5.b Keylogger

From Inforail
Jump to: navigation, search

Keywords

Privacy, keylogger, identity theft, audit, hooks

Objectives

  • Understand the architecture of your OS of choice and figure out how a keylogger can be implemented on a specific platform.
  • Write a simple keylogger that will capture the user's keystrokes and display them on the screen or write them to a file.


Requirements

No special requirements are given, the scope of the task is defined in the Objectives section.


Notes
  • If you have an antivirus/antispyware/antiwhatever program running on your system, it may prevent your application from working properly because it will interpret its actions as a threat. Make sure your application is whitelisted, or your security software is temporarily disabled.

Implementation hints

Here are some key-points that will help you get started (they apply to Windows).

  • Familiarize yourself with the messages Windows sends to each window whenever something happens (ex: WM_CREATE, WM_DESTROY, etc)
  • Figure out which messages are the ones you are interested in
  • Write a function that processes those messages; the information about the key-strokes is provided in wParam or lParam (passed to you with each message)

So far you are able to process keystrokes that are sent to your own window, which is not yet exciting, but is a first step towards achieving the objective.

  • Use hooks to receive a notification each time an event occurs within the system
  • Use the function SetWindowsHookEx to tell Windows which of your functions to call whenever a keyboard-related event occurs; the message will be sent not only to its "natural" target window, but to your window as well
  • Handle that notification as you see fit
  •  ???
  • PROFIT!


Grading policy

Assuming that everything is correct,

  • 8 - for capturing a keystroke;
  • 9 - for capturing "special" buttons such as {"Enter", "PageUp", "Esc", ...}
  • 10 - for extending the program with either of these:
    • take a screenshot at regular time intervals
    • capture the text that was written to a window with the paste operation
    • reveal the text behind asterisks


Self-test questions and assignments

Use these questions to independently evaluate your knowledge. The better you understand how to answer them, the smoother your interview with the devil will go.

  • What are the practical applications of a keylogger?
  • What are the limitations of your keylogger? (ex: can it capture all keystrokes? If not, which ones will be missed?)
  • What kinds of keyloggers are there? Compare their feature set and understand the difference between them.
  • Devise a list of tips that people should follow to minimize the chance of getting their keystrokes logged.
  • Your keylogger is running on a host with a guest system inside a virtual machine. Will your keylogger be able to capture keystrokes typed inside the guest OS? Why?
  • Ying-yang:
    • Devise a list of tips that people can follow to determine whether their system is "infected" with e keylogger or not.
    • Devise a list of hints for keylogger creators and explain what they need to do to make sure their keylogger remains undetected.
  • Can your program capture keys typed via an on-screen keyboard? Why?
  • How would your keylogger have to be modified to be usable on another operating system?


References

Retrieved from "https://info.railean.net/index.php?title=5.b_Keylogger&oldid=5"