2

I want to know which files belong to keystrokes and mouse clicks, and what kind of data is sent to them.
My main purpose of asking this question is key logging. I want to write a key logger script that does some tasks like below:

  • Everywhere I type a special word, I can run a command in background. For example, when I type Firefox, everywhere in the OS, Firefox is opened, unless I hold down some special key like alt key.
  • I can have a comprehensive log file of the key strokes and mouse clicks.
  • When I have changed input language of keyboard and a special program, i.e. terminal, is open, it automatically changes the language to English.( I don't mean changing the input language, I mean a script that changes the other-language key strokes so that the program thinks it is in English language.)

I also want to detect key loggings in my system (if any) by knowing which files a key logger needs to track.

Notes:

  • I want to do key logging in the lowest run levels. The lower the run level is, the better my problem is solved.
  • I have also read some questions like "Unix User Level Keylogger", but these questions have some limitations, i.e. key logging only occurs in terminal. I don't want to use commands like script. I want to do key logging in the deep, comprehensive way and without limitations.
  • There may be other and better ways to do the things I have listed above. But as I have said, I my purpose is to learn key logging and know more about files which relate to keyboard and mouse input.)

I know that my question may have a long answer. If so, I want to know the following:

  • What files belong to key strokes?

  • What files belong to the mouse clicks?( This one is less important than previous.)

  • What kind of data is sent to these files?

  • What commands may help me so I can reach my purposes I had listed above?

Community
  • 1
Mohammad
  • 688

1 Answers1

1

On Linux, input devices show up as character devices in /dev/input. To do cool stuff with input events, look at the evdev kernel subsystem, and libevdev. Search that in the kernel docs if that wikipedia link ever breaks.

The question is too broad for this answer to be any more than pointers to get you started. (Also, I don't know the specifics myself anyway!)

As for your idea of a universal Firefox-starter, that seems like a strange idea. Better to have a special keystroke to activate the command input. KDE's Plasma desktop does that: alt+space (any time, regardless of what X11 window has the keyboard focus) brings up a textbox at the top of the screen. The text searches files in your homedirectory, and command names.

If you want to get your hands dirty with evdev, I'd highly recommend using keystroke-watching to detect a trigger key-sequence. As far as using the libraries, you'd still want to get all keystrokes, I'm just suggesting you do something more sane with them. :)

I'd go insane if I accidentally started programs I was talking about on stackoverflow all the time. Having to think before you typed anything to make sure it wasn't the trigger for starting a program you didn't want would be horrible.

Peter Cordes
  • 6,466
  • I need a lot more detail. What are the /dev/input/event* files? Can they be read? Why when I tailf them nothing happens? What kind of data is transmitted through them? – Mohammad Sep 19 '15 at 16:21
  • You probably have to use ioctls on them, not just read(2). Did you read https://en.wikipedia.org/wiki/Evdev and https://www.kernel.org/doc/Documentation/input/input.txt? I said right in the answer that this was just a pointer to a huge amount of stuff that would be too big to put into an answer. – Peter Cordes Sep 19 '15 at 16:24