Author Topic: A couple of questions about key logging  (Read 776 times)

0 Members and 2 Guests are viewing this topic.

Offline r4kk00n

  • Serf
  • *
  • Posts: 22
  • Cookies: -1
    • View Profile
A couple of questions about key logging
« on: February 12, 2016, 08:12:30 pm »
I have been doing research on key loggers, and am confused/curious about some things:

Most of the sites I have been reading say that the best way to have a FUD keylogger is to code your own and encrypt it using a crypter you code yourself as well.  They say that it is best to code the logger and the crypter in c and/or assembly .

A couple of sites said that coding the keylogger in python then compiling into an exe will throw off a lot of AVs....

I don't have much background in this kind of stuff, so I am confused about the seeming contradiction in information.
Is python a viable choice for key loggers and/or crypters?

Offline gh05t3d

  • /dev/null
  • *
  • Posts: 11
  • Cookies: -2
  • jabber: gh05t3d@jabb3r.org
    • View Profile
    • My website?
Re: A couple of questions about key logging
« Reply #1 on: February 17, 2016, 03:07:52 am »
In my opinion what matters the most is a good crypter. If the keylogger has the "melt" option it will install and won't be detected that easy. But you need a good crypter for it,and be careful. Almost all crypters posted for free in forums are backdoored (infected).
Jabber: gh05t3d@jabb3r.org

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: A couple of questions about key logging
« Reply #2 on: February 17, 2016, 07:36:29 am »
In my opinion what matters the most is a good crypter. If the keylogger has the "melt" option it will install and won't be detected that easy. But you need a good crypter for it,and be careful. Almost all crypters posted for free in forums are backdoored (infected).
Read again , OP talks about doing it himself, not using some green glowing skidthingy.


@OP

Python would work just like any other language , the downside to it is that it would be easy to peel down  or hard to hide, windows doesnt ship with an interpreter so you would need something like py2exe to make it portable, this is not as pretty as it sounds.

Also a C or assembly program would be much smaller , if you only expose the binary it will be harder to reverse engineer.
Problem is not so much in the logging part its about moving the data in a way that can go undetected, the traditional FTP methods are likely to set off all sorta windows toys.

Anyway there should be plenty of examples , looking at your post it is pretty clear you will have to learn how to code.
Start with something easier and think of the problem in the meanwhile.

You could template it in python , make sure you understand the networking and the OS part of the story, then move up to another language, there are plenty choices.
« Last Edit: February 17, 2016, 07:43:09 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: A couple of questions about key logging
« Reply #3 on: February 17, 2016, 08:49:40 am »
I have been doing research on key loggers, and am confused/curious about some things:

Most of the sites I have been reading say that the best way to have a FUD keylogger is to code your own and encrypt it using a crypter you code yourself as well.  They say that it is best to code the logger and the crypter in c and/or assembly .

A couple of sites said that coding the keylogger in python then compiling into an exe will throw off a lot of AVs....

I don't have much background in this kind of stuff, so I am confused about the seeming contradiction in information.
Is python a viable choice for key loggers and/or crypters?

There is the common misconception that programming the harder way (more low-level) is always better. Although it will serve to impress more people if you program everything in assembly, it is not necessarily the best option.

Especially if you are just starting out, you might just try what you can do with "easy" languages like Python and where the boundaries are. Learn it by doing it. You will discover it yourself. Assembly or C give you more control, but need more time and you will likely produce more bugs with them.

If you are not experienced, don't overthink the language for your project. Just do it. You need to learn, the project may likely fail, but that is normal. The learning should be your goal.

Quote
coding the keylogger in python then compiling into an exe will throw off a lot of AVs....

It will indeed, because not every AV is able to unpack the wrapped file. It is not always a matter of how hard it is to reverse engineer. These files are very easy to analyse, but if the technology for unpacking a particular wrapper is not there, the file cannot get a proper detection and might just be blacklisted.