How can i tell if a key is being held down as though it were part of a key combination like Ctrl-Alt-Del or Alt-Tab?
How does one go about accomplishing this?
Can you tell us more? What's the desired programming language and operating system?
In C#, VB or C++ on Windows you can use GetKeyState() and GetAsyncKeyState() to determine wether a key is (was) pressed and wether the key is up or down. (MSDN Library)
Related
Pure theoretical question here : how a custom mapping of the keyboard may impact the effectiveness of a keylogger on my machine? Will this have any impact?
Imagine me, when I should type a password, just change to my new custom mapping and then type it. Should that be a protection against a keylogger? I imagine that an attacker would just have to go look for the configuration file to understand.
I have know nothing about keyloggers so excuse me if the answer is obvious.
A custom mapping of the keyboard shouldn't be used as protection against a keylogger. Reason being, the usage of different mappings on your keyboard does not mean a different password; you still have to type in the same password (characters, numbers, etc.), even with custom mappings.
Recently I wanted to make a small utility that would allow me to arbitrarily remap the keys on my keyboard to correspond to different character inputs.
How is this normally accomplished from a system programming perspective and what should I reference in order to learn how to do this?
Thanks!
I may be mistaken, but I believe it depends entirely on what your running (what your window manager is). For example, if you were running something with openbox (e.g. lubuntu), then you could reference the following:
http://openbox.org/wiki/Help:Bindings
There are similar concepts for Gnome. If you are looking to change Gnome, you may want to go peak around how gnome-tweak-tool changes things (specifically look at the keybindings -- tweak does a lot more!).
In both instances, I suggest using Python (gnome-tweak-tool would be a great reference point for how to do this) because it is very convenient to write GUIs and will allow you to change the necessary files easily :)
If you are using Ubuntu, this post may be useful for you:
https://askubuntu.com/questions/115333/how-do-i-disable-the-sleep-button-on-my-keyboard
Their question was for one specific key, but the top two answers are relevant. The answer with dconf-tools may help you get a better understanding of where things are located.
So in the end, you will end up needing to configure some files differently, but where those files are and how you change them depends on your window manager.
The above is useful for say disabling CAPS_LOCK or swapping L_SHIFT and L_CTRL or something. If you are asking about generically changing any keyboard input, then there's a lot more going on behind the scenes. You may want to read this article for a good explanation of what is going on:
http://www.linuxjournal.com/article/1080
So if you want to remap things, say switching the 'a' and 'f' keys, you would need to capture the keyevent for 'a', and send the 'f' key event instead. There are many ways to see what keys are being pressed, this may be a good place to start:
https://superuser.com/questions/248517/show-keys-pressed-in-linux
Changing things at this level is much more difficult / dangerous, so make sure you are careful!
Hope that helps a little! If this isn't what you were trying to do, please include more information in your question about what the actual goals of your program are.
I have a X7 G800V keyboard with 15 custom keys. The problem is they are not detected in anything but the software that comes with the keyboard which is a real cave eat since I can't use them in photoshop, word or any other program. Is there any way to make them detectable? I am open for ideas even if they include writing my own driver, although I may need some tips on that but still I am open for learning. After all the guys from A4Tech do it with their software and I think they are not even installing any drivers.
PS: I am sorry for this not being an exactly programming question.
If the OS doesn't support these keys, I don't see a way to process them, unless you can configure your driver to communicate them to the OS as some other key. For instance if you press key Special1, the driver tells the operating system to process it as Play.
Or you might consider to write a driver yourself, if the driver is open-source, or an API is available.
I might write a program to detect malicious (or non-malicious) software that is key logging (logging key strokes to gain information).
What tactics would be used?
Is there certain code to look for?
Are there certain locations I should search?
I prefer Java or Perl as I am fluent in those languages
Would these languages work?
Is there a better language to use for this case?
What would be used?
Code?
Algorithms?
Function?
I think it depends on what you are attempting to do. If you are looking for known keylogging programs, you could use any software that can search the file system to view file signatures. However, it sounds like you want to detect unknown programs. I do not believe this is strictly possible. Keylogging applications can passively listen to the keystrokes so there is not an active signature you could look for. It would probably be easier to understand the software that is supposed to run on your computer and then detect any new software that starts to run. It wouldn't necessarily be keystroke logging software, but it would be unauthorized software (or at least yet to be authorized software).
Keystrokes are broadcast to the system as events that you can subscribe to in your application. This is how games and other programs use the keyboard input. The entire system knows when a key is hit and which key it was. You can't know who is listening.
To put it another way, if this were possible, it would kill software keystroke loggers since every anti-virus and anti-spyware application would have an option to detect and remove all of these types of software. They have an option similar to this, but it is based upon known signatures of known keystroke loggers.
As a program trying just to figure if it's input is being key-logged, for badly written key-loggers, you can look for some time-patterns, like periodic delays when the logger recycle buffers, but normally key-loggers are very well-written and will inject themselves in the driver chain and so will be indiscernible from the normal chain.
In that case the only hope to detect key-loggers is to inspect the driver chain looking for non-standard drivers (but some key-loggers can infect standard drivers) which isn't particularly easy in Windows-land (such low level inspection).
One would need to plug into the anti-virus/anti-malware hooks to be able to really access not only the driver chain definitions, but the real code being executed, to detect if some key-logging is takeing place, and that is hard, full of bureaucracy, and almost undoable in anything but C/C++
I need to write a small program that can detect that it has been changed. Please give me a suggestion!
Thank you.
The short answer is to create a hash or key of the program and have the program encrypt and store that key within itself. From time to time the program would make a checksum of itself and compare it against that hash/key. If there is a difference then handle it accordingly.
There are lots and lots of ways to go about this. There are lots of very smart engineers out there that know how to work around it if that is what you are trying to avoid.
The simplest way would be to use a hash function to generate a short code which is a digest of the whole program and then check this.
It would be fairly easy to debug the code and replace the hash value to subvert this.
A better way would be to generate a digital signature using your private key and with the public key in the program to check it.
This would then require changing the public key and the hash as well as understanding the program, or changing the program code itself to subvert the check.
All you can do in the case described so far is make it more difficult to subvert but it will be possible with a certain amount of effort. I'd suggest looking into cryptographic techniques and copy protection for more information to suit your specific case.
Do you mean that program 'foo' should be able to tell if some part of it was modified prior to / during run time? That's not the responsibility of the program, its the responsibility of the security hooks in the target OS.
For instance, if the installed and trusted 'foo' has signature "xyz1234" , the kernel should refuse to run a modified (or completely new) 'foo'. The same goes for 'foo' while its currently running in memory. Look up 'Trusted Path Of Execution', aka TPE to start.
A better question to ask would be how to sign your released version of 'foo', which depends upon your target platform.
try searching for "code signing"
The easiest way would be for the program to detect its own md5 and store that in a separate file, but this isn't totally secure. An MD5 + CRC might work slightly better.
Or as others here have suggested, a sha1, sha2 or sha3 which are much more secure than md5 currently.
I'd ask an external tool to do the check. This problem reminds me of the challenge to write a program that prints itself. In Bash you could do something like this:
#!/bin/bash
cat $0
which really asks for an external tool to do the job. It's kind of solving the problem by getting away from solving the problem...
The best option is going to be code signing -- either using a tool supplied by your local friendly OS (For example, If you're targeting Windows, you probably want to take a look at Authenticode where the Operating System handles the tampering), or by rolling your own option storing MD5 hashes and comparing
It is important to remember that bets are off if someone injects a thread into your process (to potentially kill your ongoing checks, etc.), or if they tamper with your compiled application to bypass said checks.
An alternative way which wasn't mentioned is to use a binary packer such as UPX.
If the binary gets changed on the disk then the unpacking code is likely to fail.
This however doesn't protect you if someone changes the binary while it is in memory.