Linux: Is Keyboard Rootkitted

I created a keyboard rootkitted detector that consist of a Linux Loadable Kernel Module (LKM), a /proc/is-kbd-rkt file and a simple app that outputs the result. The app looks something like this:

In order to try it out you first need:

to have installed g++, gcc and make

and need to have the linux-headers-`uname -r`

Then you should do a:

git clone https://github.com/sith-ikjetil/is-kbd-rkt.git

Then you need to build the LKM (lkm subdirectory):

make

The install the LKM (.ko file) into the kernel:

sudo insmod ./is-kbd-rkt.ko

You might need to disable secure boot or sign the LKM first.

Then build the app (app subdirectory):

./build-debug.sh

Now all you have to do is run the application (app subdirectory):

./iskbdrkt

or see the contents of the /proc/is-kbd-rkt file:

cat /proc/is-kbd-rkt

Good luck 🙂

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

$5.00

$15.00

$100.00

Or enter a custom amount

Your contribution is appreciated.

Donate Donate monthly Donate yearly

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Make a one-time donation

Make a monthly donation

Make a yearly donation

Share this:

Like this:

Related

Leave a Reply Cancel reply