The first thing I did this week was research Linux
keyloggers. While there are many online, there are few open source solutions
that offer the flexibility required for our project. In fact, I only found one
source that provides a timestamp for each individual key pressed. I changed the
script to store the data in a local log file that can be parsed later on.
For the rest of the week, I did a lot of research on Linux
device event files in order to work on capturing mouse events. Unfortunately,
the protocol for this OS service varies wildly depending on the Linux distro in
question and I was unable to find a truly reliable source for working with the
Ubuntu VM. I also refrained from investigating rootkits because I did not want
to put my personal machine at risk. So far, my understanding is that a new
input_event struct is written to the event file every time the given hardware
device has a new event to report. The struct has the following format:
struct input_event {
struct timeval time;
__u16
type;
__u16
code;
__s32
value;
};
However, when I use programs that try to exploit this data
formatting, the only field that ever changes is the timeval struct while the
type, code, and value remain constant. The best option I could find for logging
mouse events was the python bindings for evdev. Using this package to read
/dev/input/event3, the mouse event file for Ubuntu 12.04 LTS, I am able to
record mouse clicks with extremely precise timestamps. None of the deltas get
recorded and the coordinates of the mouse when it is clicked are not logged either.
No comments:
Post a Comment