linux keylogger

this is a simple linux keylogger that is part of my rootkit project

what is it doing?

save keystrokes in spesific file

hide from lsmod

unhide from lsmod

cover the tracks by cleaning kernel segments

remove the module from /sys/modules directory

how to use

for using the module u need to be super user

1. clone the repo, using git clone comannd
2. cd keylogger
3. make
4. sudo insmod kelogger.ko

how to see the keyloging

1. cd /sys/kernel/debug/keylogger
2. cat ./keyloging

how to hide and unhide the module

remember that after hiding the module will remove form /proc/modules and will not be recover, im working on fix it

1. cd /sys/kernel/debug/keylogger
2. ./hide

Tested on Linux ubuntu 5.4.0-52-generic

Digital Wishper article about the project

during the project i created a little article that discribe my R&D journey

inside my article im explaining the main idea of the project and how i achieve it.

this is the link for the article in the digital wishper magazin (israeli cyber security magazine): https://www.digitalwhisper.co.il/files/Zines/0x7C/DW124-5-LinuxKernelKeyLogger.pdf

Note: Don't use this code for illegal activities, it is only meant to teach about rootkits in cyber security education point of view. I am not responsible for any harm to unauthorised system.