Solved

IS THERE A WAY TO TRICKY A KEYLOGGER???

Posted on 2004-09-28
30
499 Views
Last Modified: 2010-04-11
Hi,

There's lot of spywares out there. Some of them, logs everything you type to send thru the web. Imagine a spyware send your valuable data, as credit card numbers, passwords, etc., out there...

I have heard that if you use MS On-screen Keyboard (windows accessbility program) when typing passwords and valuable data, keyloggers will fail to grab what's being typed, cause you are not using the physical keyboard.

This thread
http://www.experts-exchange.com/Security/Q_21032824.html
says on-screen keyboard is secure, but I am not sure.

The question is: IS THAT TRUE?
Does the on-screen keyboard uses the keyboard hook?

Please do not answer without proofing it. I need proof. PROOOOOOOOOOOOOFFFFF!
Documents, texts, explanations, etc.

thanks
0
Comment
Question by:mikelima
  • 11
  • 6
  • 5
  • +5
30 Comments
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12176525
Let me try my proof of keylogger out
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12176546
Well the windos onscreen keyboard didnt trick my test keylogger.

It worked just as if i had pressed the keys on the keyboard. My keylogger works by constantly reading whether an ascii key has been pressed. The onscreen keyboard i think must have to pass this message in order to have the letters do their job whether that be a command or typing etc. I program in delphi and in essense this is the code:

procedure TForm1.Timer1Timer(Sender: TObject);
var X,y:integer;
f:char  ;
str:string;
begin

For X:=0 to 255 do
begin
  if ((GetAsyncKeyState($+x) and 1) = 1) then
  begin
  if (x<>1) AND (checkbox1.checked) then
  begin
  showmessage(inttostr(x));
  end;
    for y:=0 to listview1.items.Count-1 do
      begin
       if x=strtoint(listview1.items.item[y].caption) then
       memo1.text:=memo1.Text + (listview1.items.item[y].subitems[0])
     end;
   end;
end;
end;

As you may be able to see it is checking for a key state. So thus if my program works the onscreen keyboard must be sending a keystate message

Hope this answers your question,

Hypoviax
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12176563
In summary, therefore, if my simple keylogger works (and it is simple) then the MS onscreen keyboard is NOT secure from keyloggers.

I would like to see anyone who disputes my claims.

Regards,

Hypoviax
0
 
LVL 2

Expert Comment

by:TeeSeePeeEyePee
ID: 12176997
No dispute, I think Hypoviax showed clearly why the statement is not true, but a possible explanation of why this was recommended:

Hardward-based keyloggers (such as those recently publicized to be in use by law enforcement) which intercept and store keystrokes in the physical PS/2 or USB circuit would be by-passed by using the on-screen keyboard.
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12177056
Interesting, TeeSeePeeEyePee, i have no evidence for your suggestion but it leads to a conclusion:

The MS OnScreen keyboard is NOT secure from software based keyloggers and MAYBE secure from hardware - based keyloggers

Regards,

Hypoviax
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12177154
By the way, welcome to the club TeeSeePeeEyePee, i see you joined today!
0
 
LVL 2

Expert Comment

by:TeeSeePeeEyePee
ID: 12177167
Thanks for the welcome, and I think you got the point exactly!
0
 
LVL 1

Accepted Solution

by:
Tezdread earned 40 total points
ID: 12179155
I believe that the only really safe way to enter data if a key logger is installed is to use menu systems like HTML form menus. I haven't seen anything that would be able to record this type of action so does anyone know if this would be possible? I guess if it is it would have to be setup specifically with programming?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12179671
This does not work on many keylogging applications, klogger.exe from (ntsecurity.nu) nor does it work with iOPUS STARR PC, NetVisor, Netspy many others.
Most keylogger's watch the memory registers and I/O call's for text- unless as mentioned someone is using physical loggers, line with your keyboard's cord.
-rich
0
 
LVL 2

Author Comment

by:mikelima
ID: 12180898
resuming: the best way not be logged is not to type nothing anymore... :-)
0
 
LVL 2

Assisted Solution

by:TeeSeePeeEyePee
TeeSeePeeEyePee earned 25 total points
ID: 12181183
And even if you abandon typing and use on-screen keyboards and menus, you still wouldn't be safe, someone can always Van Eck phreak your box (or if it's the government, they'll do the same thing with much more expensive and expensive equipment we paid for and call it "TEMPEST"):

http://upe.acm.jhu.edu/websites/Jon_Grover/page2.htm

http://eckbox.sourceforge.net/
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12184547
Well my proof of code keylogger picks up what the onscreen keyboard does when used with the mouse. Surely this proves that software keyloggers can pickup what onscreen keyboard apps do. Tezdread - can you expand on what you were saying so i can test my application.

Regards,

Hypoviax
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 20 total points
ID: 12189752
Copy and paste will 9 times out of 10 fool a keylogger, but if it's monitoring a certain part of memory looking for "lsa secrets"... (password revealers work this way) then there is nothing you can do. Copy and paste fool most keyloggers. Sorry I didn't mention it before- long day.
-rich
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12194521
LOL , keyloggers are played out. If you have the right security this is a non factor. So instead of trying to "fool" a keylogger that is obviously on your system because you were FOOLED. Why not just protect your system.

Also, what "fools" something today, can be fooled tomorrow.

defense is your only secure option.

-end-
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 5

Expert Comment

by:Hypoviax
ID: 12195075
The thing is, if a keylogger can't log, say what is copied and pasted, it is easier enough to simply write a program to print screen when say ctrl-c and ctrl-v are pressed. That way the so called 'hacker' or monitorer can see what was copied and to where it was pasted.

And i agree entirely with knoxj81 - work on your security not on trying to fool a program.

Regards,

Hypoviax
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12197504
True, I agree whole heartedly- security is a PROCESS, not a PROGRAM.
If we want to go off on a tangent, then there are right-click's for copy and paste, you can click on Edit>Paste, ctrl+v, highlight drag and drop... and you could record all the different ways, and some programs do- for example the new Spector Pro software, does most of the above.

Copy and paste can work to "tricky" a keylogger-9 out of 10 times  and the on-screen keyboard does not work against any that I tested. If the author needs more proof, he'll need to DL a few, and see for themself.
-rich
0
 
LVL 5

Assisted Solution

by:Hypoviax
Hypoviax earned 20 total points
ID: 12197524
...you can also inspect quite easily what is in the clipboard....

Anyway i think we need a summary:

Software based Keyloggers cannot be fooled by the Onscreen keyboard. Hardware based keyloggers MAY or May not be fooled by the Onscreen keyboard. The process of copy-and-paste may fool current keyloggers but it is most easy to program the capabilities to record these activities (i can post code). Finally that Security should be the consideration and not how to fool a program on one's system unless you don't want to type anything at all!

Regards,

Hypovax
0
 

Expert Comment

by:askdavid
ID: 12199438

I strongly agree with Hypoviax Comments....there is no way to bypass keyloggers.

It is always better to remove keyloggers from system on detection instead of finding ways to hide yourself from keylogger ;-)

Take enough security measures to safe guard your pc's

BTW Hypo... Do you name any hardware based keyloggers...?

David

--
Weather forecast for tonight: dark   --  George Carlin
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12199574
I also agree, not having spy-ware is definatly the best situation. But if you don't want to type at all, try Dragon Naturally Speaking ;) Won't help avoid a key logger or spy ware, but is pretty good voice to speech software ;)
-rich
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12204395
Thats the other thing we need to bring up. Speech. I am not sure since i don't have speech software but i think it would work in the much the same way as the OnScreen keyboard. The software would interpret the sounds and convert them the key events. thus, if this is the case then my test keylogger would pick it up in much the same way.

AskDavid, my summaries re hardware keyloggers were based upon TeeSeePeeEyePee's comments earlier. I have only knowledge of software keyloggers since i have coded one as a test.

Regards,

Hypoviax
0
 

Assisted Solution

by:askdavid
askdavid earned 20 total points
ID: 12205880

my research....

Basic Information on keyloggers & useful articles
http://www.linuxsecurity.com/docs/Hack-FAQ/computers/key-logger.shtml
http://www.pcmag.com/article2/0,1759,1167505,00.asp

HARDWARE based KeyLoggers
http://www.keyghost.com/
http://www.thespystore.com/pcsurveillance.htm

Can any software Detect or Protect you from Hardware Key-loggers?
No.  Hardware key-loggers are (as of now) undetectable by software.  Your best defense against hardware key-loggers is to make sure your keyboard is plugged directly into your computer.  Many hardware key-loggers sit between your keyboard and the computer -- your keyboard is plugged into the logger and the logger is plugged into the keyboard port on your computer.  Some hardware key-loggers are embedded in ordinary-looking keyboards.  Keep tabs on your hardware and make sure that nobody can access it.  If you're really paranoid, lock up your keyboard when you're not using the computer.

David
--
Join Today - Unofficial Windows based Webalizer Support Group
http://groups.yahoo.com/group/win-webalizer/
0
 

Expert Comment

by:askdavid
ID: 12205898

Hypoviax,

Bud...i thought i m going to learn something new from you, so just thought to ask ya ;-)

well i tried to researched on above topic, i hope you may find this useful too......seems LIFE is getting more interesting now a days...i hope in coming days i may jump into forensic :)

David

--
If knowledge is power then the unknown is unconquerable

Join Today - Unofficial Windows based Webalizer Support Group
http://groups.yahoo.com/group/win-webalizer/
0
 

Expert Comment

by:askdavid
ID: 12205916

One more thing i missed above....!!

further my research shows that Onscreen Keyboard is effective to fool your hardware keyloggers, i had not tested this so i m not sure about it but at many discussion forums i found that this limitation exists in hardware keyloggers....!!

David

--
Join Today - Unofficial Windows based Webalizer Support Group
http://groups.yahoo.com/group/win-webalizer/
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12206119
No worries, David, any body can ask me questions :). I've read some of your material and i believe that very soon i think hardware keyloggers would be able to read key messages just as software keyloggers can (see my code right up top). It is perfectly possible for hardware to read windows messages. All that would have to occur, i think, would that a driver would have to be made so that windows knows how to handle the hardware and what to do with it (i.e send key messages). This means that the onscreen keyboard would NOT trick a hardware keylogger. Please correct me on this particular issue if my theory is incorrect

Regards,

Hypoviax
0
 

Expert Comment

by:askdavid
ID: 12206311

Well there is no doubt that hardware keyloggers may soon track / understand mouse clicks or clipboard items or your private messages.....!!

might be onscreen keyboard or any other thing can't help you out today or in future, as you know technology is growing faster now a days!!

anything is possible thru today's technology

David
0
 

Expert Comment

by:andresgosu
ID: 12302108
I seem to trick keyloggers by typing jumbled mess in a text document and saving it. In that jumbled mess are passwords, account info and such. I use the mouse to highlight and drag the correct information to the field I need it in. I have never had issues with keyloggers or angry girlfriends who know how to use keyloggers.
0
 

Expert Comment

by:askdavid
ID: 12638699

we put our efforts . . . used lot of brain on doing research, i think points shld be distributed between me & Hypoviax if questioner has no objection ;-)

DAVID
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12639899
I agree, we put in effort into this thread and should be rewarded (I proved through code that the statement queried by the questioner was incorrect - i justified this and so too did David (askdavid))

The responses made were quite true and would be interesting for future research by people of this site. I believe the points should be split between Myself (Hypoviax) and  askdavid

Regards,

Hypoviax
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12644191
I think my .02$ is also worth a  cut. I tested the onscreen keyboard against many different kloggers, with no sucess- meaning the onscreen keyboard was no work-around to kloggers.
It's a weak question, but peoples efforts were made.
-rich
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now