AutoHotkey Community

[MKS9806]

Is there a way of beatting the KeyLoggers?
That's highly questionable, but there is a way of beatting most of the free versions of the KeyLoggers with "AHK".

The code is simple and it also helps storing large amounts of passwords in a safe location.

[foom]

Here is a version that saves you to write a hotstring for every account you have.

[BETLOG]

I see 2 significant problems with that:
1) any locally installed keylogger could also monitor the clipboard.
2) you are storing your passwords WITH your usernames, and in PLAIN TEXT.
ok sure, so you could compile/encrypt the .ahk, but you get my point - refer to 1)

[Laszlo]

[foom]

[Laszlo]

You can create and compile your script in a safe environment (no network, booted from a clean CD) and run it from an USB stick. Of course, there is no absolute security, we can just try to make life harder to ordinary key loggers.

Clipboard changes are registered after a few ms delay, due to the inner working of Windows. If in this time the clipboard changes twice, the monitor program only sees the final content.

[foom]

[haichen]

If you have a clipboardtool like CLCL from www.Nakka.com you can see all your passwords in plain Text.

haichen

[Laszlo]

Have you tried it (with real time priority script, SetBatchLines -1, and SendInput for sending ^v)? If it really catches fast clipboard changes, it might have its own clipboard handler. Otherwise CLCL sucks. (In word processors it shows only picture placeholders, inserts bookmarks, etc. There is no support, bug reports are never answered.)

[PhiLho]

I use CLCL all the time, and I am a satisfied user, but I probably have a very different use than you, mostly using it for strings in text editors.
Notice that by default it doesn't handle all clipboard formats, you have to add plugins to allow it to recognize more formats.
_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

[haichen]

With SendInput the text is logged, but with SendPlay nothing is monitored.
Works all so without the commented code.

[MKS9806]

It is so true that some fancy keyloggers will capture the user names and passwords from the clipboar, but at least is some partial protection for most free keyloggers so far.
If instead of using "clipboard" for storage, we can use any other 'string-variable' to store the user names and passwords and then delete them as soon as the section of code ends, there might be a chance for the 'logger' not to record our strings, right?
I'm an amateur AHK programer and I always consentrate on the basics, but the point is to beat the keyloggers some how; I know it could be simple.
Thanks for the interest and the reply's, % 100 apreciate each of them; let's keep trying to nail the keyloggers.

[Laszlo]

[.AHK]

If you are already using a script to enter the passwords/usernames then whats the point of even copying them to the clipboard? I mean the passwords are already in the script so why not just send them. Why would you first copy them to the clipboard creating a vulnerability? I might be missing the reason why so i'm not sure, but I don't think so.

Edit: The reason is obvious... Well it wasnt at first, but it is now. Sorry for the confusion.

[PhiLho]

The best way to beat the keyloggers is:
1) To avoid putting them on your system (avoid risky behavior...);
2) To have a good software to detect and remove them...
_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")