«« previous post: Linux Remote Desktop Client
»» next post: The new Disto Jockey

Ultimate Linux Keylogger - Uberkey

A while ago I wrote a post about a Linux keylogger called lkl. It’s a decent program but it’s rather hard to manage at times and had some configuration bugs. Even once I got it running I’d find that many of the characters were off from what they should have been.

Luckily a reader used the comment form on that post to point out a much better program called uberkey.

Uberkey is awesome because of it’s simplicity. When you download it from the link above (or this link) you’ll be amazed at just how simple the install package is. There are three files:

makefile
uberkey.8
uberkey.c

Installing Uberkey
To install the uberkey keylogger on Linux simply compile the uberkey binary by typing # make. Really, it’s that simple. You’ll now have a fourth file in the current directory named uberkey. Copy this to some executable directory like so:

# cp uberkey /usr/bin/

Uberkey is now installed.

Running Uberkey

Uberkey does not handle log files on it’s own, what it does is when it’s running it will print out the names or values of the keys being hit to the standard output. This is not very useful if you just type it in a terminal straight, but with two very simple changes to the way the program is called it becomes an excellent system keylogger. First, we’ll use the greater-than symbol to direct the standard output to a text file:
# uberkey > /home/myname/.keylogfile

Second, we’ll use the ampersand symbol at the end of the program call to allow this to run in the background and give us our terminal prompt back:
# uberkey > /home/myname/.keylogfile &

If you want this to start at boot, all you need to do is add the last line of code above to one of your init scripts. If this doesn’t seem easy to do, I’ve included a script that you can make into a file and drop into /etc/init.d. Make sure it is executable (# chmod +x filename)

Sample Init Script for Uberkey
(Note: you should have runscript installed to do this)


###############
#!/sbin/runscript

start() {
        ebegin "Starting Uberkey keylogger"

        uberkey > /home/myname/.keylogfile

        eend $?
}
###############

Update: Wicher has told me that sometimes uberkey can mess up X. If anybody knows something about this, I’d love to hear it. So far it’s been working fine for me. Also, has anybody tried uberkey on a non en-us keyboard layout?

By: Danger | 05/22/05 | Linux Software - FRONT_PAGE | Trackback

Leave a Reply »»

3 Responses to “Ultimate Linux Keylogger - Uberkey” »»

  1. pagan
    Comment by pagan
    06/07/05 at 12:19 pm

    It prints the US-keyboard mapping on my german keyboard, e.g. Y instead of Z and no üöä, … no big problem.

    It also displays ! # $ wrong, but this can be fixed easy in the source.

    So far, it hasnt messed up my X.org/fluxbox

  2. anant Shrivastava
    Comment by anant Shrivastava
    10/06/05 at 9:49 am

    hey i have used this home made script for full utilization

    #!/bin/bash
    # Startup Script for umber key
    # Created BY ANANT SHRIVASTAVA (moderator GLUG - BHOPAL)
    # chkconfig : 4 00 00
    # Description : - Key logger (Kernel based) \
    # catches all the key strokes directly \
    # from the key board buffer

    #Source function library
    . /etc/rc.d/init.d/functions

    # Start and stop condfiguration
    case “$1″ in
    start)
    echo -n “Starting KEYLOGGER : ”
    date >> /tmp/d
    echo “NEXT” >> /var/log/keylog
    paste /tmp/d >> /var/log/keylog
    touch /var/lock/subsys/key
    uberkey >> /var/log/keylog &
    ;;
    stop)
    echo -n “Stoping KEYLOGGER : ”
    rm -rf /tmp/d
    rm -rf /var/lock/subsys/key
    for PID in `pidof uberkey`; do
    kill -KILL “${PID}”
    done
    ;;
    clean)
    echo “CLEANING UP LOG FILE ”
    rm -rf /tmp/d
    rm -rf /var/lock/subsys/key
    echo ” ” > /var/log/keylog
    ;;
    status)
    if [ -e /var/lock/subsys/key ]; then
    echo “KEYLOGGER IS RUNNING…..”
    else
    echo “KEYLOGGER IS STOPPED”
    fi
    ;;
    restart|reload)
    $0 stop
    $0 start
    ;;
    *)
    echo “Usage start|stop|reload|restart”
    esac
    exit

    try this
    yours
    anant

  3. JC
    Comment by JC
    04/04/08 at 7:22 am

    A reply… 3 years later.

    I just tried uberky 1.2 on a non-english Linux system (spanish, kernel 2.6.21.5). It did mess up my mouse: it jumped all over the place, clicking on all kind of stuff for about 10 seconds and then the process died by itself (lucky me).

    Not complainig, though. Moving over to the next logger. Good luck to you all.

Ride the Penguin

DangerNet - Gasoline - CoderBlog - FunnyClips - Election Result 2008 - DVD MP3 - Christmas Shopping Tips - Northgate Mall
Distro Jockey is offered under the Creative Commons License.