Linux: Is Keyboard Rootkitted

I created a keyboard rootkitted detector that consist of a Linux Kernel Module (LKM), a /proc/is-kbd-rkt file and a simple app that outputs the result. The app looks something like this:

iskbdrkt app screenshot

In order to try it out you first need:

  • to have installed g++, gcc and make
  • and need to have the linux-headers-`uname -r`

Then you should do a:

git clone https://github.com/sith-ikjetil/is-kbd-rkt.git

Then you need to build the LKM (lkm subdirectory):

make

The install the LKM (.ko file) into the kernel:

sudo insmod ./is-kbd-rkt.ko

You might need to disable secure boot or sign the LKM first.

Then build the app (app subdirectory):

./build-debug.sh

Now all you have to do is run the application (app subdirectory):

./iskbdrkt

or see the contents of the /proc/is-kbd-rkt file:

cat /proc/is-kbd-rkt

Good luck 🙂

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: