starred/Quasar
1
0
Fork 0
mirror of https://github.com/quasar/Quasar.git synced 2026-04-25 23:35:58 +03:00
Code Issues 137 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #749] Keylogger skips keys or an entire portion randomly #491

New issue
Closed
opened 2026-02-27 15:50:37 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 15:50:37 +03:00
Owner
Copy link

Originally created by @ggregor on GitHub (Jan 25, 2019).
Original GitHub issue: https://github.com/quasar/Quasar/issues/749

Keylogger skips pressed keys or an entire portion of the log randomly. The keylogger class seems to work fine, but when WriteLogFile method is called the AES encryption seems to mess things up. If the log is written without AES encryption the keylogger works as expected.

Originally created by @ggregor on GitHub (Jan 25, 2019). Original GitHub issue: https://github.com/quasar/Quasar/issues/749 Keylogger skips pressed keys or an entire portion of the log randomly. The keylogger class seems to work fine, but when _WriteLogFile_ method is called the AES encryption seems to mess things up. If the log is written without AES encryption the keylogger works as expected.
kerem 2026-02-27 15:50:37 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-27 15:50:38 +03:00
Author
Owner
Copy link

@ggregor commented on GitHub (Jan 25, 2019):

It's confirmed, this is happening because of creating too many new instances of Aes256 every time it is needed to encrypt or decrypt logging data.

For example look at WriteLogFile at FileHelper.cs. It requests for log file to be decrypted by calling function ReadLogFile which uses a fresh instance of Aes256 class, while immediately after that WriteLogFile method itself creates again a new Aes256 instance to encrypt the entire file. And all this processing power is taking place every 15 seconds.

I suspect this bug occurs when some buffer clearing is taking place before the current interval has the chance to finish these heavy cpu consumption operations, resulting in permanently losing that key logging portion.

I am not a C# dev so probably my solution sucks but I fixed it by creating only one instance of Aes256 created by FileHelper constructor, and every encryption/decryption operation uses that same instance. Everything is working great now, and also Log retriever from Server side is much faster now, because again, server is not creating a new instance for each day file, but using a single instance to decrypt all dates.

<!-- gh-comment-id:457632630 --> @ggregor commented on GitHub (Jan 25, 2019): It's confirmed, this is happening because of creating too many new instances of Aes256 every time it is needed to encrypt or decrypt logging data. For example look at _WriteLogFile_ at **FileHelper.cs**. It requests for log file to be decrypted by calling function _ReadLogFile_ which uses a fresh instance of Aes256 class, while immediately after that _WriteLogFile_ method itself creates again a new Aes256 instance to encrypt the entire file. And all this processing power is taking place every 15 seconds. I suspect this bug occurs when some buffer clearing is taking place before the current interval has the chance to finish these heavy cpu consumption operations, resulting in permanently losing that key logging portion. I am not a C# dev so probably my solution sucks but I fixed it by creating only one instance of Aes256 created by FileHelper constructor, and every encryption/decryption operation uses that same instance. Everything is working great now, and also Log retriever from Server side is much faster now, because again, server is not creating a new instance for each day file, but using a single instance to decrypt all dates.
kerem commented 2026-02-27 15:50:38 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Jan 26, 2019):

Thanks, fixed.

<!-- gh-comment-id:457833976 --> @MaxXor commented on GitHub (Jan 26, 2019): Thanks, fixed.
kerem commented 2026-02-27 15:50:38 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Jan 26, 2019):

The Aes256 constructor takes a while when deriving the key (it's using 50k iterations in PBKDF2) used for encryption & decryption. During these iterations the Keylogger might skip keys because it's waiting for the iterations to finish. Your solution was correct to make use of a single instance.

<!-- gh-comment-id:457834656 --> @MaxXor commented on GitHub (Jan 26, 2019): The Aes256 constructor takes a while when deriving the key (it's using 50k iterations in PBKDF2) used for encryption & decryption. During these iterations the Keylogger might skip keys because it's waiting for the iterations to finish. Your solution was correct to make use of a single instance.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
v1.4.1
v1.4.0
v1.3.0.0
v1.2.0.0
v1.1.0.0
v1.0.0.0
RELEASE4.1
RELEASE4
RELEASE3
RELEASE2
RELEASE1
Labels
Clear labels   
bug

   
bug

   
cant-reproduce

   
discussion

   
duplicate

   
easy

   
enhancement

   
help wanted

   
improvement

   
invalid

   
need more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wont-add
No labels
bug
bug
cant-reproduce
discussion
duplicate
easy
enhancement
help wanted
improvement
invalid
need more info
pull-request
question
wont-add
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Quasar#491
No description provided.