Monday, January 2, 2012

Key logger (Kernel space)

I am done with the development of a new Linux key logger (Kernel Space)..

Simply its a Linux kernel module that sniffs key strokes and saves it in an in-memory buffer, and then any user space can read it from /dev/klg virtual device node.

You can download the source code and try it yourself from sourceforge.

Here is the video demo for it..



i will supply a link to download another user-space one soon :)

11 comments:

  1. When I ran "make" command, I got following errors:

    ##################################################

    make -C /lib/modules/2.6.18-194.3.1.el5PAE/build M=/tmp/.tmp/key-logger modules
    make[1]: Entering directory `/usr/src/kernels/2.6.18-194.3.1.el5-PAE-i686'
    CC [M] /tmp/.tmp/key-logger/klogger.o
    /tmp/.tmp/key-logger/klogger.c: In function âklg_initâ:
    /tmp/.tmp/key-logger/klogger.c:17: error: implicit declaration of function âregister_keyboard_notifierâ
    /tmp/.tmp/key-logger/klogger.c: In function âklg_exitâ:
    /tmp/.tmp/key-logger/klogger.c:29: error: implicit declaration of function âunregister_keyboard_notifierâ
    /tmp/.tmp/key-logger/klogger.c: In function âklg_readâ:
    /tmp/.tmp/key-logger/klogger.c:47: warning: ISO C90 forbids mixed declarations and code
    /tmp/.tmp/key-logger/klogger.c:59: warning: ISO C90 forbids mixed declarations and code
    /tmp/.tmp/key-logger/klogger.c: In function âkbd_notifierâ:
    /tmp/.tmp/key-logger/klogger.c:74: error: âKBD_KEYCODEâ undeclared (first use in this function)
    /tmp/.tmp/key-logger/klogger.c:74: error: (Each undeclared identifier is reported only once
    /tmp/.tmp/key-logger/klogger.c:74: error: for each function it appears in.)
    /tmp/.tmp/key-logger/klogger.c:74: error: dereferencing pointer to incomplete type
    /tmp/.tmp/key-logger/klogger.c:75: error: dereferencing pointer to incomplete type
    /tmp/.tmp/key-logger/klogger.c:82: error: dereferencing pointer to incomplete type
    make[2]: *** [/tmp/.tmp/key-logger/klogger.o] Error 1
    make[1]: *** [_module_/tmp/.tmp/key-logger] Error 2
    make[1]: Leaving directory `/usr/src/kernels/2.6.18-194.3.1.el5-PAE-i686'
    make: *** [modules] Error 2

    ##############################################################

    ReplyDelete
    Replies
    1. You may need to update your kernel version, this version is tested and running on version 2.6.32

      Delete
    2. you can't output to a file from kernel space, you can make a userspace process instead to read from the buffer..

      Delete
  2. Is there any chance to output to a file on disk instead?

    ReplyDelete
  3. Only works in graphic mode?, using virtual tty?. Because using real tty (ctrl+alt+f2) does not work

    Thanks

    ReplyDelete
    Replies
    1. yes,why for ssh and putty login,don't work~~

      Delete
  4. Why can not SSH remote login on the record it? Hope to resolve this problem ~thx

    ReplyDelete
  5. It doesnt captures the difference between caps and lowercase, it doesnt captures symbols and it doesnt captures numpad.

    ReplyDelete
    Replies
    1. Yes, check the code I managed only to make a POC for the idea of capturing key strokes and If you checked out the code you can easily modify it to handle all what you said.

      Delete