Synopsis

of
Minor
Project
‘Keylogger’

Dr. Brahampal Singh Tarun Chauhan

00820602019
1st shift
Contents
1. Introduction_ 4

1.1. Software Keyloggers 6

2. Objective of the Project_7
2.1. Project Summary_7
2.2. Project Description_7
3. Methodology_8
3.1. Keylogger Construction _8
3.2. Implementing Diagram _9
4. Hardware and Software Requirements _10
4.1. Hardware Requirements_10
4.2.Software Requirements_10

2
1. Introduction

Keystroke logging, also known as keylogging, is simply tracking the keys that are struck on a
keyboard. This can be done in multiple ways using a wide variety of hardware devices or
software. The reason for its large threat to networks and their security is due to its covertness
nature. Most keyloggers show no signs of any intrusion within the system allowing for them to
gain typed information without anyone having knowledge of its actions except for the user
who installed it. With the proper keylogger installed on the correct machine a person could
easily gain access to a company’s entire network infrastructure. In terms of system critical data
or extremely privileged information this could cause problems for a vast amount of people
very quickly.
Types of keyloggers
1.1. Software Keyloggers

Software keyloggers fall into basically five main categories, hypervisor-based, API-based,
Form grabbing based, Memory injected based, and Kernel based. Hypervisor- based loggers
can be embedded in a malware hypervisor running behind the operating system. The
essentially become a virtual machine that is undetected by the computer user. A good example
of this is a program called Blue Pill. API-based loggers are simple programs that hook the
keyboard’s API allowing for windows to notify the program each time a key is pressed. Even
though these are the simplest to write they may be easily detected in the event there is a great
amount of keystrokes to pull. The increased amount of key pulling will also increase the CPU
usage which can be seen by the computer user via task manager or some other 3 rd party
software that displays CPU usage. A form grabbing based logger is confined only to web
based forms. These loggers record data that is input into forms and captured when the user
clicks the submit button. Because this is done on the host side of the machine it can bypass
any security set up by a HTTPS website such as Bank account web pages and those alike.
Memory injection based loggers do just as the name states; they inject directly into memory
and alter memory tables to capture keystrokes in web forms and other system functions. This
method is commonly used when the user wants to bypass Windows UAC (User Access
Control). Finally, Kernel based loggers are the most difficult to program and implement but
also allow for the greatest amount of discrepancy. These loggers can act as a keyboard driver
giving it the ability to capture any and all information typed on the keyboard. They are
typically implemented using rootkits that can bypass the operating system kernel and give the
user unauthorized access to the system hardware
3
2. Objective of the Project
2.1. Project Summary
There are a multitude of keyloggers from hardware based to software based. Each of them has
their advantages and disadvantages. Keyloggers prose one of the largest threats to computer
and network systems. Most everything that users protect on computers is protected by
usernames and passwords. Keyloggers basically bypass these setup safety protocols making
their data completely vulnerable. In order to prevent keyloggers from recording
sensitive data such as passwords, usernames, bank account number, and others alike it is
pertinent that administrators follow the steps of prevention.

2.2. Project Description

Keyloggers have a wide variety of uses and can be either hardware-based or software-based.
The main purpose is to log everything that is typed on a keyboard and store it in text files for
later assessment. Everything that is typed will be logged; this includes sensitive information
such as passwords, names, pin numbers, and even credit card numbers. While keyloggers have
many acceptable uses they also have many malicious uses.
Acceptable uses
> Parent monitoring child’s computer usage.
> Boss monitoring employee’s computer usage.
> Government retrieving information pertinent to a crime
Malicious uses

> Cracking passwords.

> Gaining unauthorized information.
> Stealing credit card numbers.
> Reading sent emails or messages not intended for public viewing.
> Retrieving secret names.
> Stealing account numbers

Most associations with keyloggers are much like those with hackers. Even though there are
many beneficial uses to keyloggers the only ones the public seems to associate with them are
the malicious ones.
3. Methodology
3.1. Keylogger Construction

The main idea behind keyloggers is to get in between any two links in the chain of events
between when a key is pressed and when information about that keystroke is displayed on the
monitor. This can be achieved using video surveillance, a bug in the keyboard, wiring or the
computer itself, intercepting input/output, substituting the keyboard driver, the filter driver in
the keyboard stack, intercepting kernel functions by any means possible (substituting
addresses in system tables, splicing function code, etc.), intercepting DLL functions in user
mode, and, finally, requesting information from the keyboard using standard documented
methods.
Experience shows that the more complex the approach, the less likely it is to be used in
common Trojan programs and the more likely it is to be used in specially designed Trojan
programs which are designed to steal financial data from a specific company.
Keyloggers can be divided into two categories keylogging devices and keylogging software.
Keyloggers which fall into the first category are usually small devices that can be fixed to the
keyboard, or placed within a cable or the computer itself. The keylogging software category is
made up of dedicated programs designed to track and log keystrokes.
The most common methods used to construct keylogging software are as follows:

• A system hook which intercepts notification that a key has been pressed (installed using
Windows API) for messages sent by the window procedure.
• A cyclical information keyboard request from the keyboard (using WinAPI
Get(Async)KeyState or GetKeyboardState).
• Using a filter driver (requires specialized knowledge of coding language).

5
3.2. Implementing Diagram

COMUTER KEYBOARD
INTERFACE

KEYLOGGER

KEYBAORD
OPERATING
CONTROLLER
SYSTEM

Keyboard buffer Translator

Keyboard matrix

KEYBOARD

Data Flow Diagram I

Operati
External ng User
keyboar System Applicatio
d ns

♦
Hardwa
♦
Softwar
e
re
Keylogg Keylogg
er er
4. Hardware and Software Requirements

This project is a software based project and all we need as computer resources are just PCs
with the tools (needed software) installed in. The number of computers will be as much as the
team member working in this project. Also python and C++ IDE for testing in the
implementation process. And a virtual box that help in testing and prevent our system from
any error or failures.
4.1. Hardware Requirements
We need computer resources with sufficient hardware and the tools installed in.
• Processor - Intel Core i3 @ 1.80 GHz
• RAM - 2 GB
• Hard Disk - 500 GB
• Monitor - 15” colour monitor
• Keyboard - 122 keys
• Mouse - Any two button optical mouse with standard 800 DPI
• Network card -10-100 MBPS of Network card
4.2. Software Requirements

This keylogger will be software based program where people can use this for their study
purpose or monitoring there system use. Since it is a software application an IDE will be used
in order to write code and to run them. Among these tools, we need to install latest version of
python in our computers. With the help of these tools, it is possible to implement a keylogger
to a system and maintain a log of pressed keys. In addition to these tools, the languages we
will use is Python and C++.
Some other required software are
• Operating System: Windows v10

• Virtual Box: Oracle VM Virtual Box

• Python Version: Python v3.8.5

• Python IDE: PyCharm
• C++ IDE: Code Blocks