markdown

Keylogger Program Analysis

Overview

This document reviews a C-based program designed to monitor multiple keyboard devices for input events and log them into a database. The code includes mappings of keycodes to character representations and utilizes system calls to interact with input devices efficiently.

Code Highlights

Bugs

  • Key Mapping: The keycode_to_char array lacks comprehensive keycode definitions, leading to potential null pointer dereferences.
  • Security Risk: SQL injection vulnerability due to direct variable embedding in queries.
  • Unhandled Returns: Undefined behavior for unknown keycodes, potentially causing NULL insertions in the database.

Optimizations

  • Implement error handling for snprintf in loops and use strncasecmp for safer keyboard checks.
  • Minimize EVIOCGNAME calls by caching device names.
  • Bound checks to prevent keycode_to_char array access overflow and batch read operations for performance.
  • Ensure proper resource cleanup, including database connection closure.
  • Adopt dynamic memory allocation if device_path exceeds 32 characters.

Strengths

  • Efficient monitoring of multiple devices using fd_set and select().
  • Proper use of snprintf to prevent buffer overflow.
  • Logical division between device acquisition and event processing.

Summary

Despite its functional capability, the program presents issues primarily in security, efficiency, and resource management. Addressing vulnerabilities and performance limitations could substantially enhance its reliability.

Recommendations

Consider using open-source alternatives for better functionality:

  • Logkeys: Offers broader functionality and community support.
  • Keylogger: Lightweight with active development on GitHub.