Hauptmenü

• Home
• Board
• About

Untermenü

• News

  • News

• Publications

  • Hakin9
  • Whitepaper

• Projects

  • PESec

• Research

  • Advisories

• Reviews

  • Books
  • Hardware Devices

KeyCarbon USB Home

Note 1: This review is available in English and German.

Note 2: The following text is only a review. If you would like to get more information about hardware keyloggers in general, such as its pros and cons, capabilities, comparison with software keyloggers, countermeasures etc., I wrote an article for the Hakin9 magazine. It can be found in the publications section.

Overview

Company: KeyCarbon LLC

Website: KeyCarbon

Product: KeyCarbon USB Home, KCU401

Memory: 512 kB

Date/ timestamp: No

Encryption: None

Price: 187 $, ~132 €

Packaging, first impression and size comparison

The packaging consists of a plastic jacket, similar to DVD-packaging, which is sealed. Included is not only the hardware keylogger, which is inside an ESD foil, but also a short reference for quickstart and a white case, which can be exchanged with the black one.

The exchangeable cover is as positive as the tip in the sheet, which says, that the keylogger has an updateable firmware, which has not always to be the case.
This review was written with firmware v4.0.0.5348. With a new firmware it may be possible that new keyboards are supported or new functionality gets available. Therefore there is no need to buy a new hardware keylogger when new keyboards appear on the market, which results in a saving of money.

The hardware keylogger itself seems to be stable and good developed.

To get a better feeling for it’s size a comparison with a 1-Euro coin was done.

Functionality

My model has 512 kB non-volatile meomory which is enough for about 500000 keystrokes. This may be enough for most private individuals. Companys or Security Consultants may be more interested in other products offered by KeyCarbon, which have not only more memory, but also 128-Bit encryption and date/ timestamp functionality. They are also offering hardware keyloggers on PCI-basis which are installed directly in the computer or notebook which results in higher stealth. More about these and other products can be found on the official website from KeyCarbon which can be reached at www.keycarbon.com.

Is the maximum memory reached the oldest data will be overwritten with the newest (FIFO – First in First Out).

Installation

Installation is very easy and takes less than 5 seconds. The hardware keylogger only needs to be plugged in inline between USB-keyboard and PC to start recording the keystrokes.

During the tests a message from Windows popped up, showing that a standard USB-Hub was inserted. However, this message disappeared after a few seconds.

The attempt to get more information about the hardware keylogger using the integrated device manager from Windows failed. Several different freeware-tools were tried (USBDeview from Nirsoft (www.nirsoft.net), USBView from Microsoft, …) to see if the hardware keylogger is detected as such. However, it was steadily detected as an USB-Hub which may not raise big concern.

Retrieval of Logs

Generally there are two possibilities to retrieve the logs:

• Typing in any editor (any program with text-engine will do) the password of the keylogger. As soon as it gets recognized by the device it will generate an ASCII-menu on the screen which offers some options.
  
  

  ROOT MENU
  1) Full memory download
  2) Partial memory download
  3) Erase memory (quick)
  4) Erase memory (thorough)
  5) Modify password
  6) Mode: Rapid Downloader
  7) Mode: Firmware Upgrade
  8) Options
  9) Speed
  0) Quit
  
  Select:
  
  

  By chosing for example the second point, Partial memory download, it will first display how much characters were stored so far and how much percentage they take in memory. Typing in a number will tell the device how many characters should be retrieved.
  The advantage by using this method is that it works with every operating system (with text editor) and no extra software is needed to be installed. Disadvantage is that it takes longer to retrieve the logfile compared to method two.
• Using a program developed by KeyCarbon called KeyCarbon USB Windows Toolkit. There included is another program called Rapid Downloader. This allows to download the logfile much faster than with the first mentioned method. However, this only works with Windows operating systems (2000 and XP). Some good options allows to switch between different keyboard layouts, highlighting from certain words, view of non-printable characters and different views (normal and raw).
  
  
  
  After plugging in the hardware keylogger and starting the Rapid Downloader software, retrieval of the log using the menu-entry Tools > Download Log From Device … can be done.
  
  
  
  As seen also odd keycombinations were recorded successfully.
  ALT+1: ☺
  ALT+2: ☻
  ALT+3: ♥
  ALT+4: ♦
  ALT+5: ♣
  ALT+6: ♠
  ALT+11: ♂
  ALT+12: ♀

Note: The first mentioned method, downloading the logfile by typing the password in a text editor, won’t work with integrated keyboards of a notebook. This is because keytstrokes typed there won’t pass through the hardware keylogger which then can’t react with generating the menu.
Therefore – if using a note- or netbook – an USB-keyboard (with plugged hardware keylogger) must be used in order to retrieve the logs.

As expected also BIOS and windows-logon data was logged successfully. Also special characters and odd ones where recorded correctly. Only thing which was not recorded correctly was when a certain key was pressed for a longer period. For example AAAAAAAAAAAAAAA was only logged as A. As this may not be often used by users it should’t be a big problem though.

Options

The KeyCarbon USB Home Mini hardware keylogger gets delivered with a default password. This can be changed to whatever one like as long as it adheres to the following rules:

• Only characters from the alphabet (A-Z)
• Maximum 17 characters

The password is not case-sensitive. Recommended is a combination of a password which is not used in a normal writing. “hello” may therefore be not a good choice as this could show the menu by accident. Passwords used somewhere else on the system may be a bad choice too. If someone have forgotten his/ her self-defined password, the device can be sent back to KeyCarbon which will reset it. This costs 40$ (~ 30€) and will also clear the stored logfile.

Résumé

This hardware keylogger was tested on various different machines with different operating systems (Windows 2000, XP, Vista and Linux Ubuntu) and worked without errors. It was also tested by using different keyboards and a PS/2 to USB adaptor which worked fine as well. Also using USB 2.0 and USB 1.1 didn’t cause any problems (although you may get a message from Windows, that the USB 2.0 keyboard could have a better speed, as the keylogger works as an USB 1.1 hub).

The retrieval of the logs was as easy as its usability.

Personally I can recommend this model (or other models with timestamps and encryption) fully. Also a red/ tiger-team would benefit from such as device. If the device does not work correctly or you are not sure about it, KeyCarbon offers a 15-day money-back guarantee and a warranty of 1 year.

Back to overview.