str0kem

The fuck is this

This is something very similar to WhatPulse, except the sauce is completely open and you can connect this shit to your own SQL serbur. ;];] It's available for le macOS and 64-bit Wind0ngs.

Muy importante: this is just the client side for monitoring keystr0kes/mouse clicks. You can use (almost) any already available graphing tool to visualise that shit.

Also, the zipperin0s I've included in this repo are debug builds, so when shit hits the fan it should make troubleshooting it a bit easier. =]

Requirements

A MySQL serbur obviously, just make sure the version is 5.5 or highur. One thing you'll definitely need to do if you want to use SSL/TLS connections to MySQL (and you should): make sure the SSL cert used by the server is a trusted one.

macOS

Shit was tested on El Capitan (10.11) and Mojave

Since it uses keychain bullshit there's no actual ca-certificates directory by default. The .app has a bundled certs dir containing CAs related to LetsEncrypt only (since you're pr0lly using that anyways), but you can override this location (see Config section for more deetz).

If you're not using LetsEncrypt:

• Put all cert files in the directory of your choosing
  
• Run openssl rehash <cert dir> if your version supports it, if you installed it w/ Homebrew it's not in your PATH so use something similar to /usr/local/opt/openssl@1.1/bin/openssl instead
  
• If your openssl doesn't support that shit, it's possible the command is available as c_rehash <cert dir> instead (although it might generate wrong hashes so verification will still fail, I'm unsure how to generate the proper ones manually lmao)
  
• Specify this directory in the config
  
  

Wind0ngs

Shit was tested on Wind0ngs 10 because righteously fuck 8.x (and who uses W7 anymore?)

It seems the MySQL client library checks against the machine's certificate store, so there's no need for a certs dir like with macOS. =] My LetsEncrypt cert was accepted right away, but if you ever need to add a self-signed cert:

• Copy the cert file to da wind0ngs b0x (obviously)
  
• Simply double click that shit
  
• Click Install Certificate
  
• Now this is important, because it defaults to the Current User store but you actually need Local Machine my dude, so click that shit
  
• On the next step, again don't use the default but click Place all certs in the following store instead
  
• Browse to either the Trusted Root Certification Authoritays store or Intermediate Certification Authoritays, depending on what kind of cert it is
  
• Just click Next until it says it completed lol
  
• Possibly repeat that shit to complete the trust chain
  
  

MySQL

I've included a qt lil' SQL schema, so just import that in your SQL serbur and set up a user for the DB. ez pz

Client installation

macOS

Issa p simple yo:

• Just download the zipperin0 and extract em, then put the .app file in /Applications or some shit
  
• To monitor keypresses it needs some Accessibility privileges, so go to System Preferences > Security & Privacy > Privacy tab > Accessibility on the left > make sure the list on the right contains str0kem.app (maybe use the + button to add em) and check that b0x m8
  
• Start that shit lol
  
• It will copy an example config outside of the .app bundle, the new (sandboxed) location will be shown in a dialog
  
• Edit that shit (see Config section for more deetz)
  
• Start that shit again
  
  

If you want it to start at user login and restart when it dies:
First, copy the p00perty list file to the proper directory:
cp ass/com.jemoeder.lief.str0kem.plist.example ~/Library/LaunchAgents/com.jemoeder.lief.str0kem.plist

Then make sure the contents of that file are referring to the proper path. By default it looks for /Applications/str0kem.app/Contents/MacOS/str0kem so if you didn't move the .app under /Applications, adjust that f00kin path. =] It should never address the .app directly, it always needs the executable hidden inside.

And finally:
launchctl load -w ~/Library/LaunchAgents/com.jemoeder.lief.str0kem.plist

Every time the executable rips it'll be restarted by launchd, which usually happens within a few seconds. To stop this shit just use the above command, except substitute load for unload 0bv. ;]

Wind0ngs

Again fairly simple y0, it doesn't even need memey installer bullshit so it's pretty much a portable exe. =]

• Download the zipperin0 and extract em, then put the directory it contains wherever the fuck you want (preferably %LOCALAPPDATA% due to permissions, it runs as a regular user and never asks for admin/UAC shit)
  
• Start that shit lol
  
• It will copy an example config to your user's AppData/Roaming folder, the full location will be shown in a dialog
  
• Edit that shit (see Config section for more deetz)
  
• Start that shit again
  
  

Note: it requires certain .dll and .pem files to run properly, which I've embedded into the .exe and they get extracted when you run that shit. It will put them in the same direct0ry as the .exe, hence my inclusion of a dir in the .zip file. ;]

If you want it to start at user login and restart when it dies:

• Press Wind0ngs key + R (brings up Run dial0g)
  
• Enter taskschd.msc
  
• Right-click on Task Scheduler (Local) followed by Import Task
  
• Find/download the configuration file and import that shit (you can remove it when it's imported so doesn't matter where the fuck you put em =])
  
• In the dial0g that pops up you'll notice the word CHANGEME under General > Security options, so change that shit to your own user
  
• Go to the Triggers tab and edit the At log on triggur, edit the CHANGEME here too
  
• Now open the Actions tab and confirm that the path to str0kem.exe exists (default is a direct0ry under %LOCALAPPDATA%), also make sure there are 3 DLLs and a PEM file next to the .exe
  
  

Wind0ngs will try to start the pr0gram every minute (can't do it m0ar often w/ Task Scheduler lol) as well as at user l0g0n, but it won't run duplicate instances. You could run it as a service but there's no way to run it just for a specific user. ;]

Note: apparently sometimes the extraction of embedded files might fail when str0kem runs through the scheduled task. In that case you could just enable Run with highest privileges in the task settings. =] But really it should work without that because your own account should have full permissions on its AppData directories, so if there's a permissions error you likely fucked shit up. [=[[=[==[[==[

Config

Since """proper""" JSON doesn't actually allow comments, I'll talk a bit about em config here (although it should be pretty clear imo tbh fams):

{
    "main": {
        "host": "mysql.example.com",
        "port": 3306,
        "ssl": true,
        "sslverify": true,
        "sslcapath": "/Users/toplels/local/etc/certs",
        "user": "ayylmao",
        "pass": "poopfarts",
        "dbname": "str0kem",
        "dbtable": "keymouse",
        "dbinterval": 300,
        "logrotate": 2,
        "debug": false
    }
}

Muy importante: don't end the last lines in a hash with a comma, that shit rips on wind0ngs kek.

Pretty much half of it is required, exceptions being:

• port: defaults to 3306
  
• ssl: defaults to true, since you're prolly connecting over tEh iNtErWEbS
  
• sslverify: verify SSL certs, defaults to true cuz inb4MITM my d00d
  
• sslcapath: path containing a bunch of hashed Certification Authority certs, defaults to the bundled certs dir for macOS only and simply NULL for Wind0ngs (because it doesn't work on there, it requires one CA bundle which is embedded in the exec00table)
  
• dbinterval: how often to connect to the DB, defaults to 300 sec
  
• logrotate: rotate the log file when it gets this big (in megabutts lol), defaults to 2 MB
  
• debug: log extra shit to logfile, defaults to n0 obv
  
  

If you don't wanna use an optional configurable, just leave out the entire line. ;] In some cases it works to pass an empty value but just omit it to be sure.

pr0blem?

If the br0gram runs into any problems along the way it'll most likely notify you about it via a dial0g. It also logs some shit to a file in the same dir as the config.

Also, if shit like writing to log fails we obviously cannot log that on disk anywhere, so there are a couple of printf statements too. You can see these by running the executable directly.

macOS

You'll need to call the "hidden" binary directly: /Applications/str0kem.app/Contents/MacOS/str0kem

Wind0ngs

Since cmd won't wait for GUI/WinMain applications to finish (i.e. returns to prompt), you gotta use a bogus pipe: "%LOCALAPPDATA%\str0kem\str0kem.exe" | rem
Otherwise any printf output will be mixed together with y0 prompt and shit. =]

n0tes

If the program receives a termination signal it will write the current in-memory counters to a file before it actually exits. Next time it starts up it will start from that point so you won't lose hits. For all platforms there's a timer that runs roughly every minute to write that shit as well.

macOS

The counter file should be written if the br0gram receives any of these signals: SIGTERM, SIGINT, SIGQUIT, SIGHUP, SIGUSR1, SIGUSR2. macOS seems to be running timers in series so there's no real need to purposely stall/offset the timer for writing the counter file.

As far as I can tell, unloading through launchctl and using the Quit option in Activity Manager (not Force Quit) both result in the file being properly written. Shutting down y0 Mac goes through launchd as well so it should be the same for that. [[=[=[==[[=[==[[==[=[

Wind0ngs

It doesn't actually generate signals the way Unixy systems do, but instead uses the TerminateProcess API which might kill the process without notification (thanks Microsoft). Meaning the file might only be written on termination if you run the .exe from a cmd and you Ctrl+C that shit (which does seem to gener8 SIGINT). Also, Wind0ngs seems to be running timers in parallel so we do have to purposely stall/offset the timer for writing the counter file. Otherwise both the MySQL insert and this timer might run together, resulting in a counter file with stale data. As such this particular timer will fire every minute but inside of it there's a wait for at least 200 milliseconds, it will also sleep additional 20ms for as long as MySQL is inserting.

Custom compilation

First off, I've included project files/solution bullshit so you should be able to just open those in your IDE and start editing. They should all contain relative paths regarding sauce/incl00d dirs etc, but to make sure it werks try compiling right away without any modifications. Just make sure you've installed the proper libraries first 0bv (i.e. follow the steps below first). ;]

Since it was a fucking pain to figure out how to properly link (embedded) shit, I'm gonna be a br0 and explain all that shit right here. =]

macOS

You need a few external libraries for that shit:

• libmysqlclient: with Homebrew you can install it using brew install mysql-connector-c
  
• libzstd: not really sure where the fuck this comes from but libmysqlclient seems to need it lel, can prolly find the proper version in the same directory tho
  
• libssl and libcrypto lel
  
  

One thing you'll very likely need to adjust after that is at the top of str0kemAppDelegate.m:
#include </usr/local/Cellar/mysql-connector-c/8.0.25/include/mysql.h>
Make sure the path and version here match the library installed on your system.

Then also make sure it links against the .a and .dylib library files of the same version. If you happen to have v8.0.25 of the connector libs just like me, then you should be good to go. If it still n0 werkies or you have a different version, you gotta edit some shit. Most of the steps required to embed libraries are already done, so it should be a simple matter of:

• Go to the direct0ry: /usr/local/opt/mysql-connector-c/lib
  
• In there you should find a couple of files: libmysqlclient.xx.dylib (where xx is a number, in my case 21), libmysqlclient.a (static library/archive) and libmysqlclient.dylib (a symlink to the numbered variant)
  
• Copy the non-symlink fiels to this repo's sauce tree under sauce/mac/lib, overwriting any existing files in the process
  
• Now click the project file in the editor
  
• Click on em Build Phases tab
  
• Scroll down to the Run Script section
  
• In there you'll notice a path referring to the libmysqlclient.xx.dylib you copied earlier, make sure the xx in the script matches your file's version too
  
  

And that should d0 it. =]

Note: My custom build script used by Xcode has to re-codesign the libmysqlclient library because we need to modify the "rpath" pointing to libzstd inside it. Xcode's codesigning step happens before this so the resulting application will other crash due to an incorrect signature. =] The custom script should be able to pick up on your codesigning identity automatically, but if not then just copy the env.sh.example to env.sh (next to str0kem.xcodeproj) and edit the export line so it uses the proper identity.

Wind0ngs

Again you need one library, but it involves a couple more steps lol.

libmysqlclient

• Go to the MySQL Windows Installer downl0ad paeg
  
• Scroll down and pick either of the installers (difference being web vs. offline inst0ll)
  
• It will pr0lly ask you to upgrade the installer once you run em, so just do eet fagg0t
  
• When it finally opens, click Add... on the right
  
• Expand everything under MySQL Connectors > MySQL Connector/C until you finally get to choose between x64 and x86 (yes, not the C++ connect0r, because it's fucking shyte)
  
• You can only install one of the architecture variants, but you should prolly just go with x64 because who the fuck still runs x86?
  
• Install that shit
  
  

One thing you'll very likely need to adjust after that is at the top of str0kem.cpp:
#include <C:/Program Files/MySQL/MySQL Connector C 8.0/include/mysql.h>
Make sure the path and version here match the library installed on your system.

Then also make sure it links against the .lib and .dll library files of the same version. If you happen to have v8.0 of the connector libs just like me, then you should be good to go. If it still n0 werkies or you have a different version, you gotta edit some shit. Most of the steps required to embed libraries are already done, so it should be a simple matter of:

• Go to the direct0ry: C:/Program Files/MySQL/MySQL Connector C 8.0/lib (change version as needed 0bv phambly)
  
• In there you should find a couple of files: libmysql.lib (static) and libmysql.dll (shared/dynamic library)
  
• Copy these to this repo's sauce tree under sauce/win/lib, overwriting any existing files in the process
  
  

Certain MySQL library versions may also require libcrypto and libssl, I couldn't find a way to get it working by grabbing them from OpenSSL packages but luckily they are included with the MySQL C++ connector. So just install that as well and copy libcrypto-1_1-x64.dll and libssl-1_1-x64.dll to the same sauce/win/lib dir. You may need to adjust the 1_1 version to something else, as well as changing it in the Visual Studio pr0ject.

And that should d0 it. =]