Writing a keylogger in Linux is very easy!

Mon 21 September 2009 by Thejaswi Puthraya

I strongly believe that an employer shouldn't monitor an employee's usage of internet and computing resources at work. But when the employer has circumstantial evidence to prove that an employee is using computing resources to benefit a competitor, then it is a different matter altogether.

Recently, my cousin requested me to write a keylogger after he got a call from a regular customer who had received a bid from a competitor for a project whose quotes were only emailed to his company. After a little investigation, he learnt that some employees created a similar looking email address (just missing a period (.)) and were diverting order enquiries. My cousin wanted to get the password of this new email address and the names of all employees who were defrauding the company. His decision to migrate all the company machines to Linux nearly 6 months back played to my advantage!

I wrote a simple keylogger in C++ mainly because I wanted to learn C++ and it would perform better without loading the CPUs. Let me make it very clear, that I am comparing python against C++. I still love python!

In Linux, every device is a file. So even the keyboard can be accessed just like any ordinary file. I made use of the generic input drivers for X.org (evdev) to log the keystrokes into a file and another small utility to decode these keystrokes.

These utilities were cronned and sent the output by email.

No prizes to guess what happened to the employees and that email address!

The code is fairly simple and rudimentary. It is available at github. I plan to refine the code further based on requests. So if you require some help, please contact me.

PS: I would like to dedicate this code to my colleague at Citi and friend, Sunwoo Park. He taught and cleared doubts I had about C++ over IM!