Keysniffer started as a stub code to test the data coming from Linux kernel’s keypress notifier. However, it was a fine Sunday morning and I sat down writing a keylogger to trace the keys pressed on my system. It was ready b afternoon and I decided to publish it on GitHub for others to try out.
The advantage of writing the utility as a kernel module is the reduced traceability when compared to a userspace keylogger. I have crafted the name so that it looks like regular kernel modules and lists around the middle of lsmod output. The utility was never intended to be used for trespassing on others. If I use it regularly, the purpose would be to protect my own system.
keysniffer uses a buffer of 16KB (assuming 4KB page size). The pressed keys are written into the buffer separated by newlines. The log is written to debugfs, again to avoid easy or inadvertent detection using dmesg. Once the buffer is exhausted, it is reset and the log rolls back. The log is self-explanatory.
Clone the project from GitHub and compile it:
$ git clone https://github.com/jarun/keysniffer $ cd keysniffer $ make
kisni.ko is the kernel module.
To start logging, insert the module:
$ sudo insmod kisni.ko
To view the log in debugfs:
$ sudo cat /sys/kernel/debug/kisni/keys
To remove the log, unload the module:
$ sudo rmmod kisni
Don’t forget to star the project on GitHub if you like it or find it useful.
On GitHub: keysniffer