exit (1); }
// open outfile for writing text outfile = fopen ( "keylogout" , "w" ); if ( outfile == NULL ) { fputs ("ERROR: failed to open output file 'keylogout' !",stderr); exit (1); }
// parse infile while (fscanf(infile, "%d", &num) != EOF) { switch (num) { case 2: fprintf(outfile, "1"); break; case 3: fprintf(outfile, "2"); break; case 4: fprintf(outfile, "3"); break; case 5: fprintf(outfile, "4"); break; case 6: fprintf(outfile, "5"); break; case 7: fprintf(outfile, "6"); break; case 8: fprintf(outfile, "7"); break; case 9: fprintf(outfile, "8"); break; case 10: fprintf(outfile, "9"); break; case 11: fprintf(outfile, "0"); break; case 12: fprintf(outfile, "["); break; case 13: fprintf(outfile, "]"); break; case 14: fprintf(outfile, "B"); break; case 15: fprintf(outfile, " "); break; case 16: fprintf(outfile, "'"); break; case 17: fprintf(outfile, ","); break; case 18: fprintf(outfile, "."); break; case 19: fprintf(outfile, "p"); break; case 20: fprintf(outfile, "y"); break; case 21: fprintf(outfile, "f"); break; case 22: fprintf(outfile, "g"); break; case 23: fprintf(outfile, "c"); break; case 24: fprintf(outfile, "r"); break; case 25: fprintf(outfile, "l"); break; case 26: fprintf(outfile, "/"); break; case 27: fprintf(outfile, "="); break; case 43: fprintf(outfile, "|"); break; case 58: fprintf(outfile, "L"); break; case 30: fprintf(outfile, "a"); break; case 31: fprintf(outfile, "o"); break; case 32: fprintf(outfile, "e"); break; case 33: fprintf(outfile, "u"); break; case 34: fprintf(outfile, "i"); break; case 35: fprintf(outfile, "d"); break; case 36: fprintf(outfile, "h"); break; case 37: fprintf(outfile, "t"); break; case 38: fprintf(outfile, "n"); break; case 39: fprintf(outfile, "s"); break; case 40: fprintf(outfile, "-"); break; case 42: fprintf(outfile, "S"); break; case 44: fprintf(outfile, ";"); break; case 45: fprintf(outfile, "q"); break; case 46: fprintf(outfile, "j"); break; case 47: fprintf(outfile, "k"); break; case 48: fprintf(outfile, "x"); break; case 49: fprintf(outfile, "b"); break; case 50: fprintf(outfile, "m"); break; case 51: fprintf(outfile, "w"); break; case 52: fprintf(outfile, "v"); break; case 53: fprintf(outfile, "z"); break; case 54: fprintf(outfile, "S"); break; case 29: fprintf(outfile, "C"); break; case 57: fprintf(outfile, " "); break; case 28: fprintf(outfile, "\n"); break; case 69: fprintf(outfile, "N"); break; case 98: fprintf(outfile, "/"); break; case 55: fprintf(outfile, "*"); break; case 74: fprintf(outfile, "-"); break; case 71: fprintf(outfile, "7"); break; case 72: fprintf(outfile, "8"); break; case 73: fprintf(outfile, "9"); break; case 78: fprintf(outfile, "+"); break; case 75: fprintf(outfile, "4"); break; case 76: fprintf(outfile, "5"); break; case 77: fprintf(outfile, "6"); break; case 79: fprintf(outfile, "1"); break; case 80: fprintf(outfile, "2"); break; case 81: fprintf(outfile, "3"); break; case 82: fprintf(outfile, "0"); break; case 83: fprintf(outfile, "."); break; case 96: fprintf(outfile, "\n"); break; case 105: fprintf(outfile, "<"); break; case 106: fprintf(outfile, ">"); break; case 103: fprintf(outfile, "^"); break; case 108: fprintf(outfile, "!"); break; } }
// close files fclose (infile); fclose (outfile);
return 0;
This parses it properly ONLY for the dvorak keyboard layout, you'll have to change the numbers for qwerty or whatever layout you use. It also reads the log file from the current directory, if you want you can change keylog to /var/log/keylog to read from there directly.
That's it. Anyway, don't use this for spying on people. Keyloggers are legal, but spying on people is not, unless of course you work for the gubmint ...
Last edited by H_TeXMeX_H; 02-09-2012 at 03:23 AM.
is this "logkey" from a trusted repo? what is the repo? i don't find logkey in the ones i use.
things have changed: logkeys is new. :P
it isn't in repositories yet as it is still in (public) alpha stage. you can, however, download logkeys source and follow the instructions in the README file. the usual `./configure && make && make install` should work, i believe.
logkeys is trusted, the functionallity of emailing logs/POSTing to remote server is in the works, the source is available to be examined.
note, none of these keyloggers work with USB yet. why not is really beyond my level of understanding.
regardless of the next few posts, logkeys keylogger works with USB keyboards as well.
Quote:
Originally Posted by H_TeXMeX_H
Well, I recently wrote a rather nice keylogger
well, our implementations rely on the same event interface, only mine does steps 1, 2 and 3 automatically (and comparing the length of both sources i agree it definitely should ).
as you appear knowledgeable enough, sir, may i kindly ask that you try out my creation, especially with your dvorak-style keyboard? you may need to --export-keymap first and fix it in places, but that is expected, i guess.
could you please report back? thanks a ton!
Last edited by kernc; 03-03-2010 at 01:06 AM.
Reason: USB keyboards info update
You say that none of the keyloggers work with USB yet, well, I have a USB keyboard and I tried my keylogger on another computer with a different USB keyboard and it works fine on both. So I'd say mine works with USB.
EDIT:
I have tried logkeys as you suggested, but it really doesn't seem to work with my keyboard. It just doesn't output any log file no matter what. Maybe it really doesn't support USB as you said.
Last edited by H_TeXMeX_H; 01-08-2010 at 09:24 AM.
I do notice that you are using a similar method to the one use by ventriloctrl and by thus my keylogger here. So here is my theory on why it does not work for you. While I was writing this keylogger I wanted to make a program like the one you wrote that not only caught these key press events (numbers) but also dynamically converted them to letters and outputted them directly to a file. I realize quickly that this was not going to work, my keylogger behaved exactly like yours when I tried this, it wouldn't output anything. I have a feeling that this is because while reading the input event, these events appear and disappear too quickly to be processed by the program. Maybe this can be solved by some type of buffer ? Not sure. But either way, every time I tried to do too much processing before reading the next key event it would not longer work. So what I thought would be a good solution is to just dump all the key press events to a file and convert these later to letters, so this is what I did.
I have tried logkeys as you suggested, but it really doesn't seem to work with my keyboard. It just doesn't output any log file no matter what.
Wait... WHAT?
It doesn't even produce a logfile with the 'Logging started...' header line?
In that case, can you please confirm that the following code works for you?
I love the paranoia that happens every time someone mentions they want to capture keystrokes. ;-)
Aside from "to see if I can", there is certainly very valid reasons to do so. I believe someone earlier posted that they wanted to capture keystrokes and disallow those keys from touching a media player unless they were acceptable. That's the premiss that I'm working from.
Rather than logging or writing keystrokes to file (that's irrelevant in this context), the software will simply observe the keyboard and wait for certain keys to be pressed. When the keys are pressed, the software will then perform certain actions in preparation for the keystrokes to occur again. Like the media player example, the software needs to sniff the keyboard buffer and not grab and drop keystrokes since the software can't run in the foreground and the keystrokes are important to the applications that are in the foreground so the keystrokes must remain in the buffer.
I've tried modifying uberkey and it was working great in tests, until I moved it to its final platform which only has USB keyboard capability. I'm very happy to have found this thread, although it wasn't easy.
I'll try to use the two competing products above "as is", but have a sneaky suspicion I'll have to use some combination of the two or three (including uberkey). If either of you, texmex and kernc are interested and watching the thread, I'd be happy to discuss what I'm trying to accomplish and maybe we can share some code and ideas.
In the mean time, I'll report any results and observations that I get through the process as I can.
... the software will simply observe the keyboard and wait for certain keys to be pressed ... not grab and drop keystrokes since the software can't run in the foreground ...
using event subsystem and parsing keypresses from /dev/input/eventX will do just that, provided your X doesn't exclusively grab your keyboard device first. if logkeys works on your final platform, this method is I believe the easiest that will work for you.
using event subsystem and parsing keypresses from /dev/input/eventX will do just that, provided your X doesn't exclusively grab your keyboard device first. if logkeys works on your final platform, this method is I believe the easiest that will work for you.
It was quite interesting to see both the onboard keyboard of the laptop I'm testing on and the USB keyboard both throwing characters to stdout, yet having different buffers.
The appliance that this will be running on has a USB keyboard controller on it and I'm hoping that each appliance will be using the same /dev/input/eventX so that a simple drive mirror will allow the key capture to work, hardcoded, on each appliance.
Otherwise, do you or anyone know of a function that would grab the event id of a keyboard? A second keyboard would be placed on the system when maintenance is happening. This second keyboard wouldn't have to provide the same functionality, although it would be interesting and maybe even nice to be given that option.
do you or anyone know of a function that would grab the event id of a keyboard?
logkeys extracts the id from /proc/bus/input/devices with a simple shell script using grep.
this method should work, assuming listed devices are ordered by id.
I love the paranoia that happens every time someone mentions they want to capture keystrokes. ;-)
i agree. the first ten times i asked on forums and chat groups about a keylogger, i met a volley of "why do you need one?" or "get rid of the person making the keystrokes," etc. Getting rid of the problem, rather than fixing it is the usual response i get.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.