kernel-based keylogger for Linux

nimaarek · #1 10-15-2017, 06:32

A simplex kernel-based keylogger written for fun, not evil.

Functionality
The keylogger can do the following:
- Hide from loadable kernel modules list
- Protect against being unloaded by the user
- Unhide itself

Supported Platforms
The keylogger was tested to work on Linux kernels 4.8.0-52 and 4.10 TLS as provided by Ubuntu in Ubuntu 16.04 LTS and Ubuntu 16.10 respectively, but it should be very easy to port to kernels in-between, as well as newer ones.

Setting Up Environment
Install a compiler, Linux headers and all other things required for us to build the keylogger:

Code:

apt-get update
apt-get install build-essential

Build

Code:

make

Use
To install the keylogger module:

Code:

sudo insmod AKeylogger.ko

Test whether the module is loaded:

Code:

lsmod | grep "AKeylogger"

Code:

dmesg

Test whether the logging is happening:

Code:

cat /proc/AKeylog

The log file will show the keystrokes logged after the module has been loaded.

To uninstall the keylogger module:

Code:

sudo rmmod AKeylogger

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code	sh3dow	Source Code	0	05-12-2016 03:15
IDA remote debug Linux Kernel	Sergey Nameless	General Discussion	3	04-03-2012 04:12

The Following 2 Users Say Thank You to nimaarek For This Useful Post:
niculaita (10-15-2017), sh3dow (10-27-2017)