search

alichtman / gardening-starter-pack

Literally a rootkit. (LKM for Linux Kernels 4.14+)
GNU General Public License v3.0
1 stars 0 forks source link

Add keylogger #1

Open alichtman opened 5 years ago

alichtman commented 5 years ago

Implementation

  1. Register keyboard interrupt handler
  2. Read keystrokes to a buffer as they come in
  3. When the buffer is full, write the keystrokes to a file

Make sure logfile is hidden by rootkit.

alichtman commented 5 years ago

Examples

  1. https://github.com/jarun/keysniffer
  2. https://github.com/bones-codes/the_colonel/blob/master/lkm/col_kl.c
  3. stealthy-Keylogger-lkm: WARN: Potentially outdated.

Tutorials

  1. https://web.archive.org/web/20150901153216/http://www.gadgetweb.de/programming/39-how-to-building-your-own-kernel-space-keylogger.html
  2. http://r00tkit.me/?p=79

Approach

I think the best approach to this is adding another "observer" to the keyboard and whenever a key is pressed, the kernel will notify all listed observers of the keyboard device. Then, all we have to do is convert the keycode to a human readable letter/key combo and log it somewhere. This is essentially the keysniffer approach.

alichtman commented 5 years ago

On timer, send files to some remote server.