«« previous post: Ubuntu excells
»» next post: Making Picture Galleries on Linux

Keylogging on Linux

I was trying to track down a keylogger that would work on Linux and I was having a tough time. Finally I discovered lkl which records all input from port 0×60 (which is apparently the keyboard port number). It’s pretty simple to run but now I have to decide how I want to make this thing run at boot time. I was going to use the SysV-Init editor that comes with KDE but apparently that’s not what I’m looking for. Off to dig some more…

Right, I made a script and put it into /etc/init.d Hope that solves my problems. We’ll see if this actually works.

[later that day]

Well, the keylogger is working more or less. There were some problems where it told me that lkl was looking for a keymap file that didn’t exist. I had to manually copy the maps from the source package to /usr/local and then point lkl in that direction. Even then it appears the us_kmUP is malfunctioning. us_kmALT and us_km seem to be doing fine, but the uppercase map is spewing garbage into my log file.

I’ve decided not to worry about the garbage. It’s too much effort to investigate this problem for such a low priority thing. However, now I’ll have to decode everything I want to read by educated guessing and doing more keylogging to see what letters turn into what junk.

If anyone finds a better keylogger for Linux (maybe one with a more functional keymap), drop me a line in the comments. I’d totally appreciate the help - and so would all the other people who come here looking for answers.

By: Danger | 03/05/05 | Linux Thoughts - Linux Personal | Trackback

Leave a Reply »»

5 Responses to “Keylogging on Linux” »»

  1. fusis
    Comment by fusis
    05/17/05 at 10:49 pm

    hey,

    I tried to run lkl, but it doesnt work. I too copied the keymaps and pointed it in the correct direction. Can you help me rectify the prob? Its urgent! Pleae mail me what to do.. I am running Ubuntu. This is my error message

    root@nirvana:/usr/local # lkl -l -k keymaps/en-us -o log.file

    Started to log port 0×60. Keymap is keymaps/en-us. The logfile is log.file.

    unable to find keymap-file: No such file or directory
    unable to find UPPER case keymap file, check it!

    See, it says that the keymap is the file i am pointing. But then it says unable to find the keymap,

    Please, Its urgent.

  2. Danger
    Comment by Danger
    05/17/05 at 10:58 pm

    I’m not sure why a keylogger is urgent unless you’re doing something naughty, but here’s my advice:

    find the files en-us and en-US (or something that looks like them) in the folder of the install program. Copy those files specifically to some place you can remember like /usr/share/keymaps

    change the shell command to reflect the new location like this:
    lkl -l -k /usr/share/keymaps/en-us -o log.file

    The trick is that the en_US file must be right next to the en_us file.

    good luck.

  3. Wicher
    Comment by Wicher
    05/22/05 at 3:45 am

    Try uberkey. Works like a charm.

  4. Gusto
    Comment by Gusto
    07/20/07 at 6:47 pm

    us_kmUp (do these corrections in order as line numbers will change after #3) Turn on Gedit “display line numbers”.

    1. Line 19: replace with
    2. Line 9: The LKL program is set to ignore # in the keymap files as remarks. Line 9 is for the pound sign but when it reads line 9 containg a naked #, it ignores it because it thinks it’s a remark instead of data (duh). This then throws the rest of the file off because what should be line 10 is line 9 because 9 has been ignored. To correct this replace the naked # with as with the , , and other control keys. The log file will show but at least it works. This corrects the transposing problem from line 9 to 46.
    3. Line 47: is | -Delete this line letting everything below shift up one line making line 47 now . Probably because whoever did the keymap file was unaware of the # problem and was trying to correct the transposing going on.
    4. Line 48: is blank. add |
    5. Line 59: is blank. add
    6. Line 60: is change it to * without the
    7. Line 61: is and stays.
    8. Line 62: is empty but is the location of the shift+space bar. Locate the cursor there and hit the space bar once. This will add a visible space between words in the log file. If you want, you can add instead but it clutters the log file and makes it harder to read.
    9. Line 63: is and stays.
    From Line 64 containing F1 the rest of the file should be correct as is.

Trackbacks/Pingbacks »»>

  1. Distro Jockey » Ultimate Linux Keylogger - Uberkey
    Pingback by Distro Jockey » Ultimate Linux Keylogger - Uberkey
    05/22/05 at 10:28 pm

    […] - Uberkey

    A while ago I wrote a post about a Linux keylogger called lkl. It’s a decent program but it’s rather hard to manage at times and […]


Ride the Penguin

DangerNet - Gasoline - CoderBlog - FunnyClips - Election Result 2008 - DVD MP3 - Christmas Shopping Tips - Northgate Mall
Distro Jockey is offered under the Creative Commons License.