easteregg Leprechaun
  • Patrick Collins
    • Home
    • Blog
      • eJPTv1 Certification
      • Conferences
      • Blog Home
    • Travel Photos
    • Notes
    • Graduation!
    • Projects and University Work
      • Honours Project
      • Web App Pen Test
      • All projects
    • Socials
    • About Me

    LKM Keylogger for U.K USB Keyboards

    Keyboard keys

    About

    • Module: CMP408
    • Title: IoT & Cloud Secure Development
    • Module Grade: B+

    A mini project had to be chosen by myself relating to what I had learned during the module. This included systems internals, kernel programming/LKMs, IoT and the cloud. The mini project had to combine three elements: IOT, software and cloud.

    My idea was to create a keylogger for the Raspberry Pi and its Operating System as a Linux Kernel Module (LKM) which then sent keystrokes to a remote webserver hosted on Amazon Web Services. After doing so, LKM rootkit scanning tools would be run on the Raspberry Pi to test if the suspicious activities would be discovered demonstrating how LKM's can be created maliciously.

    Little did I know how difficult mapping U.K USB Keyboard scancodes would be...all I kept seeing were U.S scancodes mapped for laptop keyboards. I actually had a lot of difficulty because to my surprise I could not find any help on mapping scancodes for specifically USB keyboards which devices like the Raspberry Pi exclusively use. There was a lot of support and help from previous attempts on mapping scancodes for laptop keys for example.

    Another difficulty I had was how to make a keylogger for an LKM in the C programming language. There was already some attempts out there but none I found were made to compile on a Raspberry Pi. To be honest they were very confusing to me as well and I couldn't wrap my head around how they were getting the keys on key press and then converting the key press to corresponding character. I just started from scratch, researching the Linux libraries and equivalent functions for getting keystrokes (Looking at you Windows OS). Also, learning how to get the scancodes for each key on the Raspberry Pi which I mention in my report on how I achieved this. I got there in the end and it's fully working :).

    I wasn't able to send the keystrokes to AWS because of issues including libraries needed to craft a POST request. I'm still not sure why I was getting errors. Either it was issues with my lab environment or the libraries were not intended to compile into an LKM. I tried everything I could think of until I had to stop and write my report before the module deadline. Very disappointing as I know the keystrokes would have sent over. I got the hard part done, the LKM keylogger was made with a string ready to send over to AWS. I think I'll keep trying on my own free time to include this functionality as I was so close.

    I hope as this turned out to be a niche area that my code will help others in the future too (which can be found here).

    Report

    Please DO NOT plagiarise my work. You will be caught, it's not worth it.



    Poster

    Please DO NOT plagiarise my work. You will be caught, it's not worth it.



    Demonstration

    Your browser does not support the video tag.

    <> Code

    If you would like to check out the code, and maybe insert the LKM yourself to try, have a look at the Github repository below.

    CMP408-LKM-Keylogger

    A Linux Kernel Module (LKM) Keylogger for U.K USB Keyboards on a Raspberry Pi Zero W

    Copyright © 2022-2025 Patrick Collins
    Contact Me: Contact@paddylonglegs.site
    Background created by freepik