Jump to content


Photo
- - - - -

Undetectable Hadware logger


  • Please log in to reply
13 replies to this topic

#1 doomer

doomer

    Will I break 10 posts?

  • Members
  • 5 posts
  • Gender:Male

Posted 15 December 2011 - 06:55 PM

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

#2 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 15 December 2011 - 07:45 PM

initially upon first insertion of the usb keylogger your system might show that a usb device or usb keyboard (depending on which usb keylogger you have) has been plugged in, but after that they should be fairly undetectable to the average user.

also, they do not work on some new mac keyboards. I've found this out from personal experience

#3 doomer

doomer

    Will I break 10 posts?

  • Members
  • 5 posts
  • Gender:Male

Posted 16 December 2011 - 02:16 AM

initially upon first insertion of the usb keylogger your system might show that a usb device or usb keyboard (depending on which usb keylogger you have) has been plugged in, but after that they should be fairly undetectable to the average user.

also, they do not work on some new mac keyboards. I've found this out from personal experience



Awesome, thanks for the reply. I've give it a try and test it out.

#4 XlogicX

XlogicX

    SUP3R 31337

  • Validating
  • 160 posts
  • Gender:Male
  • Location:Tempe (Phoenix area)

Posted 18 December 2011 - 08:37 AM

Anybody have one of these? I would be interested in what $lsusb brings back as a device name. If it's unique enough, you could write a script/cron to grep and alert. You could also script for changes as well, this would at least alert you to check the back of your box. I played with the KeyKatcher 32 and 128 in the ancient times (it was PS2) :).

#5 Afterm4th

Afterm4th

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 399 posts
  • Country:
  • Gender:Male
  • Location:way up north eh

Posted 22 December 2011 - 01:34 PM

Anybody have one of these? I would be interested in what $lsusb brings back as a device name. If it's unique enough, you could write a script/cron to grep and alert. You could also script for changes as well, this would at least alert you to check the back of your box. I played with the KeyKatcher 32 and 128 in the ancient times (it was PS2) :).



Good question. I will check mine out shortly...

#6 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,082 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 22 December 2011 - 04:07 PM

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

This would be easy to implement (someone could find out what kind of keyboard you use then switch it out with a tainted, identical model). It's propbably pretty stealthy, too.
Posted Image

Made by the same people that make KeyGrabber.

link: http://www.keelog.co...ard_logger.html

#7 XlogicX

XlogicX

    SUP3R 31337

  • Validating
  • 160 posts
  • Gender:Male
  • Location:Tempe (Phoenix area)

Posted 24 December 2011 - 11:22 PM

Then there's the Teensy attack :)
Teensy USB HID Attack Vector

R3l1K and Mitnick demo it in their DerbyCon2011 talk:
Adaptive Penetration Testing

It's not a logger, but a keyboard that will own the victims box and put a shell on it. They 'dropped' 5 keyboards at a company and got like 8 shells :blink:

#8 chock

chock

    the 0ne

  • Members
  • 1 posts
  • Country:
  • Gender:Female

Posted 13 February 2012 - 04:01 AM

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.

Why not use software keylogger? Hardware keylogger or usb keylogger is easily detected and deleted, even the person who doesn't know what it is can remove it. But some good software keylogger is an undetectable and invisible spy software.The software keylogger is more popular online, and more importanly, it runs with many applications and browsers. In addition, some spy software like remote spy can be installed without physically accessing, but the hardware keylogger must be installed with people themselves.

Edited by chock, 15 February 2012 - 04:30 AM.


#9 Tiki

Tiki

    Will I break 10 posts?

  • Members
  • 5 posts
  • Country:
  • Gender:Male

Posted 14 February 2012 - 02:15 AM

There is quite a list of software keyloggers avalible on TPB.

#10 xiaokaige

xiaokaige

    Will I break 10 posts?

  • Members
  • 3 posts
  • Gender:Male

Posted 09 March 2012 - 01:41 AM

The keylogger software is invisible. Keylogger hardware can be finded.

#11 peanutedd

peanutedd

    Will I break 10 posts?

  • Members
  • 5 posts
  • Country:
  • Gender:Male

Posted 09 March 2012 - 02:39 AM

wrote my own keylogger with JAVA the other day, logs all keystrokes to one of my online servers where I can filter and use as neccesary.

quite easy actually

#12 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 09 March 2012 - 04:05 AM

wrote my own keylogger with JAVA the other day, logs all keystrokes to one of my online servers where I can filter and use as neccesary.

quite easy actually


Learning Java myself at the moment as well as Python now thanks to some more courses offered by Stanford although I'm not sure it is Stanford I just know it is done by Udacity and the some of the guys who did the ai-class last year.

So I was going to ask are you willing to post the code up? And if so would you, please?

#13 army_of_one

army_of_one

    SUP3R 31337 P1MP

  • Members
  • 282 posts

Posted 22 March 2012 - 01:00 PM

You're best option is to try to combine hardware and software. First, you get a nice stealthy software keylogger (or eavesdropper in general). Then, you get it onto the machine via a hardware attack to bypass defences & maybe obscure it further. The USB HID attack is nice for shells. My favorite of all time, due to Apple popularity, is the firewire attack. If they don't have an IOMMU, Firewire bypasses the OS protections altogether to give you full read-write access to RAM (see DMA). You can actually do a lot more than keylog with that kind of intrusion. Lastly, you can always pull a blue pill style attack or other subversion where the OS is running on top of or alongside highly privileged trojan that's intercepting data & invisible to the Windows system.

Nick P
schneier.com

#14 xiaokaige

xiaokaige

    Will I break 10 posts?

  • Members
  • 3 posts
  • Gender:Male

Posted 03 April 2012 - 09:22 PM

Researching USB keyboard loggers and I'm getting conflicting reports about how hidden they are. I checked out KeyGhost and KeyGrabber (love the Nano) but heard these could be visible as a USB device or even an external drive. Is this true or there an easy way defeat that? It would have to stay hidden after reboots and/or installing hardware/software etc. Not on a network but this computer is used often to VPN into a network.

Yep, bit of a noob here so don't nuke me on the dumb questions.


You can use the keylogger software.




BinRev is hosted by the great people at Lunarpages!