In this article, we will talk about keyloggers. A keylogger as the name suggests is a tool that logs key press, a key stroke logging.
So, what is a keylogger?
In real life, we have 2 types of keyloggers. The first and more known one if a software-based tool that logs the user key stroke, but not only a software keylogger can do much more. The second type is a hardware device. One of the known hardware devices was a small device that you connect between the PS2 keyword connector to the computer. The biggest disadvantage of a hardware key logger is that you need to manually install it. You also need to collect it for investigation of the key stroke it collected.
What is a USB keylogger?
A USB keylogger is keylogger hardware-based device that replaces the old PS2 keylogger device. To use such a device you need to plug it between the USB keyboard to the USB plug on the computer. It will collect all the key strokes that the end-user will type. Some of the USB keylogger can catch fixing text, like pressing the backspace. It will store the files, that contain the text, in a name with date conversion. The biggest disadvantage of hardware based keyloggers is the need to collect it back to investigate the log text. There are also USB keyloggers that contain a WiFi device in them allowing the uploading the files with the log text to a remote device.
How do keyloggers work?
In general, a keylogger can record typing text into files. Keylogger writers make it more logical to catch the context that the text typed in. It might not be the only text. It can also be mouse clicks, the software that is open. For example a web browser and the current most fronted URL and the form that was filed.
How to detect keylogger?
If we are talking about hardware keyloggers you need to check the connected keyboard to the computer. If you see that there is another device between the keyboard device to the computer it might be a keylogger.
For software keyloggers, it can be another story as it depends on the stealth method it uses for detection protection. If is uses rootkit technology to hide on the system it will be harder to find it in the system.
How to make a keylogger?
Let’s leave the hidden part of the keylogger. For the purpose of this article, I am going to talk about capturing key strokes to save them to a file. In order to create a software keylogger, you will have to find a way to log any keypress in the environment. To make it more useful you need also the context that the tying was happening. This can include the software that was open at the time. If it was a website, what was the site domain and the exact URL. You will also need to know what is the form and even the form HTML tags or names.
Due to the nature of this website – rootkit – we will be more focusing on C/C++ language.
C/C++ keylogger the idea:
For user-mode based keyloggers, you can use the following Windows API functions SetWindowsHookEx, GetAsyncKeyState, GetKeyboardState, RegisterRawInputDevices. The following Windows Message can be a good point to look at WM_CHAR, WM_MOUSEMOVE, WM_APPCOMMAND, WM_INPUT. Another option is to use the DirectX API, specifically the Direct Input part.
Using the above to catch keyboard press, open software, and other related stuff that happens in the system. This method call hooking, or windows hooking.
Kernel Mode Keylogger:
To make it more stealth you might need to create a keyboard, mouse, network (like NDIS) filter driver to catch keypress, mouse click, and network data on the local device. A driver can also use rootkit technology to hide the keylogger on the system.
What is a keylogger used for?
Also here we can split it to 2 types of use. If we look at keyloggers from legal use. It can be to understand if a worker in a company type private company content and send it to an unauthorized place, for auditing purposes. Like stealing data for another company.
A keylogger can also be used for parenting if you want to understand what your kids are typing on social networks. If there is something that due to it you need to get involved in the conversation with your kid.
Hackers and virus developers can embed keyloggers into the virus to grab logins, credit card, bank account, sniffing passwords of websites, and other illegal usage using a keylogger.
Is keylogger legal?
Yes and no. Yes, if its usage by a company for security or by a partner to verify that there is no theft, this will still need to be legally agreed with lawyers. Another legal use can be for parenting.
No – by hackers and viruses for stealing information, spying, and so on.
In this what is a keylogger guide we answer some of the common and related questions. We talk about Software, Hardware, and USB keyloggers. We also talk about keylogger usage and what you need to develop one. This is not the end. There will be another part in the future. Stay tuned!