Monday, January 2, 2012

Key logger (Kernel space)

I am done with the development of a new Linux key logger (Kernel Space)..

Simply its a Linux kernel module that sniffs key strokes and saves it in an in-memory buffer, and then any user space can read it from /dev/klg virtual device node.

You can download the source code and try it yourself from sourceforge.

Here is the video demo for it..



i will supply a link to download another user-space one soon :)

Posted by at

11 comments:

  1. Gamal ShabanJanuary 3, 2012 at 9:32 AM

    good job se7s.

    ReplyDelete
  2. MostafaJanuary 4, 2012 at 4:13 AM

    Great Se7so :)

    ReplyDelete
  3. AnonymousAugust 25, 2012 at 11:04 AM

    When I ran "make" command, I got following errors:

    ##################################################

    make -C /lib/modules/2.6.18-194.3.1.el5PAE/build M=/tmp/.tmp/key-logger modules
    make[1]: Entering directory `/usr/src/kernels/2.6.18-194.3.1.el5-PAE-i686'
    CC [M] /tmp/.tmp/key-logger/klogger.o
    /tmp/.tmp/key-logger/klogger.c: In function âklg_initâ:
    /tmp/.tmp/key-logger/klogger.c:17: error: implicit declaration of function âregister_keyboard_notifierâ
    /tmp/.tmp/key-logger/klogger.c: In function âklg_exitâ:
    /tmp/.tmp/key-logger/klogger.c:29: error: implicit declaration of function âunregister_keyboard_notifierâ
    /tmp/.tmp/key-logger/klogger.c: In function âklg_readâ:
    /tmp/.tmp/key-logger/klogger.c:47: warning: ISO C90 forbids mixed declarations and code
    /tmp/.tmp/key-logger/klogger.c:59: warning: ISO C90 forbids mixed declarations and code
    /tmp/.tmp/key-logger/klogger.c: In function âkbd_notifierâ:
    /tmp/.tmp/key-logger/klogger.c:74: error: âKBD_KEYCODEâ undeclared (first use in this function)
    /tmp/.tmp/key-logger/klogger.c:74: error: (Each undeclared identifier is reported only once
    /tmp/.tmp/key-logger/klogger.c:74: error: for each function it appears in.)
    /tmp/.tmp/key-logger/klogger.c:74: error: dereferencing pointer to incomplete type
    /tmp/.tmp/key-logger/klogger.c:75: error: dereferencing pointer to incomplete type
    /tmp/.tmp/key-logger/klogger.c:82: error: dereferencing pointer to incomplete type
    make[2]: *** [/tmp/.tmp/key-logger/klogger.o] Error 1
    make[1]: *** [_module_/tmp/.tmp/key-logger] Error 2
    make[1]: Leaving directory `/usr/src/kernels/2.6.18-194.3.1.el5-PAE-i686'
    make: *** [modules] Error 2

    ##############################################################

    ReplyDelete
    Replies
    1. se7soSeptember 6, 2012 at 12:30 PM

      You may need to update your kernel version, this version is tested and running on version 2.6.32

      Delete
    2. se7soMarch 2, 2013 at 11:10 PM

      you can't output to a file from kernel space, you can make a userspace process instead to read from the buffer..

      Delete
  4. UnknownMarch 2, 2013 at 5:25 PM

    Is there any chance to output to a file on disk instead?

    ReplyDelete
  5. SynFlagMay 23, 2014 at 10:28 AM

    Only works in graphic mode?, using virtual tty?. Because using real tty (ctrl+alt+f2) does not work

    Thanks

    ReplyDelete
    Replies
    1. testJune 12, 2014 at 7:20 PM

      yes,why for ssh and putty login,don't work~~

      Delete
  6. testJune 12, 2014 at 7:21 PM

    Why can not SSH remote login on the record it? Hope to resolve this problem ~thx

    ReplyDelete
  7. UnknownOctober 28, 2014 at 8:49 PM

    It doesnt captures the difference between caps and lowercase, it doesnt captures symbols and it doesnt captures numpad.

    ReplyDelete
    Replies
    1. se7soOctober 29, 2014 at 1:03 AM

      Yes, check the code I managed only to make a POC for the idea of capturing key strokes and If you checked out the code you can easily modify it to handle all what you said.

      Delete

Subscribe to: Post Comments (Atom)