logkeys
logkeys copied to clipboard
kernc
Empty log with Ubuntu 13.04
What steps will reproduce the problem?
1. Start logkeys (sudo logkeys -su)
The file /var/log/logkeys.log should have the log data, but it is empty
I have version 0.1.1a and I'm using Ubuntu 13.04. This issue was not present in
Ubuntu 12.04.
Original issue reported on code.google.com by [email protected] on 14 Mar 2013 at 2:28
Same issue here.
After upgrade to 12.10. Logkeys stopped working.
Even selecting the correct "/dev/input/event" I've got an empty log file
Original comment by [email protected] on 28 Mar 2013 at 7:38
Same problem on Kubuntu 13.04. Empty log file. Worked fine in 12.04.
Original comment by [email protected] on 8 Jun 2013 at 3:08
Any news for this issue? since April looking for a solution for this issue, but
impossible to work ! even using the correct /dev/input/event logkeys generates
empty log file ! why we don't have answers from the project?
Original comment by [email protected] on 13 Jun 2013 at 7:24
get the new source:
git clone https://code.google.com/p/logkeys/
Original comment by [email protected] on 16 Jun 2013 at 9:07
I can confirm that building the latest source fixes the empty log issue.
However, the logged keys are not correct. For example, if I type "cat
logkeys.log", then I get "z܂t kofjeyamkof". You can see that some keys work
and some are shifted one to the left.
Original comment by [email protected] on 9 Jul 2013 at 4:26
13.04
0.1.1a ("Reading state information... Done
logkeys is already the newest version.")
output file empty. have confirmed keyboard is /dev/input/event0.
manually setting -d (as the program throws an error with just -s on my usb),
the file is still empty.
followed steps in read me, follow test.log traces keys just fine.
cat /dev/input/device0 also confirms correct device entered.
I tried changing the output file, still returns an empty log, no matter where
it is placed.
If I can provide any additional needed detail, please advise, thank you.
:~$ sudo strace logkeys -s -d /dev/input/event0
execve("/usr/bin/logkeys", ["logkeys", "-s", "-d", "/dev/input/event0"], [/* 17
vars */]) = 0
brk(0) = 0x2667000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563e4000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=86515, ...}) = 0
mmap(NULL, 86515, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc5563ce000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\274\5\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=975216, ...}) = 0
mmap(NULL, 3155200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fc555ec1000
mprotect(0x7fc555fa6000, 2093056, PROT_NONE) = 0
mmap(0x7fc5561a5000, 40960, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe4000) = 0x7fc5561a5000
mmap(0x7fc5561af000, 83200, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc5561af000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@*\0\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0644, st_size=88408, ...}) = 0
mmap(NULL, 2184248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fc555cab000
mprotect(0x7fc555cbf000, 2097152, PROT_NONE) = 0
mmap(0x7fc555ebf000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14000) = 0x7fc555ebf000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\37\2\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1848024, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563cd000
mmap(NULL, 3961912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fc5558e3000
mprotect(0x7fc555aa1000, 2093056, PROT_NONE) = 0
mmap(0x7fc555ca0000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1bd000) = 0x7fc555ca0000
mmap(0x7fc555ca6000, 17464, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc555ca6000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240V\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=1067424, ...}) = 0
mmap(NULL, 3162440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7fc5555de000
mprotect(0x7fc5556e1000, 2097152, PROT_NONE) = 0
mmap(0x7fc5558e1000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x103000) = 0x7fc5558e1000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563cc000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563ca000
arch_prctl(ARCH_SET_FS, 0x7fc5563ca740) = 0
mprotect(0x7fc555ca0000, 16384, PROT_READ) = 0
mprotect(0x7fc5558e1000, 4096, PROT_READ) = 0
mprotect(0x7fc555ebf000, 4096, PROT_READ) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563c9000
mprotect(0x7fc5561a5000, 32768, PROT_READ) = 0
mprotect(0x60c000, 4096, PROT_READ) = 0
mprotect(0x7fc5563e6000, 4096, PROT_READ) = 0
munmap(0x7fc5563ce000, 86515) = 0
geteuid() = 0
brk(0) = 0x2667000
brk(0x2688000) = 0x2688000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=7212544, ...}) = 0
mmap(NULL, 7212544, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc554efd000
close(3) = 0
pipe2([3, 4], O_CLOEXEC) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7fc5563caa10) = 3700
close(4) = 0
fcntl(3, F_SETFD, 0) = 0
fstat(3, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fc5563e3000
read(3, "keycode 1 = 0x001b \nk"..., 4096) = 4096
read(3, "\tkeycode 62 = 0x050f \n"..., 4096) = 4096
read(3, "de 169 =\nkeycode 170 =\nkeycode 1"..., 4096) = 1213
read(3, "", 4096) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
close(3) = 0
wait4(3700, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 3700
munmap(0x7fc5563e3000, 4096) = 0
rt_sigaction(SIGHUP, {0x4045d0, [], SA_RESTORER, 0x7fc55591a0b0}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x4045d0, [], SA_RESTORER, 0x7fc55591a0b0}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x4045d0, [], SA_RESTORER, 0x7fc55591a0b0}, NULL, 8) = 0
rt_sigaction(SIGCHLD, {SIG_IGN, [], SA_RESTORER, 0x7fc55591a0b0}, NULL, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7fc5563caa10) = 3703
exit_group(0) = ?
Original comment by [email protected] on 16 Aug 2013 at 3:40
Build it from source, that should solve the empty files issue but it will might
cause other problems.
Original comment by [email protected] on 16 Aug 2013 at 4:21
Ok, I believe I found a good tut to perform this but I can't seem to unzip the
tar. What problems? And should I uninstall the current first? How?
Original comment by [email protected] on 16 Aug 2013 at 1:23
Any update to this issue? i.e. how to get the correct value of captured keys.
Logkeys was working fine in 12.04 but after upgrade to 13.04, the captured keys
are all shifted randomly. The logfile text does not make any sense.
Original comment by [email protected] on 30 Aug 2013 at 11:37
I'm pretty sure this project was abandoned.
I've been working on my own version of this here:
https://github.com/gsingh93/simple-key-logger
Just run 'make' to build it and then `./skeylogger -l logfilepath` to start the
keylogger. It's definitely not complete yet, but it works.
Original comment by [email protected] on 4 Sep 2013 at 5:34
if you run the latest git version with -u switch, are the keys still wrong?
Original comment by [email protected] on 5 Sep 2013 at 12:24
- Changed state: NeedMoreInfo
I just installed logkeys from the latest git source. No problems with install,
when I selected the right device and used the full variable addresses the
problem was fixed.
sudo logkeys --start --keymap=/home/geo/en_GB.map --output=/home/geo/test.log
--device=/dev/input/event4
Ubuntu Version 13.04
Hopefully this has helped someone.
Original comment by [email protected] on 8 Sep 2013 at 1:32
Just have the same problem.
The log file is completely empty, not even logging start or stop.
I'm running ubuntu 13.04
sudo logkeys -s -u -o /home/test.log
any news ?
Original comment by [email protected] on 13 Sep 2013 at 10:15
I found great issue with trying to obtain results using the default log
location. I believe the issue is related to permissions of the user, which
logkeys runs, which is "nobody,"but the log has root user.
However, I found if you are an administrator with rights to other users you can
redirect to a file on your home directory and everybody's login will be
recorded there. Tim was correct above! Don't use shortcuts or skip the equal
sign! Here are the contents of my executable logkeys-start file saving to a
text file titled "logkeys.log":
#! /bin/bash -e
sudo logkeys --start --us-keymap --output=/home/david/other/logkeys.log
Kubuntu 12.04
I hope this helps! -- cool back ground program
Original comment by [email protected] on 4 Jan 2014 at 1:24
Thanks to this post :
#11 [email protected]
his keylogger works like a charm ! Thank you !
I just compile it and it is working out of the box !
Original comment by [email protected] on 23 Feb 2014 at 10:03
May be irrelevant, tried using logkeys and skeylogger, yet outputting file to
Desktop which is crypted works with neither, no output showing up with
[permission denied].. set skeylogger output to /var/log/logfile.txt, works
fine, yet default keymap to us.. logkeys default /var/log/logkeys stays empty,
so may be very irrelevant..
Original comment by [email protected] on 30 May 2014 at 10:58
I don't know. Might have been or might still be a problem on Arch. They had this patch applied that replaced freopen call on stdout with normal fopen and that's supposed to work:
cd /tmp
git clone https://aur.archlinux.org/logkeys.git logkeys-arch
cd logkeys-arch
less logkeys-stdout.patch
Might have something to do with forking and fd inheritance on more hardened systems. It's been a while since my Operating Systems course. :eyes:
See also https://github.com/kernc/logkeys/issues/60, particularly from https://github.com/kernc/logkeys/issues/60#issuecomment-124846089 on.