Overview
Company: Dugoto Technologies
Website: WirelessKeylogger
Product: Wireless Keylogger
Memory: 4 MB
Date/ timestamp: No
Encryption: None
Price: 225 $, ~173 €
Packaging, first impression and size comparison
The packaging consists of a simple white cartonbox and is without any labelling. Inside is the keylogger and a short user-guide.
Although this hardware keylogger comes with a module for Bluetooth, it is only minimal bigger than a usual PS/2-Keylogger.
Functionality
The big difference of this keylogger compared to other ones lies in the integrated Bluetooth-module. This means that one access is already enough to install the keylogger. To retrieve the logs in future no more physical access is required as it can be done through Bluetooth.
If the 4 MB memory if full, the oldest data will be overwritten with the newest one.
Installation
The installation is as with most other keyloggers very easy and fast. The Hardware Keylogger has to be plugged inline between keyboard and computer and starts then already with the logging.
Retrieval of Logs
In the included user-guide the program BlueSoleil is recommended, although it was first tried to get a connection with standard driver and software (Bluetooth (Toshiba) Stack) to the keylogger - unfortunately without success. Therefore the program BlueSoleil was installed and used for any further actions as recommended.
At first it was looked for other Bluetooth-devices which are reachable.
After the hardware keylogger was found, a connection must be established through the serial Bluetooth-port.
When the connection between own system and keylogger is established, the actual communication can start. In the user-guide the opensource program TeraTerm (http://sourceforge.jp/projects/ttssh2) is recommended, although all other terminal programs which comes with similar functionality, such as PuTTY, can be used. In this review the program HypterTerminal was used, as it comes with every Microsoft Windows system by standard. Only thing to watch for is that the correct COM-port is assigned.
After HypterTerminal was configured, connection can be established and an empty screen appears.
Here the standard-password must be entered, which is noted in the user-guide. If using the standard-config from HypterTerminal, the input is not shown. After the password was entered correctly, an ASCII menu will be generated.
The Wireless Hardware Keylogger comes with the following four options:
F)etch: This option will retrieve the logs from the device. Not only the usual keys and numbers were recorded, but also special characters such as ALT+Numpad combos. Something very positive which was recognized, was that keys which were pressed for a longer period of time were also logged successfully. Similar keyloggers will often only log the key for one time.
Note: While testing it was recognized that the Fetch-option will not only retrieve the logfile but also delete it! This means once the log is retrieved, it should be copied to another location (hard-disc) if it needs another analysis at a later time.
E)rase: Delets the logfile on the hardware keylogger.
P)assword: Allows to change the password. The password has to be entered twice in order to change it.
Q)uit: Disconnects the current session.
Note: BlueSoleil (www.bluesoleil.com) is available as a Shareware-version, but costs something after a certain period of time.
Options
At first it was tried to change the name of the device although wk-0855 doesn't look very suspicious though. However, there was no possibilty found in the userguide to change the name to something else. If one still would like to change the name, it is possible to contact the manufacturer, which will supply a guide on how to do it anyway.
Apart from this this keylogger does regretfully not allow any more changes on the configuration besides of the password. Unfortunately no note on this was found in the user guide nor in the terminal window itself such as allowed characters, length etc.
Résumé
The fact that only one physical access is already enough, makes this keylogger interesting for all those scenarios, where it can be assumed, that only one acess will be possible. Such scenarios may be at penetration tests or by social engineering attacks, depending on the basic conditions and what was concerted with the client.
The retrieval of the logs was without any problems and quite fast. Also the striking distance which is about 100m according to the officials website (it was tested with about 25m), should fit for many cases.
Sometimes the keylogger seems to be not fully developed such as by the retrieval when the logfile is simultaneously deleted. However, this should not be from concern if the keylogger was tested beforehead. Desireable would be a program which can be used for free to get a connection to the keylogger.
Recommended can the keylogger mostly for all those scenarios mentioned at the beginning. If repeated access to the target system is no problem, a cheapter model without Bluetooth-functionality may be enough.