Rereading the code from back then makes me a little embarrassed but I’m going to share parts of it anyway.
This is a piece of software for Windows XP, although I think it still works on Windows 7 and 10, written in C# using Visual Studio.
Why did I do it
When I was little I used to hang around an Internet Café and eventually I became friends with the guy that managed the place. One day he showed me how he managed to trust his employees.
There were like 15 computers at this store and they didn’t have a monitoring software installed for privacy issues. There was an additional computer though that was used to enable and disable the others. This one was where the employees would sit. The manager wasn’t there all day so he had to make sure the money and the computer usage matched.
For this he used a software called 007 Spy Software. I was amazed by this as you could see everything. It acted as a key logger, but also took screenshots, recorded browsing history and so on.
Both because I was curious to know how such a software worked and because I wanted to learn. I decided to make my own version of it.
Key logger. I started out with what seemed to be the easiest task.
I copied parts of the class here and there on the internet and didn’t know half of what I was writing. In the end I adapted it a little and it started working. It wrote to file whatever I was typing on my keyboard.
The way it works is by calling two functions at two different times. In fact there are two asynchronous timers, one that loops every 10 milliseconds and calls a function that checks every key on the keyboard saving the pressed ones, and the other timer that loops every thirty minutes and saves the data to a file.
Screenshots. I too wanted to screenshot everything just like the original software, so that’s what I tried to do second.
This part was tricky. To take a screenshot of the monitor was easy enough, create a bitmap image and then copy every pixel on the screen to said image, finally save it to file.
When I tried it, it partially worked. I saw just one of my screens on file. Then I learned that for Windows, the screen wasn’t every monitor connected to the computer but the main one. And if I wanted everything I had to get all the screens.
Geolocation. I wanted to add my own touch to it, so I thought, how about I add a geolocation feature because if it’s a laptop it can move and I might want to know where it is. Back then the only geolocation I knew was based on the IP address of the computer.
To achieve this task I had to know the IP of the computer and then somehow calculate the location from that IP. I didn’t know then that I could get the IP from the Windows API, so I used another method.
I made a web request to http://whatismyip.org which return the ip as text. I took the first line and that was my IP address.
Once I had my IP I made another web request, this time to http://geoiptool.com/data.php which returned all I needed (doesn’t seem to work anymore)
Wrapping it up
I didn’t know how to make an installer and I took advantage of it. I made it so that, when the executable launched, the one built from Visual Studio, if it wasn’t in a certain system directory (where the user could write freely), it would copy itself there automatically.
I also named the process
winlogon so the user could be easily fooled into thinking it was some kind of a system process. And obviously set it to start on login.
Some other fun stuff. At this point I remember wanting to challenge myself a little more. I added some more percs.
- The software would create an xml configuration file.
- The configuration had credentials to an ftp server, upload frequency, pictures quality, screenshot frequency and some other stuff. It was used to upload key logs and screenshots there.
- This file could be updated, because the software checked periodically for configuration updates, this way, if I updated the ftp password or got another server completely it would still work.
- If there was a flag present in the configuration, the program would kill itself and delete any trace of it’s existence.
After testing it on my own computer, I asked a family friend, who was a licensed private investigator if it could be useful to him, he said he’d try it. Afterwards he told me that a couple of colleague of his found the software useful and wanted a copy.
Thanks for reading this far and stay tuned for more fun articles :)