Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'One way to detect hardware keyloggers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
One way to detect hardware keyloggers
Authored by: lincd0 on Jul 09, '08 11:55:17AM

Since people still seem to be reading this hint, I'll update it with the scripts I now use to update and check the list of USB devices.

To create or update the saved state:

system_profiler SPUSBDataType | grep ID: | grep -v PCI | awk -F: '{ print $2 }' | paste -s -d '\t\n' - | sort > ~/.usb

Each line of the saved file has the hexadecimal product and vendor ID's of a device. To compare the current and saved states:

usb=$( system_profiler SPUSBDataType | grep ID: | grep -v PCI | awk -F: '{ print $2 }' | paste -s -d '\t\n' - | sort )
echo "$usb" | cmp -s ~/.usb - && exit
echo " Added\n\t Deleted\n"
echo "$usb" | comm -3 ~/.usb -

This produces no output if the current and saved states are the same. Otherwise, it prints a header, then the product and vendor ID's of each device that has been added or deleted. The lines representing deleted devices are indented.

[ Reply to This | # ]

Update for 10.5.6
Authored by: lincd0 on Dec 16, '08 09:42:55AM

system_profiler has changed in 10.5.6, and the above script no longer works. Now I use:

system_profiler SPUSBDataType | grep ID: | grep -v 'Location\|PCI' | cut -d: -f2 | paste -s -d '\t\n' - | sort > ~/.usb

to save the state, and

usb=$( system_profiler SPUSBDataType | grep ID: | grep -v 'Location\|PCI' | cut -d: -f2 | paste -s -d '\t\n' - | sort ) ; echo "$usb" | cmp -s ~/.usb - & echo " Added\n\t Deleted\n" ; echo "$usb" | comm -3 ~/.usb -

to compare.

[ Reply to This | # ]