From 21e611afa76261141a5074ded7c7f348aa8286f3 Mon Sep 17 00:00:00 2001 From: Arun Prakash Jana Date: Mon, 27 Mar 2017 22:28:15 +0530 Subject: [PATCH] Use standard macros, update doc. --- README.md | 16 ++++++++++------ keysniffer.c | 6 +++--- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 2990ce7..daeec9a 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,13 @@ # keysniffer -A Linux kernel module to grab keys pressed in the keyboard, or a keylogger. Works with the US keyboard (and conforming laptops). +A Linux kernel module to grab keys pressed in the keyboard, or a keylogger. + +keysniffer was originally written with the US keyboard (and conforming laptops) in mind. By default it shows human-readable strings for the keys pressed. However, as keyboards evolved, more keys got added. So the module now supports a module parameter `codes` which shows the `keycode shift_mask` pair in hex (`codes=1`) or decimal (`codes=2`). You can lookup the keycodes in `/usr/include/linux/input-event-codes.h`. The keypress logs are recorded in debugfs as long as the module is loaded. Only root or sudoers can read the log. The module name has been camouflaged to blend-in with other kernel modules. You can, however, execute a script at shutdown or reboot (the procedure would be distro-specific) to save the keys to a file. -keysniffer is intended to track your own devices and NOT to trespass on others. The author has never usesd it to compromise someone else's system and is not responsible for any unethical application. +**DISCLAIMER:** keysniffer is intended to track your own devices and NOT to trespass on others. The author has never used it to compromise any third-party device and is not responsible for any unethical application. [![PayPal](https://tuxtricks.files.wordpress.com/2016/12/donate.png)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=RMLTQ76JSXJ4Q "Donate via PayPal!") @@ -53,12 +55,10 @@ To view the pressed keys, run: _ENTER_ _ENTER_ -To view generic keycodes (hex) in the format *keycode shift_mask*, run: +To log generic hex keycodes in the format `keycode shift_mask`, run: $ sudo insmod kisni.ko codes=1 - or, for decimal: - $ sudo insmod kisni.ko codes=2 - + // Type something $ sudo cat /sys/kernel/debug/kisni/keys 23 0 12 0 @@ -90,6 +90,10 @@ To view generic keycodes (hex) in the format *keycode shift_mask*, run: 6a 0 1c 0 +To log the keycodes in decimal, run: + + $ sudo insmod kisni.ko codes=2 + To unload the module (and clear the logs), run: $ sudo rmmod kisni diff --git a/keysniffer.c b/keysniffer.c index 148e44c..63e3552 100644 --- a/keysniffer.c +++ b/keysniffer.c @@ -122,7 +122,7 @@ void keycode_to_string(int keycode, int shift_mask, char *buf, int type) { switch (type) { case US: - if (keycode >= 0x1 && keycode <= 0x77) { + if (keycode > KEY_RESERVED && keycode <= KEY_PAUSE) { const char *us_key = (shift_mask == 1) ? us_keymap[keycode][1] : us_keymap[keycode][0]; @@ -131,11 +131,11 @@ void keycode_to_string(int keycode, int shift_mask, char *buf, int type) } break; case HEX: - if (keycode < KEY_MAX) + if (keycode > KEY_RESERVED && keycode < KEY_MAX) snprintf(buf, CHUNK_LEN, "%x %x", keycode, shift_mask); break; case DEC: - if (keycode < KEY_MAX) + if (keycode > KEY_RESERVED && keycode < KEY_MAX) snprintf(buf, CHUNK_LEN, "%d %d", keycode, shift_mask); break; }