KEYLOGGER TOOL FOR RECORDING

KEYSTROKES MADE BY USER IN A

MACHINE

MINI PROJECT REPORT

Submitted by
KRISHNA M P (921318104102)
NESAMANI S (921318104125)
RAVI SHANKAR S (921318104154)
VIGNESH J (921318104222)

In partial fulfilment for the award of the degree

of

BACHELOR OF ENGINEERING
IN
COMPUTER SCIENCE AND ENGINEERING

PSNA COLLEGE OF ENGINEERING AND

TECHNOLOGY DINDIGUL-624 622.

1
 ANNA UNIVERSITY : CHENNAI 600 025.

AUGUST 2021

ANNA UNIVERSITY: CHENNAI 600025

BONAFIDE CERTIFICATE

Certified that the project report " Keylogger using Python " is the bonfide
work of " KRISHNA M P (921318104102) , NESAMANI S (921318104125) ,
RAVI SHANKAR S (921318104154), VIGNESH J (921318104222)" who
carried out the Mini Project (CS8611) under my supervision.

SIGNATURE SIGNATURE

Dr. D.SHANTHI., M.E, Ph.D. Mr. N.SELVAGANESH.,M.E.,

HEAD OF THE DEPARTMENT, ASSISTANT PROFESSOR,

Department of CSE, Department of CSE,

PSNA College of Engg.&Tech., PSNA College of Eng.&Tech,.

Dindigul- 624622 Dindigul- 624622

2
Submitted for viva voce examination held on 10-08-2021

Internal Examiner External Examiner

ACKNOWLEDGEMENT

With warm hearts, I feel very pleased to thank the Almighty for his
Showers of Grace and Blessings which led me to the successful completion of
this project. I would like to express my gratitude towards my parents for their
kind co-operation and encouragement which help me in the completion of this
project.
We take this opportunity to express my sincere thanks to the respected
chairperson Tmt .K.DHANALAKSHMI AMMAL, who is the guiding light for
all the activities in my college. I would like to express my gratitude to our pro-
Chairman Rtn.Thiru R.S.K RAGURAAM, D.A.E, M.com, for their
continuous support towards the student's development.
We would like to thank our Principal Dr. D.VASUDEVAN,M.E., Ph.D.,
for being a light in guiding every one of us and infusing us the strength and
enthusiasm to work over successfully.

3
 We express all my thanks & gratitude to Dr.D.SHANTH1, M.E., Ph.D.,
Professor and Head, Department of Computer Science and Engineering for her
valuable suggestions and encouragement in the completion of this project work.
The project would not be possible without the motivation and guidance
Mr.N.SELVAGANESH.,M.E., Assistant Professor of Department of Computer
Science and Engineering.

4
 ABSTRACT

Here the project is developing a windows app for pc called key stroke
analysis. Key logger is a application used for for action of tracking the
keys when ever user presses keyboard, keyword strokes are captured in
converted manner so users are unaware that their actions are
monitored.

This software also contain that action of capturing the desktop if a person
is using the mouse or joystick instead of keyboard that can ultimately be
stored in a hidden log file that log file is being viewed by administrator
only. It can be accessed by administrator only. This technology can be
used for finding out all the sites and files which are being accessed by
any
person in the administrator’s absence.

The project can be used for proper identification and authentication. The
typing dynamics can be used for different user profiles. Thus this
becomes a valid tool for ascertaining personal identity

5
 Table Of content
Chapter no Title Page No
Abstract 4

1 Introduction 6

1.2 Motivation 10

1.3 Problem Statements 10

2 System Analysis 11

2.1 Existing System 12

2.2 Proposed System 13

2.3 Hardware & Software Requirements 13

2.4 Technology Used 13

3 System design 14
6
 2.3 UML diagram 14

2.2 Use case diagram 14

2.3 Class diagram 15

4 System Implementation and Testing 16

4.1 Screen Shots 16

4.2 Testing 20

5 Conclusion & Future Enhanchment 22

5.1 Result 22

5.2 Conclusion 22

5.3 Reference 23

Chapter 1
Introduction

 In a modern computer, the interpretation of a pressed key is generally

left to the software. Keylogging is one of the most popular spying
software in the computer history. A computer keyboard distinguishes
each physical key from every other and reports all key presses to the
7
controlling software[2]. Physical keyboards is used to type text and
numbers into a word processor, text editor or other programs. In a
modern computer, the interpretation of keystrokes are generally left to the
software. A computer keyboard distinguishes each physical key from
every other and reports all keystrokes to the controlling software. A
command-line interface is a type of user interface operated entirely
through a keyboard. For knowing the term keylogger, and how it works,
it is necessary to deeply understand the operating system architecture.
The assumption is that virtual technologies are acting differently when
interpreting a key stroke from user keyboard, and that depends on how
the virtual machine sees its hypervisor and how the hypervisor handling
and using the hardware resources, such as the keyboard. The key strokes
entered on the keyboard will be necessary to detect, since one of this
thesis purpose will be to log the keystrokes performed by the attacker. In
computer environment it exists both hardware keyloggers and software
keyloggers. The hardware keylogger can only log from the only one
physical machine the hardware keylogger is installed on. The software
keylogger can log local and remote users. It will be necessary to use a
software key logger in this thesis for log intruders from all over the
world. Keyloggers will be listed after the most popular keyloggers on the
todays marked for Linux Ubuntu desktop 12.04, Linux Ubuntu server
12.04 and Microsoft Windows 7 platforms and then tested to look after
important features such as visible or invisible and time-stamps. The
description in the approach and methodology chapter, followed by testing
and analysing. Keyloggers for Linux-system are open-source there the
source code is available for downloading for any interested user.
Keyloggers in Windows for the most commercial, but some of the
products offer a trial period for testing the current keylogger. A keylogger
with a lot of features to capture all necessary information can be used in
honeypots in a honeynet. A typical honeypot is a host machine, 1 acting
8
like a useful and normal host. Several honeypots in a network is called a
honeynet. The honeynet consist of technology for watching honeypots
that are running with the primary intent of luring attackers and collect
information about attacks and tracking attacking methods.[1] In this
thesis keylogging tools will be implemented, tested and analyzed in order
to find out how they works and if the keyloggers works the same way for
bare-metal systems and in different virtual environments, such as Xen,
KVM, VMWare ESXi and Virtual Box. Virtualization has been very
useful for companies and organizations to run different services on a
single virtual server. Virtualization technologies has many benefits. One
virtual server enables to reduce the cost of managing more hardwares,
flexibility in management, the usage of resources in more efficient ways
for naming a few. Two different platforms will be used in testing such as
Microsoft Windows 7 and Linux Ubuntu 12.04 operating systems.
Different operating systems can act different. Keyloggers features such as
visibility, functionality and stealthiness will be tested. Keyloggers will be
installed on honeypots to understandable data from the attackers from log
files that will log keystrokes entered by the user or hopefully the
attackers. Since the keystrokes are fetched local or virtual, and in some
cases are send over the networks, one will need a software-
based keylogger. Keyloggers may behave different in different
environments. The keystrokes are interpreted differently by bare-metal
technology as compared to virtual technologies in a virtual environment.
One other issue to take into account is to what extent keyloggers that can
be used in hidden mode, being invisible for an attacker to detect. Like it
is impossible to detect by looking at the running processes on a system.
For this research physical and virtual environment is set up in Oslo
and Akershus University College’s network. The different environments
are explained in the background chapter. The hardware is thoroughly
explained in the approach section. In the computer world, a hacker is
9
someone who seeks and exploits weaknesses in a computer system. A
honeypot monitor selected hackers that get fetched in attacks to honeypot
targets. The fetched attacker give us knowledge against development in
the future to better handle attacks from hackers.1.1 Motivation This
section tells about the motivation for this master thesis, keylogging, and
the importance around that topic. All of the following articles contains
different virtual technologies, hacker attacks that are mentioned gave
interest for making a proposal of problem statements to solve. Here are
two interesting cases around the topic keylogging, found in newspapers
on the Internet. One article from year 2005 and the other from recently
year 2014, that shows that keylogging are used for several years. 2 In
February 2005, Joe Lopez, a businessman from Florida, filed a suit
against Bank of America after unknown hackers stole $90,000 from his
Bank of America account. An investigation showed that
Mr. Lopezs computer was infected with a malicious program,
Backdoor. Coreflood, which records every keystroke and sends this
information to malicious users via the Internet. This is how the hackers
got hold of Joe Lopez user name and password.In February 2014, an
article at www.nrk.no states that the Norwegian Police
Security Service(PST) ask politicians for permission to install ways to
monitor data keyboards of people they have in the spotlight. This could
be achieved by installing a proper keylogger secretly on the remote
machine to log key strokes. Keystroke logging has become an established
method used by hackers for fetching passwords and other confidential
data. Not only for hackers, but also for others such as: system
administrators for systems, detecting suspicious users. In research for
different areas such as for research by parents for monitoring children for
detecting special behaviors and criminals to name a few areas. Keystroke
logging can also be a very useful method to detect attacks and their attack
mechanisms, when setting up keylogger in honeypots. An important part
10
of this research will be to actually find out how keylogging works under
different technologies and set up a honeypot to log the keystrokes,
entered as commands or executable scripts entered by the attackers. With
the purpose to viewing exactly what the hackers are doing. This will
monitor which method that is going to be used. This may also cause
successfully interaction with the hacker. To detect keystrokes might
prepare against such attacks in the future. There are several attack
methods all over the world, with the purpose to harm people, groups or
unknown targets. One type of attack that is interested to detect, is
especially when the hacker trying to compromise the hacked computer to
be a part of the bot-net.[1, 23, 40] A virtual machine depends on the
virtual technology and the underlying hypervisor. Common for all virtual
technologies is that the virtual machines are running on a hypervisor that
hides the physical characteristics of a computing platform from users and
instead showing the abstract platform. Many hosts allow the execution of
complete operating systems. The guest software executes as if it were
running directly on the physical hardware, with several notable
limitations. Access to physical system resources like the keyboard is
generally managed at a more restrictive level than the host processor and
system-memory.

1.1 Motivation

This section tells about the motivation for this master thesis,
keylogging,
and the importance around that topic. All of the following articles
contains different virtual technologies, hacker attacks that are mentioned
gave interest for making a proposal of problem statements to solve. Here
are two interesting cases around the topic keylogging, found in
11
newspapers on the Internet. One article from year 2005 and the other
from recently year 2014, that shows that keylogging are used for several
years.

1.2 Problem statements

Here is the list of problem statements regarding this master thesis.
Within the topic keyloggers there are several solved and unsolved
questions. There exists surveys of keylogging on bare-metal technology
for Linux
and Windows based systems today, but not surveys of keylogging for
virtual technologies.
1. Do a survey on keyloggers on Windows- and Linux-based systems.
2. Investigate trough experiments how keyloggers function in both bare-
metal and different virtual environments and weather they log any
keystroke, or only keystrokes from a limited number oapplications.
3. Analyze to what extent keyloggers can be detected.
4. Analyze to what extent time-stamp for keyloggers can be used to
establish a time-line of the events taking place.
5. Investigate to what extent the keylogging features of Kippo facilitates
the analysis of SSH attacks.

12
 CHAPTER 2
SYSTEM ANALYSIS
13
 System analysis is a problem solving technique that decomposes
a system in to its component pieces for the purpose of studying how
well those component parts work and interact to accomplish their
purposes. System analysis is the process of studying a procedure or
business in order to identify its goals and purposes and create systems
and procedures that will achieve them in an efficient way. Analysis and
synthesis, as a scientific methods, always go hand in hand; they
complement one another. Every synthesis is built up on the results of a
preceding analysis, and every analysis requires a subsequent synthesis
in order to verify and correct its results.

2.1 EXISTING SYSTEM

Here the windows app which already exist captures just the key
strokes. since the application is hidden user is unaware that his actions
are monitor

2.2 PROPOSED SYSTEM

14
 So here in the mini project we want to develop the code for the
windows app by using the languages python here we would like to
include certain extra features to the key logger such as recording
Keystroke activity and sending it into E-mail at regular intervals for
remote viewing , logs are encrypted. The application is very easy to use
so that customers feel happy while using this.

2.3 HARDWARE, LANGUAGES AND SOFTWARE

REQUIREMENTS

Hardware Requirements:
Processor : 2.4 gigahertz (GHz)
RAM : 6 gigabyte (GB) (64- bit)
Hard disk space : 16 GB (64-bit)
Languages required : Python
Software Requirements: VS Code

2.4 TECHNOLOGY USED

This Project is done by using SMTP Protocol which is used send E-mail
over networks. With the help of SMTP protocol we send the keystrokes
as a message in mail by python.

15
 CHAPTER 3
System Design
3.1 UML DIAGRAMS

The Unified Modeling Language is a standard language for specifying,

visualizing, constructing, and documenting the artifacts of the software
systems, as well as for business modeling and other non-software
systems.

3.2 Use Case Diagram

A use case is a set of scenarios that describing an interaction
between a user and system. A use case diagram displays the relationship
among the actors and use cases. The two main components of a use case
diagram are use cases and actors. Here figure 3.6.1 describes the use
case diagram between a chatbot and a user.

16
3.3 Class Diagram
Class diagrams are the most common diagrams used in UML.
Class diagram consists of classes, interfaces, associations and
collaborations. Class diagrams are basically represent the object
oriented view of the system which is static in nature. Active class is
used in the class diagram to represent the concurrency of the system.
This is the most widely used diagram at the time of system construction.
as describes the class diagram.

17
 CHAPTER 4
SYSTEM IMPLEMENTATION AND
TESTING
4.1 Screen Shots
Take 1:

Take 2:

18
Take 3:

Take 4:
19
Take 5:

Take 6:

20
Take 7:

21
4.2 TESTING

Since the error in the software can be injured at any stage. So, we
have carry out the testing process at different levels during the
development. The basic levels of testing are,
• Unit Testing
• Integration Testing
• Validation Testing
• Functional Testing
• Structural Testing

4.2.1 Unit Testing

Unit testing was used to test individual units in the system and
ensure that they operate correctly. Alternate logic analysis and screen
validations were tested in this to ensure optimum efficiency in the
system. The procedures and functions used and their association with
data were tested.

22
4.2.2 Integration Testing
This testing process focuses on identifying the interfaces between
components and their functionality. The bottom up approach was
adopted during this testing. Low-level modules are integrated and
combined as a cluster before testing. This allowed identifying any
wrong linkages or parameters passing early in the development process
as it just can be passed in the set of data and checked if the result
returned is an accepted one.
4.2.3 Validation Testing

Software testing and validation is achieved through a series of

block box tests that demonstrate conformity with requirements. A test
procedure defines specific test cases that will be used to demonstrate
conformity with requirements. Both, the plan and the procedure are
designed to ensure that all functional requirements are achieved,
documentation is correct and other requirements are met. After each
validation test case has been conducted, one of the two possible
conditions exists.
4.2.4 Functional Testing

Functional testing, also known as block box or closed box

testing, is normally applied to HDL (High-Level Data Link) code that
operates concurrently and concentrates on checking the interaction
between modules, blocks or functional boundaries. The objective here is
to ensure that 'correct results" are obtained when 'good inputs" are
applied operates in a predictable manner. Functional testing can
therefore be considered as concentrating on checking that the data paths
operate correctly. The coverage measurements that fall into this
category are toggle, triggering, and signal trace coverage.

23
4.2.5 Structural Testing

Structural testing, are known as white box or open box testing, is

normally applied to sequential HDL (High-Level Data Link) code and
concentrates on checking that all executable statements within each
module have been exercised and the corresponding branches and paths
through that module have been covered. If there is a section of HDL
code that has never been exercised then there is a high possibility that it
could contain an error that will remain undetected.

CHAPTER 5
CONCLUSION AND FUTURE
ENHANCEMENT

5.1 Results

Before testing the keyloggers it is important to fifind out

which keylogger that is most popular among all keylogger
available on the Internet today. It is many ways to defifine the
most important keylogger used by users. The different keylogging
tools where tested on both Linux Ubuntumachines and Windows
machines, for (bare-metal) and in different virtualization
technology such as: Xen, VMware ESXi,KVMand Virtual Box.
The software keyloggers for Linux Ubuntu 12.04 are summed up

24
in table 4.3 on page 48 and for Microsoft Windows 7 is summed
up in table 4.4.

While doing the testing of keylogger in the different virtual environment,

some unexpected experiences occurred. These unexpected experiences is
also listed.

5.2 Conclusion
A Windows Pc App on Keystroke analysis has been implemented
successfully, Which saves the keystrokes in a log file and sends it into
Email at regular intervals and whenever a key is pressed

5.3 References
 Kirk P.H. Sullivan, Eva Lindgren, Computer keystroke logging and
writing : methods and applications
 Behaviour Logging Tool, BeLT -verktøy for logging av
brukerinterasjoner, Gjøvik, May 2013.
 Hafez Barghouthi, Keystroke Dynamics, How typing characteristics
differ from one application to another, 2009.
 Cormac Herley and Dinei Florencio, How To Login From an Internet
 Daniel J. Barrett, Richard E. Silverman and Robert G. Byrnes, SSH
The Secure Shell, The Definitive Guide, 2005
 Nikolay Grebennikov, Securelist, Keyloggers: How they work and
how to detect them, 2007

25