Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Keysniffer – Linux kernel mode debugfs keylogger (github.com)
12 points by apjana 9 days ago | hide | past | web | favorite | 1 comment

keysniffer is a Linux kernel module to grab keys pressed in the keyboard, or a keylogger.

keysniffer is also an academic project for devs willing to learn Linux kernel module programming, with extensive comments, checkpatch.pl scanned code, standards-compliant Makefile and DKMS support.

keysniffer was initially written for the US keyboard (and conforming laptops). By default it shows human-readable strings for the keys pressed. Optionally, the keycode shift_mask pair can be printed in hex or decimal. You can lookup the keycodes in /usr/include/linux/input-event-codes.h.

The keypress logs are recorded in debugfs as long as the module is loaded. Only root or sudoers can read the log. The module name has been camouflaged to blend-in with other kernel modules.

You can, however, execute a script at shutdown or reboot (the procedure would be distro-specific) to save the keys to a file.

DISCLAIMER: keysniffer is intended to track your own devices and NOT to trespass on others. The author has never used it to compromise any third-party device and is not responsible for any unethical application.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact