AirDrive Keylogger Max

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
AirDrive Keylogger Max

Summary

The AirDrive Keylogger Max is comparable to the AirDrive Forensic Keylogger Cable (Pro Version). It has additional connectivity and more download options. It works both as a Wi-Fi hotspot, and as a Wi-Fi device, enabling features such as Email reports and time stamping. 8GB of built-in memory was used.

Features

  • Records keystrokes from any USB keyboard
  • 8 gigabytes of built-in memory
  • Memory accessible as a USB Hi-speed flash drive (480 Mbps)
  • Undetectable for security software
  • Supports over 40 national keyboard layouts
  • Compatible with barcode readers
  • Works as a Wi-Fi hotspot, or as a Wi-Fi device
  • Sends Email reports with recorded keystroke data
  • Supports time-stamping
  • Supports live data streaming over network
  • Connect from any computer, smartphone, or tablet
  • Access keystroke data from web browser
  • Supports WEP, WPA, and WPA-2 network security

Description

You don’t need any physical access to access the logged data. It is available on its interface, which is accessible by connecting to it over Wi-Fi. Once you are connected, you can view the logged data in real-time or just download it. To hide the keylogger, you can erase the log, disable further logging, or even hide the WLAN network. It is simply installed by just connecting any types of USB keyboards or barcode reader. Just connect the keylogger in-line with the keyboard and all keystrokes will be recorded.

There are a lot of configuring options, which will be shown in the practical part.

Hands-On

 1. Connect the USB keylogger in-line with the external keyboard and the target host.

 2. Connect your smartphone, tablet or computer to the Wi-Fi network "AIR_XXYYZZ", where "XXYYZZ" is the device ID of the USB cable.

 3. You can then use any web browser to access the interface under the IP "192.168.4.1".

Web Interface 1.PNG

 4. Open the settings to configure the keylogger cable. Various configurations can be made there:

Web Interface 2.PNG
Web Interface 3.PNG

We can click on “Toggle Keyboard” to make the keylogger act as a normal flash drive.

 5. Since the Keylogger Max version has more features, we can take a look at the advanced settings: For every of the advanced settings, an internet connection will be needed.

Web Interface 4.PNG

After you entered the SSID and the password of your WLAN network, you have to press the save button and restart the device, to activate the configurations.

Web Interface 5.PNG

You can also use a specific NTP server from https://ntp.org After configuration, keystrokes will be shown with timestamps in data log.

Web Interface 6.PNG

Find out your SMTP server addresses either by command line or by an online-tool like https://www.dnswatch.info.

Example (if you would use GMAIL):

  • Gmail SMTP server address: smtp.gmail.com
  • Gmail SMTP name: Your full name
  • Gmail SMTP username: Your full Gmail address (e.g. you@gmail.com)
  • Gmail SMTP password: The password that you use to log in to Gmail
  • Gmail SMTP port (TLS): 587
  • Gmail SMTP port (SSL): 465

Don’t forget to press the “Save” button.

Web Interface 7.PNG

The IP of the target out by typing “ipconfig” in the terminal (Windows) and reading out the local IP address. Choose a free target port of your choice.

You can download a UDP client or use instead the example client, which was already linked in the there.

Don’t forget to press the “Save” button. Don’t forget to apply settings with pressing for each section the “Save … “-button.

 6. We can download the “Data log” under the “Download” button.

Web Interface 8.PNG

 7. With a click on "Data Log" we can observe what is typed on the external keyboard.

Example of a Data Log

In the following you can see a screenshot of a typical user logon process on the portal of the FH Campus Wien.

Web Interface 9.PNG

Important Legal Notice [1]

The usage of a keylogger is fully legal as long as a clear notice is displayed, informing the user of the monitored equipment about the presence of a keystroke logger. We encourage the use of this equipment only for the purpose of monitoring your own computer, especially for protecting children against online hazards. It is NOT LEGAL to use a keylogger for the purpose of intercepting third party data, especially passwords, banking data, confidential correspondence, etc. If in doubt, please seek legal advice before using a keystroke logger. A good starting point is the U.S. Department of Justice Letter on Keystroke Monitoring and Login Banners, according to which a clear notice should be displayed, warning that user keystrokes may be logged.

This PC is monitored.PNG

Keyboard compability limitations [1]

The device will work with almost all types of physical USB keyboards (it won't work with internal laptop keyboards). It works fine with wireless keyboards, with exception of Bluetooth keyboards. It won't work a few types of keyboards with built-in high-speed USB hubs (primarily Apple A1243 and Dell KB522), for which the Mac/MCP series should be used. Support for some gaming keyboards is not fully guaranteed, as they often use proprietary protocols.

Hardware Used

USB Keylogger Max 8GB

References