Move old code to legacy folder. Git now ignores .txt files

2023-06-03 19:38:14 +02:00 · 2023-06-03 19:38:14 +02:00 · fbf62f0a7c
commit fbf62f0a7c
parent 51da6b9038
11 changed files with 184 additions and 42 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,5 @@
 /build/
 *.o
 *.out
 *.txt
--- a/src/Makefile
+++ b/src/Makefile
@ -0,0 +1,2 @@
 clean: 
 	rm *.o *.txt *.out *.exe
--- a/src/find_logger_proc.c
+++ b/src/find_logger_proc.c
@ -1,14 +0,0 @@
 #include <stdio.h> // for printf()
 #include <stdlib.h> // for exit()
 #include <string.h> // for strcmp()
 #include <dirent.h> // for opendir(), readdir(), closedir()
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h> // for readlink(), chdir(), getcwd()
 #include <errno.h> // for errno                   
 #include "find_logger.h"
--- a/src/keyboard_script.sh
+++ b/src/keyboard_script.sh
@ -1,27 +0,0 @@
 #!/bin/bash
 # Output file path
 output_file="keyboard_files.txt"
 # Find keyboard device files
 keyboard_files=()
 while IFS= read -r -d '' file; do
  if [[ $file == *"kbd"* || $file == *"keyboard"* ]]; then
    keyboard_files+=("$file")
  fi
 done < <(find /dev/input -type c -name 'event*')
 # Write keyboard files to output file
 echo "Keyboard Device Files" > "$output_file"
 echo "======================" >> "$output_file"
 if [[ ${#keyboard_files[@]} -eq 0 ]]; then
  echo "No keyboard device files found." >> "$output_file"
 else
  for file in "${keyboard_files[@]}"; do
    echo "$file" >> "$output_file"
  done
 fi
 echo "Keyboard files written to $output_file"
--- a/src/legacy/find_logger_proc.h
+++ b/src/legacy/find_logger_proc.h
--- a/src/legacy/follow_symlinks.sh
+++ b/src/legacy/follow_symlinks.sh
@ -51,7 +51,7 @@ done < "$pids_input_file"
 # sort and remove duplicates
 sorted_pids=$(printf '%s\n' "${pids_array[@]}" | sort -nu)
-# write unique pids to file, separated by newlines
+# write unique and sorted pids to file, separated by newlines
 printf '%s\n' "${sorted_pids[@]}" > "$pids_output_file"
 echo "Pids written to $pids_output_file"
--- a/src/legacy/get_kbd_event_files.py
+++ b/src/legacy/get_kbd_event_files.py
--- a/src/legacy/keyloggers.sh
+++ b/src/legacy/keyloggers.sh
--- a/src/legacy/test.c
+++ b/src/legacy/test.c
@ -0,0 +1,112 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <dirent.h>
 #include <unistd.h>
 #define DEVICE_DIR "/dev/input"
 #define BY_PATH_DIR "/dev/input/by-path"
 #define PROC_DIR "/proc"
 void get_program_name(long pid) {
    char exe_file_path[256];
    snprintf(exe_file_path, sizeof(exe_file_path), "/proc/%ld/exe", pid);
    if (access(exe_file_path, F_OK) == 0) {
        char program_path[256];
        ssize_t path_len = readlink(exe_file_path, program_path, sizeof(program_path) - 1);
        if (path_len != -1) {
            program_path[path_len] = '\0';
            printf("Corresponding program: %s\n\n", program_path);
        }
    }
 }
 void find_keyboard_files() {
    DIR *by_path_dir = opendir(BY_PATH_DIR);
    if (by_path_dir == NULL) {
        perror("opendir");
        exit(EXIT_FAILURE);
    }
    struct dirent *entry;
    while ((entry = readdir(by_path_dir)) != NULL) {
        if (strstr(entry->d_name, "kbd") != NULL || strstr(entry->d_name, "keyboard") != NULL) {
            char device_file_path[256];
            snprintf(device_file_path, sizeof(device_file_path), "%s/%s", BY_PATH_DIR, entry->d_name);
            char link_dest[256];
            ssize_t link_size = readlink(device_file_path, link_dest, sizeof(link_dest) - 1);
            if (link_size == -1) {
                perror("readlink");
                continue;
            }
            link_dest[link_size] = '\0';
            printf("Keyboard device file: %s\n", link_dest);
            char event_file[256];
            snprintf(event_file, sizeof(event_file), "%s/%s", DEVICE_DIR, link_dest);
            DIR *proc_dir = opendir(PROC_DIR);
            if (proc_dir == NULL) {
                perror("opendir");
                continue;
            }
            struct dirent *pid_entry;
            while ((pid_entry = readdir(proc_dir)) != NULL) {
                if (pid_entry->d_type != DT_DIR)
                    continue;
                // Check if the entry name is a numeric value (PID)
                char *endptr;
                long pid = strtol(pid_entry->d_name, &endptr, 10);
                if (*endptr != '\0')
                    continue;
                char fd_dir_path[256];
                snprintf(fd_dir_path, sizeof(fd_dir_path), "%s/%s/fd", PROC_DIR, pid_entry->d_name);
                DIR *fd_dir = opendir(fd_dir_path);
                if (fd_dir == NULL)
                    continue;
                struct dirent *fd_entry;
                while ((fd_entry = readdir(fd_dir)) != NULL) {
                    if (fd_entry->d_type != DT_LNK)
                        continue;
                    char fd_file_path[256];
                    snprintf(fd_file_path, sizeof(fd_file_path), "%s/%s", fd_dir_path, fd_entry->d_name);
                    char link_dest[256];
                    ssize_t link_size = readlink(fd_file_path, link_dest, sizeof(link_dest) - 1);
                    if (link_size == -1)
                        continue;
                    link_dest[link_size] = '\0';
                    if (strcmp(link_dest, event_file) == 0) {
                        printf("Process with PID %ld is using this file.\n", pid);
                        get_program_name(pid);
                    }
                }
                closedir(fd_dir);
            }
            closedir(proc_dir);
        }
    }
    closedir(by_path_dir);
 }
 int main() {
    printf("Finding keyboard files...\n\n");
    find_keyboard_files();
    return 0;
 }
--- a/src/main.c
+++ b/src/main.c
--- a/src/user-space-detector.sh
+++ b/src/user-space-detector.sh
@ -0,0 +1,67 @@
 #!/bin/bash
 # =============================== 
 # Step1: Find keyboard file paths
 # ===============================
 # Output file path
 kbd_output_file="kbd_file_paths.txt"
 # Function to follow symbolic links recursively
 follow_symlinks() {
  local filepath=$1
  if [[ -L $filepath ]]; then
    local resolved_path=$(readlink -f "$filepath")
    echo "$resolved_path" >> "$kbd_output_file"
    follow_symlinks "$resolved_path"
  fi
 }
 # Traverse files in /dev/input/by-path
 echo -n > "$kbd_output_file"
 find /dev/input/by-path -type l -name '*kbd*' -print0 | while IFS= read -r -d '' filepath; do
  #echo "$filepath" >> "$kbd_output_file"
  follow_symlinks "$filepath"
 done
 echo "Keyboard file paths written to $kbd_output_file"
 # ===============================
 # Step2: Find pids using keyboard event files
 # ===============================
 # Use found kbd file paths to find corresponding pids
 pids_input_file="$kbd_output_file"
 pids_output_file="pids.txt"
 echo -n > "$pids_output_file"
 declare -a pids_array
 # Get pids of processes using the keyboard and put in array
 while IFS= read -r pathname; do
    pids=$(fuser "$pathname")
    # add pids to array
    for pid in $pids; do
      pids_array+=("$pid")
    done
 done < "$pids_input_file"
 # sort and remove duplicates
 sorted_pids=$(printf '%s\n' "${pids_array[@]}" | sort -nu)
 # write unique and sorted pids to file, separated by newlines
 printf '%s\n' "${sorted_pids[@]}" > "$pids_output_file"
 echo "Pids written to $pids_output_file"
 # ===============================
 # Step3: Find processes/program names using pids
 # ===============================
 exe_input_file="$pids_output_file"
 exe_output_file="suspicous_exes.txt"
 # Clear output file
 echo -n > "$exe_output_file"