seb/keylogger-detector
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add short jounral entry abt user space bash script detector.

Browse Source
This commit is contained in:
Sebastian Lenzlinger 2023-06-03 19:44:34 +02:00
parent fbf62f0a7c
commit 10d7460409
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/dev_journal.md
View File

@ -71,7 +71,7 @@ It seems after restart kernel modules must be reinserted (even though spy was in
## Thursday, 11.05.2023
### Michel
I was able to recreate all the steps Sebastian did on wednesday 10.05.2023. The only difference was, that on a ubuntu VM, the third step ls -l /proc/{1, 880, 1774, 63277}/exe` has to be executed a little bit differently. I wasnt able to give out a list of all processes at once. I had to check each PID individually, to see which PID belongs to which process.
I was able to recreate all the steps Sebastian did on wednesday 10.05.2023. The only difference was, that on a ubuntu VM, the third step `ls -l /proc/{1, 880, 1774, 63277}/exe` has to be executed a little bit differently. I wasnt able to give out a list of all processes at once. I had to check each PID individually, to see which PID belongs to which process.
## Sunday, 14.05.23
### Sebastian
@ -88,7 +88,7 @@ For each file in the directory, use the `strstr()` function to check if the file
### Michel
`lsmod shows most loaded kernel modules and who and how many use it at the moment.
I/O Module responsible for keyboard drivers is not fully listed with `lsmod`. With `ll /lib/modules/5.19.0-35-generic/kernel/drivers/input/keyboard`one can list all drivers connected in some way to the Keyboard.
I tried `hwinfo to list all hardware on a device. To use it one needs to do `sudo apt install hwinfo`. With `hwinfo --short` one gets a short information list about devices and drivers / what they are. Further investigation is required.
I tried `hwinfo` to list all hardware on a device. To use it one needs to do `sudo apt install hwinfo`. With `hwinfo --short` one gets a short information list about devices and drivers / what they are. Further investigation is required.
TODO: Find a way to list all processes using those keyboard Kernel Modules
#### Next Step:
@ -96,4 +96,10 @@ TODO: Find a way to list all processes using those keyboard Kernel Modules
2. Start coding the user space detector part of the software.
## Saturday, 3. June 2023
Instead of using c now used bash to make a script that
1. finds `/dev/input/event*` that correspond to keyboard files and writes them in a file.
2. checks which pids use those files and writes those into a file.
3. checks to which programms/executables the pids correspond to.
Still need to finnish it.
TODO: Add functionality that is asks user if the malicious process should be killed. I.e. add some configuration functionality.