Linux Key Logger
Sep 22nd, 2009 by Adam
Recently I decided to write a key logger for Linux, both as an exercise, and because I couldn’t seem to find a good one out there. I wrote up a quick (and simple) key logger that will listen for keys based on the event input chain that Linux uses, and then echo them to stdout. This allows you to send the key presses over a network, save them to file, or do almost anything else you can think of. This code will auto-detect the keyboard if possible, or the keyboard device can be listed on the command line.
Download: keylogger.tar.gz
Installation is simple:
tar xvf keylogger.tar.gz cd keylogger make sudo make install
Documentation:
Look at keylogger’s man page: man keylogger
My code was based off of uberkey, and a few other key loggers available on the net.
Note: There may occasionally be discrepancies between the documentation for the program (man keylogger), and the program itself. If this happens, then the documentation will normally be updated within a day or two.
Did I mention that this makes an excellent code base for sci-fi like sound effects on key presses? That was an excellent evening
I’d been looking for something like this, so I followed your instructions to see how’d it go. Turns out, not so well:
# keylogger
*** buffer overflow detected ***: keylogger terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0×50)[0xb7f52300]
/lib/libc.so.6(+0xe135a)[0xb7f5035a]
keylogger[0x8048812]
keylogger[0x8048bdd]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb7e85bb6]
keylogger[0x80486e1]
======= Memory map: ========
08048000-0804a000 r-xp 00000000 08:03 25155 /usr/sbin/keylogger
0804a000-0804b000 r–p 00001000 08:03 25155 /usr/sbin/keylogger
0804b000-0804c000 rw-p 00002000 08:03 25155 /usr/sbin/keylogger
09728000-09749000 rw-p 00000000 00:00 0 [heap]
b7e4f000-b7e6c000 r-xp 00000000 08:03 930147 /usr/lib/gcc/i686-pc-linux-gnu/4.4.2/libgcc_s.so.1
b7e6c000-b7e6d000 r–p 0001c000 08:03 930147 /usr/lib/gcc/i686-pc-linux-gnu/4.4.2/libgcc_s.so.1
b7e6d000-b7e6e000 rw-p 0001d000 08:03 930147 /usr/lib/gcc/i686-pc-linux-gnu/4.4.2/libgcc_s.so.1
b7e6e000-b7e6f000 rw-p 00000000 00:00 0
b7e6f000-b7fae000 r-xp 00000000 08:03 1271604 /lib/libc-2.11.so
b7fae000-b7faf000 —p 0013f000 08:03 1271604 /lib/libc-2.11.so
b7faf000-b7fb1000 r–p 0013f000 08:03 1271604 /lib/libc-2.11.so
b7fb1000-b7fb2000 rw-p 00141000 08:03 1271604 /lib/libc-2.11.so
b7fb2000-b7fb5000 rw-p 00000000 00:00 0
b7fdd000-b7fde000 rw-p 00000000 00:00 0
b7fde000-b7fdf000 r-xp 00000000 00:00 0 [vdso]
b7fdf000-b7ffb000 r-xp 00000000 08:03 1271949 /lib/ld-2.11.so
b7ffb000-b7ffc000 r–p 0001b000 08:03 1271949 /lib/ld-2.11.so
b7ffc000-b7ffd000 rw-p 0001c000 08:03 1271949 /lib/ld-2.11.so
bfe68000-bfe7e000 rw-p 00000000 00:00 0 [stack]
Aborted
I was trying to write something like this in python, but I’m afraid that I had no idea where to start. I hope you can tell me what broke
Hey Daniel,
Sorry about that – can you compile it with the -ggdb tag and show me the output when it crashes?
Adam
Ok – the code had some old bugs in it – should be all better now. Enjoy!
Adam
Hey thanks! I’ll have to try it out later this week.
I’m sure that i will come back to your website soon. Keep us posting interesting articles