CS430 Project 3: Kernel Module Keylogger

Due Tuesday, November 3

Project Description

Create a keylogger that will function as a loadable kernel module. It should track the last 15 characters, and analyze to see if they meet common password rules (includes 3 of the 4: lowercase letters, uppercase letters, symbols, numbers). Additionally, you may incorporate time into determining if a password has been typed, because generally the password will be typed rapidly, after which there will be some pause in typing.


Adding a handler for interrupt #1 is an easy method, but only works for PS/2 keyboards. Here is an overview of a few different methods (obsolete, but interesting): https://www.thc.org/papers/writing-linux-kernel-keylogger.txt
An example of adding an interrupt handler was discussed in class and should be available in the class examples area.
Today, most keyboards use the USB interface, and as such, don't generate one interrupt per keystroke. You can register a keyboard handler. Refer to the demo in class from October 7 (kbd.c).
As an interface, your kernel module should use the /proc filesystem. Reading from a file in this filesystem should produce a log of recent passwords entered. The definition of "recent" is up to you, but it should be long enough to be useful. You will have to convert the keystrokes to letters. There is code for this in the kernel, but it may be easier to write your own. You don't have to implement write functionality for your entry in /proc. The way to turn off the keylogger is to remove the module from the kernel.

Turning in the assignment

Pack together anything needed for the assignment into an archive, and upload it like usual. If you have only one file, you can upload it as a .c and not bother with a .zip or .tar file.