X Neural Switcher - Cookbook (Part 3). Keylogger

Greetings.

Today, continuing the series of articles about setting up and using X Neural Switcher (programs for automatic switching layouts), I will tell you about one important and even controversial possibility of the program.

This feature is the ability to write typed text to a log file .
')
I gave a brief analysis of linux keyloggers in the previous article in the X Neural Switcher series - Cookbook (Part 1). Forerunners and analogues

In general, I’m lying in my heart if I say that I didn’t think of introducing such functionality into the program from the very beginning. Punto Switcher already had the functionality of a keylogger called "Diary", so why should xneur be deprived of such a function? And it's silly not to do such a simple thing in a program that is designed to intercept the keyboard, after all!

From personal experience I’ll say that I never thought that the keylogger functionality could be useful to me personally. And this option was turned on in my config by forgetfulness - it remained after testing the program. However, in one far from wonderful moment, this function allowed to expose one bad person who used my computer for purposes discrediting me. So it happened that you never know where to lay straws.

Attention! X Neural Switcher is not a spyware program, and is not intended for unauthorized use (information theft, access to someone else's correspondence, password theft and other things)!

Purpose of using as a keyloger

In general, the purpose of the application does not shine with originality, and it is quite standard for keylogger class programs.

• track the typing on the keyboard phrases or words, the transfer of which to third parties will lead to material or moral damage
• recover information after a computer crash
• have a journal of typed text for all programs, not just those that support the history of typing
• control the use of your personal computer by unauthorized persons

Of course, this list is not complete, and you yourself can come up with a dozen more options for what to use the keylogger.

General description of logging features

At the moment, the program has the following features:

• save the typed text in the html-file indicating the program in which it was typed, and the date and time of recording in the journal
• determine the size of an uncompressed log file, above which the log will be archived
• send the log archive to the specified email via SMTP server (the server must be without authorization)

Yes, xneur does not know how to take screenshots, intercept mail, record video from a camera and sound from a microphone, rob a cow and call a genie. Well, what to do, xneur is not intended for that!

Logging program setup options

Below I will give the options of the configuration file that are directly responsible for the keylogger function.

• LogSave - can be Yes or No. If No, the other options do not matter.
• LogSize - takes the size of the log file in bytes. After reaching this size, the program will archive the log and try to send it to the email.
• LogMail - here you specify the address of the mail to which the archive of the journal will be sent. If the address is not specified, the sending attempt will not occur.
• LogHostIP - you specify an outgoing smtp server. Through this server will be sent. The argument can be either the IP or the domain name of the server.
• LogPort is a port on the smtp server.

In general, the list of options is short and should not cause confusion.

Sample configuration file

Next, I will provide a specific configuration file in which all options not related to the keylogger are disabled.

Automatic switching mode is disabled, all hot keys are disabled, all notifications about the program's operation are disabled, problem applications are listed in the exceptions list - in general, everything that is not related to the keylogger is disabled.

In the ideal case, the program will not show its presence in any way, and will only write a journal and send it to the post office. Significant options are highlighted in bold.

# It's a X Neural Switcher configuration file by XNeur # All values writted XNeur # Config version Version 0.15.0 # Work in manual mode ManualMode Yes # Level of messages program will write to output #LogLevel Error #LogLevel Warning #LogLevel Log #LogLevel Debug #LogLevel Trace LogLevel Error # Define unused languages # Example: #ExcludeLanguage de # Define initial keyboard layout for all new applications DefaultXkbGroup 0 # Add Applications names to exclude it from procces with xneur # Xneur will not process the input for this applications # Example: #ExcludeApp Gaim ExcludeApp Krdc ExcludeApp Remmina ExcludeApp Unity-2d-launcher ExcludeApp Unity-2d-places ExcludeApp VirtualBox ExcludeApp Wine ExcludeApp rdesktop # Use this parameter to force set work mode in current application to Auto. # Example: #SetAutoApp Gedit # Use this parameter to force set work mode in current application to Manual. # Example: #SetManualApp Anjuta # Binds hotkeys for some actions AddBind ChangeWord AddBind TranslitWord AddBind ChangecaseWord AddBind PreviewChangeWord AddBind ChangeString AddBind ChangeMode AddBind ChangeSelected AddBind TranslitSelected AddBind ChangecaseSelected AddBind PreviewChangeSelected AddBind ChangeClipboard AddBind TranslitClipboard AddBind ChangecaseClipboard AddBind PreviewChangeClipboard AddBind EnableLayout1 AddBind EnableLayout2 AddBind EnableLayout3 AddBind EnableLayout4 AddBind RotateLayout AddBind RotateLayoutBack AddBind ReplaceAbbreviation AddBind AutocompletionConfirmation AddBind BlockKeyboardAndMouseEvents AddBind InsertDate # This option add user action when pressed key bind # Example: #AddAction Control Alt f Firefox Browser <cmd>firefox</cmd> # Word Replacing # Ignore keyboard layout for abbreviations list # Example: #ReplaceAbbreviationIgnoreLayout No ReplaceAbbreviationIgnoreLayout No # Abbreviations list # Example: #ReplaceAbbreviation xneur X Neural Switcher # This option enable or disable sound playing # Example: #PlaySounds No PlaySounds No # This option defined sound playing volume percent # Example: #SoundVolumePercent 10 SoundVolumePercent 15 # Binds sounds for some actions AddSound XneurStart AddSound XneurReload AddSound XneurStop AddSound PressKeyLayout1 AddSound PressKeyLayout2 AddSound PressKeyLayout3 AddSound PressKeyLayout4 AddSound EnableLayout1 AddSound EnableLayout2 AddSound EnableLayout3 AddSound EnableLayout4 AddSound AutomaticChangeWord AddSound ManualChangeWord AddSound ManualTranslitWord AddSound ManualChangecaseWord AddSound ManualPreviewChangeWord AddSound ChangeString AddSound ChangeSelected AddSound TranslitSelected AddSound ChangecaseSelected AddSound PreviewChangeSelected AddSound ChangeClipboard AddSound TranslitClipboard AddSound ChangecaseClipboard AddSound PreviewChangeClipboard AddSound ReplaceAbbreviation AddSound CorrectIncidentalCaps AddSound CorrectTwoCapitalLetter AddSound CorrectTwoSpaceWithCommaAndSpace AddSound CorrectTwoMinusWithDash AddSound CorrectCWithCopyright AddSound CorrectTMWithTrademark AddSound CorrectRWithRegistered AddSound ExecuteUserAction AddSound BlockKeyboardAndMouseEvents AddSound UnblockKeyboardAndMouseEvents # This option enable or disable self education of xneur # Example: #EducationMode No EducationMode No # This option enable or disable layout remember for each window # Example: #LayoutRememberMode No LayoutRememberMode No # Use this parameter to force enable layout remember for each application, not window. # Option "LayoutRememberMode" must be enabled. # Example: #LayoutRememberModeForApp Gaim # This option enable or disable saving selection text # Example: #SaveSelectionMode No SaveSelectionMode No # This option enable or disable rotating layout after convert selected text # Example: #RotateLayoutAfterChangeSelectedMode No RotateLayoutAfterChangeSelectedMode No # This option define delay before sendind events to application (in milliseconds between 0 to 50). SendDelay 0 

 # This option enable or disable logging keyboard # Example: #LogSave No LogSave Yes # This option set max size of log file (bytes). # Example: #LogSize 1048576 LogSize 1048576 # This option define e-mail for send log file, if it's size greater then max size. # Example: #LogMail your.mail@your.server.com LogMail example@xneur.ru # This option define host to send e-mail without login and password. # Example: #LogHostIP 127.0.0.1 #LogHostIP mail.example.com LogHostIP mail.example.com # This option define port to send e-mail without login and password. # Example: #LogPort 25 LogPort 25 

 # This option enable or disable correction of iNCIDENTAL CapsLock # Example: #CorrectIncidentalCaps Yes CorrectIncidentalCaps No # This option enable or disable correction of two CApital letter # Example: #CorrectTwoCapitalLetter Yes CorrectTwoCapitalLetter No # This option enable or disable correction of small letter to capital letter after dot # Example: #CorrectCapitalLetterAfterDot Yes CorrectCapitalLetterAfterDot No # This option enable or disable correction of two space with a comma and a space # Example: #CorrectTwoSpaceWithCommaAndSpace Yes CorrectTwoSpaceWithCommaAndSpace No # This option enable or disable correction of two minus with a dash # Example: #CorrectTwoMinusWithDash Yes CorrectTwoMinusWithDash No # This option enable or disable correction of (c) with a copyright sign # Example: #CorrectCWithCopyright Yes CorrectCWithCopyright No # This option enable or disable correction of (tm) with a trademark sign # Example: #CorrectTMWithTrademark Yes CorrectTMWithTrademark No # This option enable or disable correction of (r) with a registered sign # Example: #CorrectRWithRegistered Yes CorrectRWithRegistered No # This option enable or disable flushing internal buffer when pressed Escape # Example: #FlushBufferWhenPressEscape Yes FlushBufferWhenPressEscape No # This option enable or disable flushing internal buffer when pressed Enter or Tab # Example: #FlushBufferWhenPressEnter Yes FlushBufferWhenPressEnter No # This option disable or enable processing word when pressed Enter or Tab # Example: #DontProcessWhenPressEnter Yes DontProcessWhenPressEnter No # This option disable or enable show OSD # Example: #ShowOSD Yes ShowOSD No # This option set font for OSD # Example: #FontOSD -*-*-*-*-*-*-32-*-*-*-*-*-*-u FontOSD -*-*-*-*-*-*-32-*-*-*-*-*-*-u # Binds OSDs for some actions AddOSD XneurStart AddOSD XneurReload AddOSD XneurStop AddOSD PressKeyLayout1 AddOSD PressKeyLayout2 AddOSD PressKeyLayout3 AddOSD PressKeyLayout4 AddOSD EnableLayout1 AddOSD EnableLayout2 AddOSD EnableLayout3 AddOSD EnableLayout4 AddOSD AutomaticChangeWord AddOSD ManualChangeWord AddOSD ManualTranslitWord AddOSD ManualChangecaseWord AddOSD ManualPreviewChangeWord AddOSD ChangeString AddOSD ChangeSelected AddOSD TranslitSelected AddOSD ChangecaseSelected AddOSD PreviewChangeSelected AddOSD ChangeClipboard AddOSD TranslitClipboard AddOSD ChangecaseClipboard AddOSD PreviewChangeClipboard AddOSD ReplaceAbbreviation AddOSD CorrectIncidentalCaps AddOSD CorrectTwoCapitalLetter AddOSD CorrectTwoSpaceWithCommaAndSpace AddOSD CorrectTwoMinusWithDash AddOSD CorrectCWithCopyright AddOSD CorrectTMWithTrademark AddOSD CorrectRWithRegistered AddOSD ExecuteUserAction AddOSD BlockKeyboardAndMouseEvents AddOSD UnblockKeyboardAndMouseEvents # This option disable or enable show popup messages # Example: #ShowPopup Yes ShowPopup No # This option defines popup expiration interval in milliseconds # Example: #PopupExpireTimeout 1000 PopupExpireTimeout 1000 # Binds popup messages for some actions AddPopup XneurStart AddPopup XneurReload AddPopup XneurStop AddPopup PressKeyLayout1 AddPopup PressKeyLayout2 AddPopup PressKeyLayout3 AddPopup PressKeyLayout4 AddPopup EnableLayout1 AddPopup EnableLayout2 AddPopup EnableLayout3 AddPopup EnableLayout4 AddPopup AutomaticChangeWord AddPopup ManualChangeWord AddPopup ManualTranslitWord AddPopup ManualChangecaseWord AddPopup ManualPreviewChangeWord AddPopup ChangeString AddPopup ChangeSelected AddPopup TranslitSelected AddPopup ChangecaseSelected AddPopup PreviewChangeSelected AddPopup ChangeClipboard AddPopup TranslitClipboard AddPopup ChangecaseClipboard AddPopup PreviewChangeClipboard AddPopup ReplaceAbbreviation AddPopup CorrectIncidentalCaps AddPopup CorrectTwoCapitalLetter AddPopup CorrectTwoSpaceWithCommaAndSpace AddPopup CorrectTwoMinusWithDash AddPopup CorrectCWithCopyright AddPopup CorrectTMWithTrademark AddPopup CorrectRWithRegistered AddPopup ExecuteUserAction AddPopup BlockKeyboardAndMouseEvents AddPopup UnblockKeyboardAndMouseEvents # This option disable or enable checking language on input process # Example: #CheckOnProcess Yes CheckOnProcess No # This option disable or enable CapsLock use # Example: #DisableCapsLock Yes DisableCapsLock No # This option disable or enable correction spaces befor punctuation # Example: #CorrectSpaceWithPunctuation No CorrectSpaceWithPunctuation No # This option disable or enable pattern mining and recognition (autocompletion) # Example: #Autocompletion No Autocompletion No # This option disable or enable adding space after autocompletion # Example: #AddSpaceAfterAutocompletion No AddSpaceAfterAutocompletion No # Add Applications names to exclude it from autocompletion process # Xneur will not process the autocompletion for this applications # Example: #AutocompletionExcludeApp Gnome-terminal # Use next options for troubleshoot on autoswitching # Disable autoswitching if pressed backspace TroubleshootBackspace No # Disable autoswitching if pressed left arrow TroubleshootLeftArrow No # Disable autoswitching if pressed right arrow TroubleshootRightArrow No # Disable autoswitching if pressed up arrow TroubleshootUpArrow No # Disable autoswitching if pressed down arrow TroubleshootDownArrow No # Disable autoswitching if pressed delete TroubleshootDelete No # Disable autoswitching if layout switched TroubleshootSwitch No # Disable autoswitching for full screen apps TroubleshootFullScreen No # Work-arround for compatibility with the completion CompatibilityWithCompletion No # Disabling this option will add any application to the list of excluded applications. TrackingInput Yes # Disabling this option will disable mouse tracking. TrackingMouse No # Disable send KeyRelease event DontSendKeyRelease No # Modules list # Example: #LoadModule libxntest.so # That's all 

Thus, you only need to register your email, outgoing mail server and its port instead of fake ones, and go ahead - the keylogger is ready!

What where When

The user’s configuration file is located here - ~ / .xneur / xneurrc.
The log file is here - ~ / .xneur / xneurlog.html
Archives of the journal are here - ~ / .xneur /, and look like "xneurlog.html 06/23/2010 09: 08: 36.gz"

Logging occurs at the time of resetting the internal program buffer, usually when the active window is changed.

If you build the program from source yourself, you can completely disable the keylogger functionality using the build configuration option - without-keylogger.

Previous parts

X Neural Switcher - Cookbook (Part 0). Introduction Build and configure
X Neural Switcher - Cookbook (Part 1). Forerunners and analogues
X Neural Switcher - Cookbook (Part 2). Algorithms

In preparing the article used icons from the set of free icons «Aroma» .