Secure On-Screen Keyboard

Dominic White

 

Secure On-Screen Keyboard

While preparing my tin-foil body suit. I found this little gem; a randomisable on-screen keyboard, at this site.

It has two files, one is the keyboard.py which displays a keyboard in your terminal and outputs to a fifo. You can click on the keys with your mouse or navigate to the correct key with your cursors and press space. Pressing Esc changes input from the on-screen keyboard to your normal keyboard, i.e. the on-screen keyboard will grab normal keyboard input and send it to the fifo. You can also press r to randomize the keyboard.

The second file keywrap.py sets up a PTY and maps STDIN/OUT/ERR to a process you tell it to execute. This is how you can map input from the fifo to, say ssh.

This is perfect for the secure browser discussed in the last entry. Now keyloggers will have to deal with far too many variables, and unless it is a very targeted attack, you would be safe. I wrote a little script, sssh.sh for "super secure shell". It sets up the fifo for you and opens the keyboard in a compact little new window and initiates the ssh session. Here it is:

#!/bin/sh
terminal="gnome-terminal --geometry 45x7 -e"

if [ -z "$1" ]; then
   exit 1
fi

fifo=`mktemp -u ~/$1.XXXXXX`
mkfifo $fifo
chmod 600 $fifo
export DISPLAY=:0
$terminal "keyboard.py -cCq $fifo"&
pid=$!
cat $fifo|keywrap.py "ssh $1"
rm $fifo
kill $pid

Sunday, January 8. 2006
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

 

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment