search

BackupGGCode / logkeys

a GNU/Linux keylogger that works!
Other
0 stars 0 forks source link

logkeys is not logging any more #60

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi, all of the sudden logkeys stoped working and it's not loggin anymore.

The version used is 0.1.1a on Arch GNU/Linux distro, using kernel 2.6.39.2.

I strace-ed it and it seem that whenever logkeys tries to write to my output 
logfile it gets a "EBADF (Bad file descriptor)" error.

I'm attaching the output of strace and dumpkeys.

Original issue reported on code.google.com by n3tpr...@gmail.com on 3 Jul 2011 at 4:04

Attachments:

GoogleCodeExporter commented 9 years ago 
I have the same issue on the same distro and kernel. strace-ed and got the same 
every time I push a key it tries to write and get the bad file descriptor 
error. e.g

"write(1, "<LCtrl>", 7)                  = -1 EBADF (Bad file descriptor)"

Original comment by graegr...@gmail.com on 7 Jul 2011 at 12:51

GoogleCodeExporter commented 9 years ago 
Same distro aswell and same problem

Original comment by ouq...@gmail.com on 18 Jul 2011 at 11:46

GoogleCodeExporter commented 9 years ago 
Same problem, same distro:
[pid 10516] write(1, "Logging started ...\n\n2011-11-02 "..., 48) = -1 EBADF 
(Bad file descriptor)

Original comment by SanskritFritz on 2 Nov 2011 at 12:18

GoogleCodeExporter commented 9 years ago 
Same issue here on 3.1.1-1-ARCH, using logkeys version 0.1.1a.
Starting with:

write(1, "Logging started ...\n\n2011-11-24 "..., 48) = -1 EBADF (Bad file 
descriptor)

and on input events:

write(1, "<Tab>", 5)                    = -1 EBADF (Bad file descriptor)

Original comment by herman.t...@gmail.com on 24 Nov 2011 at 10:38

GoogleCodeExporter commented 9 years ago 
Same problem here
Distro : Slackware64-current
Logkeys version: 0.1.1a, svn r88. 
Output: 
# strace -f logkeys -s
...
...
open("/var/run/logkeys.pid", O_WRONLY|O_CREAT|O_EXCL, 0644) = 1
write(1, "4694", 4)                     = 4
close(1)                                = 0
stat("/var/log/logkeys.log", {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
open("/etc/localtime", O_RDONLY)        = 1
fstat(1, {st_mode=S_IFREG|0644, st_size=344, ...}) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=344, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7f5e16d1f000
read(1, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096) 
= 344
lseek(1, -200, SEEK_CUR)                = 144
read(1, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) 
= 200
lseek(1, 343, SEEK_SET)                 = 343
close(1)                                = 0
munmap(0x7f5e16d1f000, 4096)            = 0
write(1, "Logging started ...\n\n2011-11-27 "..., 48) = -1 EBADF (Bad file 
descriptor)
read(0,

Original comment by parc...@gmail.com on 27 Nov 2011 at 1:14

GoogleCodeExporter commented 9 years ago 
I can confirm this problem persists on ArchLinux 3.1.6-1 x86_64. Anybody find 
any solutions? This is the only working keylogger for Linux, yet it's broken :/

Original comment by i.nnikishi on 4 Jan 2012 at 7:29

GoogleCodeExporter commented 9 years ago 
Coming here from the arch mailing list - this problem was mentioned, and the 
attached patch, for src/logkeys.c, fixes it for me. logkeys does stunny fuff 
with stdout (stdout=freopen(..., "a", stdout) - changing it to just create a 
new file handle altogether makes the problem go away.

Original comment by bytbox@gmail.com on 4 Jan 2012 at 12:06

Attachments:

GoogleCodeExporter commented 9 years ago 
ok, fixed in repository now, I hope.
should I kindly attribute the fix to the Arch Linux community or an individual? 
:-)

Original comment by kernc...@gmail.com on 4 Jan 2012 at 6:49

GoogleCodeExporter commented 9 years ago 
Thanks, I can confirm that logkeys svn head is working now.
You may credit bytbox from the archlinux community ;)

Original comment by SanskritFritz on 4 Jan 2012 at 10:42

GoogleCodeExporter commented 9 years ago 
Can confirm it's working again on Arch! Now I can resume my work towards world 
domination..

Thanks

Original comment by herman.t...@gmail.com on 5 Jan 2012 at 12:16

GoogleCodeExporter commented 9 years ago 
Issue 84 has been merged into this issue.

Original comment by kernc...@gmail.com on 22 Feb 2012 at 4:18

GoogleCodeExporter commented 9 years ago 
This issue also occurs on Fedora 16 (kernel 3.1.2-1) with 0.1.1a.

The SVN version seems to work though.  I didn't test the older 0.1.0 version 
because it won't compile on my machine and it didn't seem worth the time.

Original comment by jwtut...@gmail.com on 17 Mar 2012 at 6:25

GoogleCodeExporter commented 9 years ago 
Anybody can help ? it's not working on my Fedora Core 9 too...what should I do ?

Original comment by aseps2...@gmail.com on 18 Nov 2012 at 4:15

GoogleCodeExporter commented 9 years ago 
Have you tried with the source code from the SVN?
http://code.google.com/p/logkeys/source/checkout

Original comment by kernc...@gmail.com on 18 Nov 2012 at 4:27

GoogleCodeExporter commented 9 years ago 
Hoi,

On Ubuntu 12.10 same problem. Found after spending some time on this that it 
had already been solved. :)
My solution is a bit easier:
just change the freopen to fopen: stdout = fopen(args.logfile, "a");
stdout is already closed when becoming a deamon. It works great!

Original comment by fr...@van-ginkel.net on 8 Dec 2012 at 5:07

GoogleCodeExporter commented 9 years ago 
I thought this issue was fixed? A fresh git checkout doesn't give me any output.

Original comment by Sindre.D...@gmail.com on 11 Dec 2013 at 5:31

GoogleCodeExporter commented 9 years ago 
Me neither. apt-get installation on Ubuntu 13.10

Original comment by david.po...@gmail.com on 14 Mar 2014 at 2:56

GoogleCodeExporter commented 9 years ago 
Was able to fix this issue by editing logkeys.cc as noted in post #15

Original comment by rquar...@gmail.com on 27 Feb 2015 at 1:35