|
| Budget: |
$ 1000-3000 |
| Status: |
Frozen
(
waiting action from buyer )
|
| Project
Creator: |
|
| |
1
reviews
|
| Required
Skills: |
,
,
,
,
|
| Attached
Files: |
kernel-resources.zip
|
 |
|
|
|
|
|
|
|
|
|
|
Description
I need a program coded that is a "Cheat Monitor" (keylogger) on the kernel level of WinXP and Vista at ring0. Rootkit knowledge is necessary.
This program is installed stealthly without any detection or notice on for example a spouses computer and you can capture keystrokes and screenshots and have the data sent to a server in stealth without any notice from anti-virus and firewall.
I opened this same project about a month ago. I'm going to list my original requirements below. If I find a rootkit programmer we'll discuss more requirements in details before we get started.
I did find a rootkit programmer. I worked with him for a month every day, trying to build the perfect program. Well, it looks like he has disappeared. I don't know why he decided to do that since we have been testing his demos, he has even sent me the source code to the main module. I don't have the source files and drivers so the source code can't be compiled. Although this source should help you in a lot of the coding that you would have to do. The main module for which I have the source is actually the module (program) that is installed on the users computer in stealth. It has all the coding in there, only thing is the drivers need to be coded so the source can be compiled.
Also maybe somebody that has experience in reverse engineering could disassemble his program to help code your own. Although I know that reverse engineering can be more expensive and complicated than writing the code itself. It's a really good program all the features that I wanted have already been coded, screenshot features, etc.. and is undetected by all anti-virus and most firewalls that are built-into anti-virus. The only problem is that there is a popup that logger is going to be installed and on reboot the program deletes itself instead of continuing to run as set in the settings. Also it's not undetected by 3rd party firewalls which I also need. Also his demo is not Vista compatible which I also need.
Here were my original requirements of the software in my original posting:
What is Cheat Monitor?
Cheat Monitor Is Software That Tracks All Traffic On Any Computer To Catch Cheaters.
I need a software created similar to: http://www.cheatmonitor.com or http://www.ardamax.com/keylogger/
It's a software that monitors all traffic on a computer, example: keystrokes, screenshot capture, browser history, etc.. It's for if your spouse is cheating, you can install this on your computer and it will record all the users actions.
Before you bid, please read everything carefully this is an expensive project and I need everything to be understood in detail.
I will list the features below and some modifications.
First most important is that I want this software coded on the kernel level so that it runs silently on the lowest level of Win2K/XP/Vista Operating systems. Since I would like this program to be coded on the kernel level. I believe you should have knowledge and experience with rootkit technology, driver development and security. Software should be coded in C, C++ or Assembly.
From my research it seems the, "Keyboard Filter Driver" can be used as a beginning rootkit, which can be found in the MS DDK (kbfiltr). I have attached a slightly modified version of kbfiltr which might help you as a base for coding this software. As well as another modified Keyboard Filter Driver called, Klog. I don't know if that code will work with a USB keyboard as well PS/2, that needs to be checked as the software should work with all types of keyboards.
The program needs to completely undetected by all anti-virus and all firewall. When logs are being sent there cannot be any firewall pop-ups saying it's connecting to a server, etc.. It needs to be a 100% unique build with no signature in the AV database. If you have coded this software for somebody in the past don't send me the exact same thing, it needs to be modified so I have a 100% unique build that nobody else has.
If it will be less work and help lower the price then, these are some features I thought you could remove:
A professional GUI isn't important, anything simple that is understandable will be ok. I don't need the option for the log to be sent through e-mail as most of these softwares do. FTP is good enough. I also don't need to record P2P activity (one of the features on the Cheat Monitor software). Anything you see in that software that you would consider a "bell/whistle" I don't need.
I have attached a few resources and documentation regarding kernel development that I hope would help you as a base to code this software. If these resources do help you I hope you can take that into consideration when you place your bid, that is the reason I'm attaching this information. I would appreciate it if you looked over this information before placing your bid.
Features:
Remote Installer - creates a customized Keylogger engine file. Example: You can e-mail this to a person for remote monitoring.
Invisible mode makes it absolutely invisible to anyone. Must NOT be visible in the registry, task bar, system tray, Windows 98/2000/XP/2003/Vista Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.
FTP delivery - Upload recorded logs using HTTP post or using port UDP 53 with traffic discuised as DNS traffic to bypass FW. If you don't know how to do this, then FTP is ok. I can find a network security specialist to work on that part. Most likely if you use FTP it's not going to bypass FW unless you have your own special technique.
Clipboard logging - capture all text copied to the Windows Clipboard.
Screenshot Capture - periodically makes screenshots (every time new window is open and of specifc websites) and stores the compressed images to log.
Security - allows you to protect program settings, Hidden Mode and Log file. Able to change log file and server to random names. Log file is encrypted well. Can only be viewed with log viewer. Logs need to be split in small sizes when being sent to server if it will be a danger to stealth.
Application monitoring - keylogger will record the application that was in use that received the keystroke.
Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke!
Small size – Make keylogger small size program. Has no additional modules and libraries, so its size is smaller and the performance is higher.
Other Features:
Windows 2000/XP/Vista support
Automatic startup
Easy to install
Other features needed:
Keylogger must specify name of machine it is reporting on in logs and log file name.
Must be able to activate it for a certain period (#days). After time-frame has passed the server (keylogger) is completely deleted from the computer. (Software self-deletes itself after a certain # of days).
Must not be detected by any Anti-Virus or Firewall such as NOD32, Panda Anitvirus, Spy Sweeper, AVG, Kaspersky, Avira, Bit Defender, etc. to name a few.
Must run completely hidden and in stealth mode
If you have any questions please don't hesitate to ask me. If you bid on this project please be 100% sure of all my requirements. I will be speaking to all bidders in detail to make sure we understand everything completely.
Additional Notes:
I was advised that if you use the keyboard filter driver to use it on ring0 that will greatly increase privileges and capability.
The most important part of this project is stealth so coding it in kernel mode and rootkit technology are the most important steps.
Thanks
Additional information:
Submitted on 11/22/2008 at 18:03 EST
I also wanted to add, that if you use the source I have to code this program, you don't need to code a log viewer. I have a 100% working log viewer that works with the program I currently I have.
Reminder
You may not start working in this and any project before
your bid is accepted. Any user who violates this policy
may have their account permanently suspended.
|
