View topic - Beat the KeyLoggers Update January 15, 2007 • AutoHotkey Community

View unanswered posts | View active topics

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Beat the KeyLoggers Update January 15, 2007

Page 1 of 3

[ 31 posts ]

Go to page 1, 2, 3 Next

Print view | E-mail friend

Previous topic | Next topic

Author

Message

MKS9806

Post subject: Beat the KeyLoggers Update January 15, 2007

Posted: December 7th, 2006, 11:42 pm

Joined: January 31st, 2006, 5:15 am
Posts: 4

Is there a way of beatting the KeyLoggers?
That's highly questionable, but there is a way of beatting most of the free versions of the KeyLoggers with "AHK".

The code is simple and it also helps storing large amounts of passwords in a safe location.

Code:

;Generic code
:c:SomePassword::
   Sleep, 300
   User := "UserName" ; Entering UserName
   SendPlay, %User% ; Pasting UserName
   User := "" ; Errasing UserName
   Sleep, 300
   SendPlay, {tab} ; Go to next field
   Pass := "Password" ; Entering Password
   SendPlay, %Pass% ; Pasting Password
   Pass := "" ; Errasing Password
Return

The key logger will only detect something simmilar to the following:

Code:

SomePassword{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}{BackSpace}
{Ctrl Down}v{Ctrl Up}{Tab}{Ctrl Down}v{Ctrl Up}

NOTE
You have to be clever to put your pass phrace
See the following

Code:

:c:Ebay.pass::
   Sleep, 300
   User := "EbayUserName" ; Entering UserName
   SendPlay, %User% ; Pasting UserName
   User := "" ; Errasing UserName
   Sleep, 300
   SendPlay, {tab} ; Go to next field
   Pass := "EbayPassword" ; Entering Password
   SendPlay, %Pass% ; Pasting Password
   Pass := "" ; Errasing Password
Return

:c:Hotmail.pass::
   Sleep, 300
   User := "HotmailUserName" ; Entering UserName
   SendPlay, %User% ; Pasting UserName
   User := "" ; Errasing UserName
   Sleep, 300
   SendPlay, {tab} ; Go to next field
   Pass := "HotmailPassword" ; Entering Password
   SendPlay, %Pass% ; Pasting Password
   Pass := "" ; Errasing Password
Return

:c:Gmail.pass::
   Sleep, 300
   User := "GmailUserName" ; Entering UserName
   SendPlay, %User% ; Pasting UserName
   User := "" ; Errasing UserName
   Sleep, 300
   SendPlay, {tab} ; Go to next field
   Pass := "GmailPassword" ; Entering Password
   SendPlay, %Pass% ; Pasting Password
   Pass := "" ; Errasing Password
Return

You may modify and/or compile as you want/need, for every thing/web page.
Comments or suggestions to "Heber Romo" at "mks9806@gmail.com"

Remember that the original purpose of this scrip was only to store large amounts of passwords and retrieve them in a generic and easy way.

Last edited by MKS9806 on January 16th, 2007, 6:10 am, edited 1 time in total.

Top

foom

Post subject:

Posted: December 8th, 2006, 3:22 pm

Joined: April 19th, 2006, 1:02 pm
Posts: 386

Here is a version that saves you to write a hotstring for every account you have.

Code:

#singleinstance force

gmailuser=gmailuser
gmail=gmailpass

yahoouser=yahoouser
yahoo=yahoopass

ahkuser=ahkuser
ahk=ahkpass

;type mypw.. and then the name e.g. gmail or yahoouser or any other variable name u saved your info in and then press enter.
:*:mypw..::
    Input, account, I, {enter}
    if (%account%)
    {
        clipbak:=ClipboardAll
        clipboard:=%account%
        send ^v
        clipboard:=clipbak
    }
return

Last edited by foom on December 8th, 2006, 4:34 pm, edited 3 times in total.

Top

BETLOG

Post subject:

Posted: December 8th, 2006, 3:39 pm

Joined: November 27th, 2006, 7:41 am
Posts: 222
Location: Queensland, Australia

I see 2 significant problems with that:
1) any locally installed keylogger could also monitor the clipboard.
2) you are storing your passwords WITH your usernames, and in PLAIN TEXT.
ok sure, so you could compile/encrypt the .ahk, but you get my point - refer to 1)

Top

Laszlo

Post subject:

Posted: December 8th, 2006, 4:07 pm

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO

BETLOG wrote:

any locally installed keylogger could also monitor the clipboard

True, but not all do, so we have some protection. To make the script a little safer increase its priority to real time, set up the clipboard, paste it immediately, clear the clipboard and reset the priority of the script to normal. There is a chance that the clipboard monitoring worm will miss the password. Other tools, like private clipboards are more complex.

Top

foom

Post subject:

Posted: December 8th, 2006, 4:21 pm

Joined: April 19th, 2006, 1:02 pm
Posts: 386

BETLOG wrote:

I see 2 significant problems with that:
1) any locally installed keylogger could also monitor the clipboard.

A keylogger will monitor you while you type the pw into the ahk file as well.

Quote:

I am in doubt if raising the priority of the script would help. I mean the logger could use a clipboard hook like Chris is in ahk for the OnClipboardChange label. Allthought i don't know how this works i doubt it will miss a clipboard change.

Top

Laszlo

Post subject:

Posted: December 8th, 2006, 4:30 pm

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO

You can create and compile your script in a safe environment (no network, booted from a clean CD) and run it from an USB stick. Of course, there is no absolute security, we can just try to make life harder to ordinary key loggers.

Clipboard changes are registered after a few ms delay, due to the inner working of Windows. If in this time the clipboard changes twice, the monitor program only sees the final content.

Top

foom

Post subject:

Posted: December 8th, 2006, 5:02 pm

Joined: April 19th, 2006, 1:02 pm
Posts: 386

Laszlo wrote:

Clipboard changes are registered after a few ms delay, due to the inner working of Windows. If in this time the clipboard changes twice, the monitor program only sees the final content.

This is suprising. I created a monitor ahk script and it didn't capture the clipboard, even thought its running on realtime aswell. Heck even setting the protecting script to idle while the monitor is realtime doesn't capture it.

Code:

#Persistent
setbatchlines -1
#noenv
Process, Priority, , R
return
OnClipboardChange:
clip=%clipboard%
ToolTip , %clip%
return

However AHK method might not be very agressive and therefore miss it.

Top

haichen

Post subject:

Posted: December 8th, 2006, 5:36 pm

If you have a clipboardtool like CLCL from http://www.Nakka.com you can see all your passwords in plain Text.

haichen

Top

Laszlo

Post subject:

Posted: December 8th, 2006, 7:05 pm

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO

Have you tried it (with real time priority script, SetBatchLines -1, and SendInput for sending ^v)? If it really catches fast clipboard changes, it might have its own clipboard handler. Otherwise CLCL sucks. (In word processors it shows only picture placeholders, inserts bookmarks, etc. There is no support, bug reports are never answered.)

Top

PhiLho

Post subject:

Posted: December 8th, 2006, 7:32 pm

Joined: December 27th, 2005, 1:46 pm
Posts: 6837
Location: France (near Paris)

I use CLCL all the time, and I am a satisfied user, but I probably have a very different use than you, mostly using it for strings in text editors.
Notice that by default it doesn't handle all clipboard formats, you have to add plugins to allow it to recognize more formats.

_________________

vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

Top

haichen

Post subject:

Posted: December 8th, 2006, 7:41 pm

With SendInput the text is logged, but with SendPlay nothing is monitored.
Works all so without the commented code.

Code:

;Process, Priority, , R 
; #Persistent
;setbatchlines -1
;#noenv 

:c:Ebay.pass::
    clipboard = passwd1 ;User Name to clipboard
    Sendplay, {Ctrl Down}v{Ctrl Up}{tab}
    clipboard = Ebaypsword ;Password to clipboard
    Sendplay, {Ctrl Down}v{Ctrl Up}{Enter}
    clipboard = ; Empty the clipboard.
Return 

Someone has to test if a Keylogger really can't catch the text.

Nice idea
haichen

Top

MKS9806

Post subject: Fun, Fun. Keep Going

Posted: December 8th, 2006, 7:52 pm

Joined: January 31st, 2006, 5:15 am
Posts: 4

It is so true that some fancy keyloggers will capture the user names and passwords from the clipboar, but at least is some partial protection for most free keyloggers so far.
If instead of using "clipboard" for storage, we can use any other 'string-variable' to store the user names and passwords and then delete them as soon as the section of code ends, there might be a chance for the 'logger' not to record our strings, right?
I'm an amateur AHK programer and I always consentrate on the basics, but the point is to beat the keyloggers some how; I know it could be simple.
Thanks for the interest and the reply's, % 100 apreciate each of them; let's keep trying to nail the keyloggers.

Top

Laszlo

Post subject:

Posted: December 9th, 2006, 2:32 am

Joined: February 14th, 2005, 4:05 pm
Posts: 4710
Location: Boulder, CO

haichen wrote:

With SendInput the text is logged, but with SendPlay nothing is monitored.

Really interesting observation! I tested it with the following

Code:

#NoEnv
SetBatchLines -1

!z::
   cb := ClipBoardAll
   ClipBoard =
   ClipBoard = top-secret-password
   ClipWait 2
   SendPlay ^v ; <----
   ClipBoard := cb
Return

OnClipboardChange:
   cnt++
   cb%cnt% := ClipBoard
   c =
   Loop % cnt < 5 ? cnt : 5
   {
      i := cnt - A_Index + 1
      c .= i " : [" cb%i%  "]`n"
   }
   TrayTip,,%c%
Return

Pressing the Alt-Z hotkey the top secret password is inserted into the current window, and the clipboard change is registered. However, the actual content of the clipboard is not seen, as you can verify from the clipboard history shown in the traytip. (Start with a small clipboard content!) If another variant of the Send command is used, the secret is sometimes visible!

Top

.AHK

Post subject:

Posted: December 9th, 2006, 5:37 am

Joined: April 26th, 2006, 4:10 am
Posts: 657
Location: New Mexico, USA

If you are already using a script to enter the passwords/usernames then whats the point of even copying them to the clipboard? I mean the passwords are already in the script so why not just send them. Why would you first copy them to the clipboard creating a vulnerability? I might be missing the reason why so i'm not sure, but I don't think so.

Edit: The reason is obvious... Well it wasnt at first, but it is now. Sorry for the confusion.

Top

PhiLho

Post subject:

Posted: December 9th, 2006, 8:41 am

Joined: December 27th, 2005, 1:46 pm
Posts: 6837
Location: France (near Paris)

The best way to beat the keyloggers is:
1) To avoid putting them on your system (avoid risky behavior...);
2) To have a good software to detect and remove them...

_________________

vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

Top

Page 1 of 3

[ 31 posts ]

Go to page 1, 2, 3 Next

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Who is online

Users browsing this forum: Exabot [Bot], Yahoo [Bot] and 53 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum