|
 |
|
|
|
|
|
|
|
|
|
|
Description
I need a program coded that is a "Spouse/Family Monitor" (keylogger) on the kernel level of WinXP and Vista at ring0. Rootkit knowledge is necessary.
This program is installed stealthly without any detection or notice on for example a spouses computer and you can capture keystrokes and screenshots and have the data sent to a server in stealth without any notice from anti-virus and firewall.
What is a Spouse/Family Monitor?
It Is Software That Tracks All Activity On Any Computer To Catch Cheating Spouses or Monitor Family Members.
I need a software created similar to: http://www.cheatmonitor.com or http://www.ardamax.com/keylogger/
It's a software that monitors all traffic on a computer, example: keystrokes, screenshot capture, browser history, etc..
Before you bid, please read everything carefully this is an expensive project and I need everything to be understood in detail.
First most important is the stealth of the program. The program cannot be found on the users system or raise any alerts to the user. The program has to be undetected by anti-virus as well.
I would like this software coded on the kernel level so that it runs silently on the lowest level of Win XP and Vista Operating systems. I need this program to be compatible on the 64 bit versions of XP/Vista as well. Since I would like this program to be coded on the kernel level. I believe you should have knowledge and experience with rootkit technology, driver development and security. Software should be coded in C, C++ or Assembly.
Program needs to be 100% unique build with no signature in the AV database. If you have coded this software for somebody in the past don't send me the exact same thing, it needs to be modified so I have a 100% unique build that nobody else has.
Features:
Remote Installer - creates a customized Keylogger engine file. Example: You can e-mail this to a person for remote monitoring. The keylogger engine file must be a small size must not require user to have necessary libraries or modules to run logger.
Invisible - makes it absolutely invisible to anyone. Must NOT be visible in the registry, task bar, system tray, Windows 98/2000/XP/2003/Vista Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list. When program is executed it has to be sliently with no alert or popup of any kind from windows or any anti-virus program. All drivers, files and registry keys if used must be hidden very well and not easily discovered. The stealth of the program is the most important thing. Without stealth the program is useless. The coder must be advanced in windows security.
Data Logs - should be possible to change log folder name. Log file is encrypted well. Can only be viewed with log viewer. Logs need to be split in small sizes when being sent to server if it will be a danger to stealth. Example: data is split up into 20kb files. When logs are sent to server they should be stored in a folder which is named with the mac address and ip address of where the data is coming from. The logs should be encrypted maybe with DES? Although the log size should be as small as possible so maybe you would have to use base64 or maybe you have another suggestion. The data should be compressed with zip and there should be a password set on the zip files. The password shouldn't be user configured. It should be a random password that the log viewer will be able to read. It's configured internally in the program and log data.
Screenshot Capture - periodically (example every 20 seconds) takes screenshots (every time new window is open and of specifc websites) and stores the compressed images to log. Quality of screenshots are reduced to reduce log size.
Application monitoring - keylogger will record the name of the application that was in use that received the keystroke.
Time/Date stamp - it allows you to pinpoint the exact time a window received a keystroke.
Clipboard logging - capture all text copied to the Windows Clipboard.
Capture Web Broswer History (visited urls).
Remote Uninstall - In order to remove the logger from clients computer. I will have an "uninstall_list" that I upload to the server the data is being sent to. If I add the clients mac/ip address which is the name of the folder, the logger will check this list and if it sees the mac/ip address then the logger will automatically stop sending data from clients pc and completely remove/delete permanently from clients pc as well as remove any remaining logs and log folder.
Danger Application - The program will have a feature where I can input the name of the .exe of a "danger application" the logger when executed will check for the danger application if it is on the clients pc the logger will NOT install and completely remove/delete itself.
Summary and Additional Notes:
Kernel Level logger on ring0, hi speed, small footprint and size, low cpu usage.
Windows 2000, XP 32/64 bit and Vista 32/64 bit support.
Use Windows Service to auto start logger on boot.
Must run completely hidden and in stealth.
Bypass all anti-virus.
Must work with all types of keyboards, PS2/USB/Wireless
Must work on all PC's and Laptops
If you notice I did not mention delivery method of log data. The reason is that I have my own data transfer program. You will use my data transfer program. I have a .dll component and API for calling it from the logger. You will be provided with C++ header file and .lib file for proper exe building. You don't have to do anything except call my program and it will send the data on it's own when it's supposed to and delete itself after logger has been uninstalled.
Please take into consideration since I will have my own data transfer program the price of this program should be reduced compared to if you did have to code a data transfer method. Your job is the stealth of the program and functionality.
I know two rootkit programmers that have advanced knowledge of windows security. They will analyze your program before we complete the transaction. So please make sure if you want to work on this project that you have an advanced knowledge of windows security and stealth. The code needs to be good, if you try any "shortcuts" or bad methods then they will be able to find out. Program must be perfect without any bugs or flaws. I would like to get what I'm paying for.
I don't want any user level methods in the logger such as:
1) usage of GetAsyncKeyState, GetKeyState, GetKeyBoardState WinAPIs;
2) usage the Windows Hooks;
3) usage the possibilities of DirecX;
4) usage injecting DLL in all processes and hook some WinAPIs (GetMessage for example).
When you bid on this project please send me a PM and answer these questions:
(I'll attach these questions in a text document if it will be easier to answer).
Do you have advanced rootkit/windows security knowledge? If so, can you explain your experience? (Please be as elaborate as possible).
Have you coded a program like this before? If so, do you have a demo? If you do not have a demo can you provide so I can make my decision to select you as the coder?
Will you provide full source code after transaction is complete?
Will you be able to provide after-support? Say anti-virus detects your program after 2 weeks we close this project, will you modify the program to make undetectable again? If so, what would be the time frame of after support?
Do you agree that I will have full rights to this program and you cannot resell?
Which language will you code this program in?
Which method will you use to create a kernel level driver for logger? or if none of these methods please explain your method you plan on using.
1) usage the keyboard filter (it using keyboard IRPs);
2) interception the WinAPI by SDT (Service Descriptor Table);
3) interception the WinAPI by code replacing.
That should be all my questions.
I apologize about all the lengthy questions and discussions. I just want to make sure the coder I select will be able to complete my requirements. I don't want to select a coder that just says they can do this without any actual explanation and then if I select them, after some time we find out they can't do it. Then it's going to be a waste of time. If we are perfectly clear in the beginning we'll avoid any issues down the road.
Thanks for your time.
Additional information:
Submitted on 01/04/2009 at 1:28 EST
If you place a bid could you PM and let me know what the price would be without the source? I don't necessarily need the source if you can provide after-support.
If you have the knowledge but, don't agree to some terms, that's ok, I'd still like to hear from you.
Thanks
Reminder
You may not start working in this and any project before
your bid is accepted. Any user who violates this policy
may have their account permanently suspended.
|
