kernel-based keylogger for Linux

nimaarek · #1 10-15-2017, 06:32

A simplex kernel-based keylogger written for fun, not evil.

Functionality
The keylogger can do the following:
- Hide from loadable kernel modules list
- Protect against being unloaded by the user
- Unhide itself

Supported Platforms
The keylogger was tested to work on Linux kernels 4.8.0-52 and 4.10 TLS as provided by Ubuntu in Ubuntu 16.04 LTS and Ubuntu 16.10 respectively, but it should be very easy to port to kernels in-between, as well as newer ones.

Setting Up Environment
Install a compiler, Linux headers and all other things required for us to build the keylogger:

Code:

apt-get update
apt-get install build-essential

Build

Code:

make

Use
To install the keylogger module:

Code:

sudo insmod AKeylogger.ko

Test whether the module is loaded:

Code:

lsmod | grep "AKeylogger"

Code:

dmesg

Test whether the logging is happening:

Code:

cat /proc/AKeylog

The log file will show the keystrokes logged after the module has been loaded.

To uninstall the keylogger module:

Code:

sudo rmmod AKeylogger

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Systrack - Linux kernel syscall implementation tracker	blue_devil	Community Tools	0	03-21-2024 15:06
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code	sh3dow	Source Code	0	05-12-2016 03:15
IDA remote debug Linux Kernel	Sergey Nameless	General Discussion	3	04-03-2012 04:12

The Following 2 Users Say Thank You to nimaarek For This Useful Post:
niculaita (10-15-2017), sh3dow (10-27-2017)