What I'am trying to do
I made a keylogger by reading the event file, but it needs root permission to work.I want to make a keylogger that can work without root permission.
My device
ubuntu16.04 using X11
ubuntu21.04 using Wayland
My thoughts
I understand that it is feasible on windows, and it can also be implemented through Xlib on some linux using X11.
But my project needs to run on X11 and Wayland, so it's obviously not possible to use Xlib.
Question
Is there any other way that I can get key logged without root permission?
It may be possible, but any non root solution will depend on the keyboard virtualization tool. Let us look how (modern) OS work:
the hardware is under the exclusive control of the kernel and its drivers. It is possible to implement a keylogger at that level that would only be kernel dependent but it requires admin privileges.
if you have a multiple windows capable system (X11, XWindow) the OS passes low level events to the window manager which in turn will passes them to the client program. In Windows that part is include in the kernel for historical reasons. Here again it is possible to implement a (still low level) keylogger, but if the window manager has been started as root, interacting with it as a whole still requires admin privileges. At least the X11 server can be started as a non admin user process and in that use case, the keylogger can also run under the same user.
at the end, the window manager passes events to the client application. On some (windowing) sytems, it is possible to implement hooks but they will be restricted to the same process or process group or at least the same user. Whether it is possible or not, and the way to implement it if possible will be anyway window manager dependant.
That means that it may be possible to implement a user level keylogger, but it will depend on the windowing system and not only on the kernel. Said differently, you will have to search for a Wayland specific way and a X11 specific way if you want to support both of them.
Related
I've been making a simple application which is able to launch a variety of other applications through QT5 (using QProcess class) but I've been running into a few key issues with the design. Specifically, it seems that Qprocess cannot set focus to windows that have been created via QProcess' start() function. This means that once a user opens more than one window, it can never return to the previous window that has been opened. After looking further into this dilemma, it has become clear that my program will need to be able to handle basic window management in order to fulfill my specifications.
I've decided that the best example to study for my program is Docky, which is capable of opening, closing and switching windows. Looking at the source code for that project was helpful, but there were many C# system calls that were used for fetching the list of client-windows which aren't available for my C++ program.
How can I get a list of all the X11 Windows that the client is running and provide basic window management (Switch To/ Open / Close Window) using C++? Is there a cross platform way of doing this through QT? Can I get this information directly using XServer?
I am finding a Ubuntu OS command, which lets the program to read the data from keyboard even if the program is in background. I tried to search it a lot but got no success. If any Ubuntu/Linux programmer knows the OS command which lets the program to do so, Please share it with me.
I am a beginner of Ubuntu programming.
You can use the Linux input subsystem to read events from mice and keyboards. It will only work if your application has the necessary privileges. Basically, you have to run the application as root for this to work.
If you cannot run as root, you should not be attempting to monitor the keyboard anyway.
You can create an X11 application to monitor keyboard events in the current session. It only works for the current user, and in the current graphical environment, and may not be able to observe privileged dialogs, for example password inputs. For details, look at the application shortcut launcher for your desktop environment; all Linux DEs I've ever heard of have one.
I think the old Linux Journal articles, The Linux USB Input Subsystem and Using the Input Subsystem, are still one of the best introductions to the Linux input subsystem. Most Linux distributions nowadays also support uinput, a similar device that allows injecting input events back to the kernel subsystem, designed to allow user-space input device drivers. Their interfaces are described in /usr/include/linux/input.h and /usr/include/linux/uinput.h. I recommend you start at the above articles, and then look at some input and uinput examples.
If you are comfortable using a program, have a look at Logkeys project
. It directly takes input from /dev/input/event*.
When I used C# i was only able to access user-mode registry accesses.
Is it very difficult to access kernel-mode registry accesses using C++?
I recall reading somewhere I may have to create a dummy windows driver or something?
EDIT: Basically as a hobby project I wish to create a simple registry monitor. However, I do want to catch kernel mode (as well as user mode) registry accesses..... last time I did this, using C# I could not access the kernel mode activity.
There are two ways to achieve this:
Hook the relevant functions in the kernel - the traditional way - which requires a C/Kernel Driver. This is possible on x86 Windows, but on x64 Kernel Patch Protection will detect these modifications and shut down the system (with a bluescreen).
Build a registry filter driver - this is the now encouraged way to attack this problem and is the way process monitor works. You can also build file system filter drivers this way. Essentially, you simply need to pass the information back to userland which boils down to:
IoRegisterDevice(...somewhere in \Devices\YourDriverName...)
IoCreateSymbolicLink(\\DosDevices\Name -> \Devices\YourDriverName)
then a C, C++, C# application should be able to open the file \\.\YourDriverName and DeviceIoControl to it and receive responses.
It is possible to use C++ to write kernel drivers, but see this before you embark on doing so. To be clearer, you need to be really careful about memory in kernel mode (paged, nonpaged) and you're not going to have access to much of the standard library.
As an aside, you should be aware that:
Not all registry hives are accessible to kernel mode drivers, depending on context.
The paths are not common. So the kernel accesses \Registry\System whereas userland accesses HKLM.
I want to create a C++ application that is to run on some Linux platform on a specific laptop computer. I do however not want the users of this laptop to use any other applications/system features than this program - much like the kiosk modes you would find on computers in a typical internet café.
One issue is that the laptop will be booted by the user, and such has to start my software automatically - leaving as little room as possible for the user to intervene with the process. It does not have to be completely secure, but it should be as close as possible.
What would be the best way to accomplish such a thing? Does there exist (free) Linux distributions specifically made for this (if not, I will probably use Arch Linux)? Are there any steps I could/should take in my program, or can I leave it all to the OS? Would creating my own little Linux distribution specifically for this be worth it?
This shouldn't be on stackoverflow but anyway:
Run a plain X session with no window manager, into this plain X session start your program in fullscreen. Done.
I run a small XUL application this way:
X :10 &
sleep 10
DISPLAY=:10 xulrunner ~/zkfoxtemp/application.ini
I would use a minimal live linux distribution - I prefer tinycorelinux but most will do.
using a minimal distribution ensures that the system doesn't have almost any features or programs you didn't plant there, and will make it easy to modify according to your needs
use a window manager as many programs don't behave properly if ran in plain X session (especially if they use pop up windows), but remove all it's menus and shortcuts
prefer booting from a read only media - this will minimize the chances of corruption (accidentally or intentionally)
remove unneeded services and features from the boot and login scripts
I was having a discussion with a colleague about whether or not the following is possible:
Install an MFC application from a USB drive in Windows XP (this installation would be initiated manually by a user with sufficient privileges to install software).
After rebooting, this application should start instead of the default Windows XP shell (explorer.exe).
Does anyone know how I might accomplish this?
You won't be able to run an MFC application before windows starts up because by definition MFC runs off of windows DLLs that are not loaded until windows itself is. Not to mention that Windows is what is responsible for loading a PE in the first place, so you won't even be able to load a compiled EXE or DLL without a custom bootstrapper.
In order to do what you want to do you have a few options. There are (easy) ways for windows to be set to load an application on startup. If that is what you want, then this is entirely possible.
However, if you wish to execute code before and while windows is starting up, then you must first overwrite the bootstrapper (with something like GRUB), execute your code (again, you will not have access to any standard library - you will have to operate directly on the buffers made available to you by the CPU if you wish to do any sort of I/O), then start up windows by launching its bootstrapper. I have no idea how to do this; but that is the general overview of what must happen.
You mentioned DLL injection, which is another possibility. I am not familiar with what DLLs, and in what order, are loaded during windows startup. That will be an exercise for you. What you will have to take into consideration, is that the higher level you want to exist in (i.e. what libraries are available for you to do File/Console I/O) the higher up you need to execute your code in the windows startup process.
My suggestion to you is simply write a program that executes as a service that is started up during windows initialization. Its easy to do, and you will have the entire HAL loaded and ready to actually perform tasks - rather then you having to write device-specific drivers in order to manipulate hardware before window's loads the HAL.
Modify HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit registry value with full path to your application. This key specifies what program should be launched right after a user logs into Windows. The default program for this key is C:\windows\system32\userinit.exe. Userinit.exe is a program that restores your profile, fonts, colors, etc for your username. It is possible to add further programs that will launch from this key by separating the programs with a comma