Jump to content

[C] GPU Based Keylogger [Undetectable] [Full Source Code]


Recommended Posts

This is a GPU Based keylogger, meaning it resides and functions on the graphic processing unit rather than the CPU.

Its capable of doing this By instructing the GPU to carefully monitor ,via DMA , the physical page where the keyboard buffer resides,

it thus can record all user keystrokes and store them in the memory space of the GPU.


This is the hidden content, please


This is the hidden content, please


It does not rely on any kernel modifications besides altering the page table, and uses a small code snippet that needs to run just once from kernel context to acquire the physical address of the keyboard buffer.

This code is completely standalone, does not require any hooks or other modifications, and is completely removed after it accomplishes its task.

The physical address of the keyboard buffer is then used by the GPU to monitor all user keystrokes directly via DMA, through the direction of a user-level controller process.


Requirements for use:


  • OpenCL drivers/icd's installed
  • AMD or NVIDIA card (although AMDAPPSDK does support intel)
  • linux kernel headers


Here is a summary of what this POC does:

  • CPU kernel module bootstrap to locate keyboard buffer via DMA in usb struct
  • keyboard buffer gets stored in userland file
  • kernel module deletes itself
  • OpenCL stores that keyboard buffer inside gpu and deletes file due to evidence


Thanks to team Jellyfish for this POC...all credits goes to them.




This is the hidden content, please






Pass: level23



Why is it undetectable?

The answer is easy...Current malware analysis and detection systems are tailored to CPU architectures only, and therefore are ineffective against GPU-based malware

Edited by Diabl0
Link to comment
Share on other sites

This topic is now closed to further replies.

Chat Room

Chat Room

Chatroom Rules

No support in chat, open a thread.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

The popup will be closed in 15 seconds...