How do you tell if something has a keylogger implemented

No reliable way, short of entirely reverse-engineering the game.

Even if the program was open source, you could still be wondering how much trust you can place on the source code [1]

[1] https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...

intercept network traffic and inspect it. then conduct experiments to validate your hypothesis.

if the program only doing it when requested by a remote source or some other more complex logic it's gonna be harder, you'll maybe need to reverse their communication protocol and inject network messages sent to the client to make it look like the server asked for that info. but if you reverse engineered the network protocol you don't need to listen to begin with.

so keep listen to the traffic for an extended period of time and look for suspicious activity.

You may want to ask what does it mean for a game to have a keylogger?

A game is usually supposed to capture what buttons you press and, if it's an online game, send that over the internet, and so that would be perfectly fine as long as that's done while the game is running - so perhaps you're asking whether the game installs some malware that captures keystrokes outside of the game as well.

That would be generally detected by looking for various malware persistence mechanisms, seeing if there's something that's started on startup, possibly in a hidden way; or if there's some process that hides its activity. And if so, then you could check whether it was placed there by that game.

On the other hand, some of the anti-cheat mechanisms are so invasive that they effectively are far more capable than just a keylogger, and the game is quite open about placing them on your machine, e.g. requiring permissions to install it as a privileged driver.

I think if I were concerned, I'd try creating a honeypot account on some service that notifies me when someone new logs in (like google). Then I'd log into that account sometimes while playing the game and monitor it for any new logins. It still could have a keylogger even after all that, though.

Assuming windows, you could make your own dll that intercept calls to the API to get the inputs.

But even if a game intercepts all key stroke, it may be because of normal gameplay.

20 years ago I'd look for an InstallHook call in a Windows program. There are legitimate reasons to use hooks, but a game should have none.

the only way is with deliberately feeding the system honeypot accounts where account activity is recorded, but even then it's only a tentative negative response ; it could just represent the time it takes for the data to be sold or otherwise perused.

there are a few games out there that have this reputation-- third-party-ran nostalgic MMO private servers are a big example. the only defense that makes much sense is to virtualize that software and keep it away from sensitive data.

As others have said, it's basically impossible to determine outside of some specific cases. Like, imagine if the keystroke data was being sent on its own to a unique endpoint; or a single player game that was sending only keystroke data to a remote server and little else.

This is tangential, but for all the flack Wayland gets compared to X11, it does at least provide some reassurance that a program can only easily keylog the stuff you enter into that program.

There are only so many ways to implement a keylogger in software.

Many commercial antivirus have generic keylogger detection - they monitor OS keylogger APIs/drivers.

> I know a game where people say it has a keylogger implemented

A virus checker. That would be at your level.

As others mention you could intercept network traffic and inspect it if you want to push yourself.

There are other things, it might be stored, so you could watch files and the rate they grow in size.

For Mac: https://objective-see.org/products/reikey.html

Detectors like this detect the most common ways of implementing key logging, but there may be other ways that they don’t detect.

Log the filesystem and network activity of the program. Then type something unique. Search the logs for that. If it appears and it shouldn't, there you are.

Which game is it that you are referring to?

If the game comes with a non-genuine installer from the cracker, it's usually not worth the risk.

Yes. But not a universal or easy way. You can't "tell" in the sense that you would just run MagicKeyloggerFinder on your computer and it will show you all the keyloggers, that's not how it works. In essence, it's the absence of evidence problem.

In a way, unless you can prove the machine code running on your CPU is not doing key logging (which is separate from recoding those logs or transmitting those logs), and you can also prove that the code is not changing, you have no evidence that there is no keylogger.

There should be some Godwin’s law equivalent here that states that all forms of this discussion will lead to Ken Thompson’s “Reflections on Trusting Trust” within some number of replies.

I guess I’m being the change I wish to see..

If you're talking about Windows here, then you could write some code that intercepts the system calls used by common keyloggers (GetAsyncKeyState, SetWindowsHookEx with WH_KEYBOARD / WH_KEYBOARD_LL, etc) using hooking, an instrumentartion callback, or ideally a kernel-mode driver, then warns you if the game is trying to use them. Normal software should only really need to use the keyboard messages passed to its WndProc, which only receives them if it's in the foreground. So while there can be legitimate methods for a game to call them, it would be a good sign that something is fishy. This is not fool-proof though, as there are other methods to get system-wide keyboard input, but this would catch the simple ones.

The only way to be sure is to reinstall your OS, then the answer is no, there is no keylogger

are keylogger's often used for anti-cheat purposes?

To enable a keylogger is exceptionally easy with native applications: Windows has SetWindowsHookEx(WH_KEYBOARD_LL...

The problem is to follow the focus of the windows and parse out relevant information to send because logging all presses will be to obvious if you read memory or disk.

The you need to encrypt the data before you send it over the network, this is probably why all modern anti-viruses block all native HTTP traffic.

The scary part is that the Windows API allows for a process to gather all keypresses even when the app window has lost focus?!

To answer the question, open the exe in any text editor and search for SetWindowsHookEx... if it's there you know that exe can listen to everything.

First ask yourself what you're defending and from whom; is the data you are producing even worth anything to anyone? If the answer is no, risk does not exist and no defense is needed.

If you're producing something of perceived value, then you need to consider who might be interested in and what means or length they'll go through to get it. This practice is known as threat modeling and is the only meaningful way to get "security" without wasting resources.

When you threat model often, you come to realize almost all attackers are financially motivated and bound by market constraints, which means they're looking for the highest reward for the least amount of work; very few are looking to do anything else with your data other than to use it for quick monetary gain.

So? Let them eat cake. Leave a small amount of canary crypto-currency unprotected in your home directory. Set up a public ledger alert and if that currency is transfered, you know you've been compromised, by a keylogger or something else. It's very unlikely your keystrokes are worth any more than this.

That depends if it is a hardware or software keylogger. I have several hardware keyloggers that go inline with the USB keyboard and a couple that are the keyboard. The keylogger keyboards can not be detected by anything beyond recognizing the model but they use very cheap generic keyboards.

I will defer to the rest of the comments for software as it is already being covered.

Look for processes running on your machine. If you don't see any suspicious process except the game itself (and the game's process or or processes are running only while you're playing) then only the game itself could be logging your keystrokes. Which means that, if while the game is running you don't type sensitive information, you're safe.

Others have already said that in Windows the most straightforward way to make a keylogger is to use hooks.

But how do you know if there is one installed?

Hooks are chained, so you can traverse the chain and enumerate them. This thread in Stack Overflow is about that. I haven't tried the solution, but seems legit :)

https://stackoverflow.com/questions/8564987/list-of-installe...

look for traces that someone entered a phrase or phrases that only appear in your local drive.

you must be VERY careful you havem't put the word(s) or links into anything that syncs or ends up someplace not e2e

this is harder if you don't have access to google search data, but i've been told google trends is your friend

i've caught some weird people this way.