Linux kernel-level keylogger


In early March 2014 I had some free time for a week during Spring break. I was interested in Linux device driver development and thought it would be nice to build something during the week. So I went through the documentation and was searching for something fun to implement. The challenge of writing a keylogger for linux felt small and self-contained enough for a newbie to device driver development, without requiring special hardware. So I gave it a shot.

Implementation:

A user mode keylogger would have probably been the easiest to implement. Even in kernel mode, there are several ways I could have written it. In my implementation, I registered with the keyboard driver to listen for keypress and keyrelease events. Depending on the keycode that gets sent to my kernel module, I logged the corresponding ascii character associated with it. I tested the keylogger on my dev machine which runs Ubuntu 12.10 and it works fine. I think this was a good learning experience and I might work on a more complicated kernel module next.

Source code:

https://github.com/arunpn123/keylogger