from the doc:
Nano is a keylogger dessigned for Windows
platforms. It is, unlike other keylogger products,
not dessigned for monitoring your own system but
to monitor remote computers. However, as this
behaviour is quite similar to the behaviour of a
trojan horse, there are no nano binaries available
- you will only get the source code. This is
because nano has been coded for educational
purpose only and should not be abused for any
illegal activities. I presume upon the fact that
nano has the solemn purpose to serve as a subject
to studies for experienced coders.
Nano Development History
The nano development began just after the
release of Typ0 V2.4, the first keylogger
published by RS Incorporated. Whereas Typ0 was
dessigned to provide as many options as possible
to monitor the behaviour of an infected user, nano
should be small and stealthy, more advanced and
effective. While Typ0 was now able to log Internet
Explorer Passwords, all visited URL's and mouse
clicks, nano should have completely different
advantages. The Typ0 executable was around 350k in
size, because it had not been a primary aim to
reduce the size. Nano was originally ment to be
around 10k in size, but during development, I
realized that this was just too small.
Nevertheless, nano does not become larger than
20k, compiled with all possible options. However,
nano is lacking the extended functionality of Typ0
- nano was coded with the sole intention to log
keystrokes and clipboard activity and send these
logfiles to an email address and / or and FTP
account. There is no URL monitoring, no IE
passwords, no mouse clicks, nothing like that.
So, I had to start somewhere - and as a big fan
of "Under the Hood", I searched MSDN to find some
article on reducing the size of an executable.
Fortunately, I found this great article by Matt
Pietrek, whome I want to give the due credit here:
http://msdn.microsoft.com/msdnmag/issues/01/01/hood/default.aspx
I used LIBCTINY.LIB to replace the standard
library and added my own implementation of several
standard library functions here and there to
reduce the size as good as possible. Second step
was getting rid of most or all C++ elements in the
code, I wanted to do the nano code itself in sheer
C. Not just because this would make the
application faster and smaller, but also to force
myself not to add too complex mechanisms to the
functionality. It should perform the keylogger
task and send the logfiles, nothing else - but it
should be perfect at doing so.
Die Hard OOP fans might not agree with me, but
pure C code is not that bad if you keep separate
modules for each part of the program and, most
important, keep the whole thing small. And that's
what I did, I created separate mpdules for each
part of the keylogger and you can see the result
if you check the source files yourself.
Nano also exports some of its important
functions, and you might ask yourself why - these
exports have been left for later development, it
might help me add a firewall bypassing mechanism
some day.
After Nano was coded the way I wanted it, I
dessigned the Nano editor NED which modifies the
nano executable's resources to allow an easy
configuration. NED is also able to change the nano
executable's icon. Other than that, NED is based
on the concept of TED which is the Typ0 editor, so
I don't think I have to lose many words about it.
Future plans for nano development include a
logfile viewer for your local system and a removal
tool, both of them do not exist currently.
Usage
Ok, listen up: I am assuming that only
experienced coders read this file and deal with
the nano code. I will not go into every obvious
detail but only explain the basic usage here.
Anyone who doesn't get it should leave it.
The Nano executable can be compiled with
various options to control the size even better.
The configuration file can be found in the nano
directory and it is named "nanocfg.h". This file
also includes detailed instructions about how to
configure nano. To modify the compiled code,
macros can be enabled or disabled to add or leave
out support for certain nano features. For
instance, you can only define the NANO_NT macro to
leave out support for Windows ME and earlier
Windows versions. Of course, you have to enable
support for at least one OS. Further options
include: - Include support for uploading logfiles
to an FTP Server - Include support for sending
logfiles by email
Pretty self-explanatory I think. You can indeed
remove both the support for FTP uploads and Email
from nano, thus the logfiles would merely be
stored on the computer.
These macros are only the lowest layer of
configuration, though. The core nano configuration
is stored inside a string table resource stored
inside the nano executable. You can, of course,
change the resource script that is used when nano
is compiled and linked to set up your standard
configuration, but it is easier to use the nano
editor (NED: ned.exe) to alter the configuration
of the executable directly. NED provides a more or
less user-friendly GUI, which, along with this
readme, should allow you to set up your nano
executable as you want it. Once you execute NED,
you should be able to open your nano executable
from the File menu and NED will load it's
configuration data. Let's see what kind of
configuration you can do.
Display Name
This is the name that nano will use for the
service name and for almost everything else that
requires a name. So, if you do not want nano to
look like it is nano, name it however you like. If
nano runs on a non-NT system, the autostart
registry key will have this name as well.
Service Description
This string is only relevant on Windows NT
machines. Nano will install itself as a service on
NT and this string will be used as a description
for the service.
Registry Key Name
Nano uses the Registry key HKEY_LOCAL_MACHINE
to store logfiles. The registry key name is
actually the subkey that should be used to store
the logfiles. You can also configure nano to store
the logfiles within a subkey that is more than one
level deep by separating the subkeys by
backslashes: SECURITYKeyloggerNano If nano is
running as a service, it will not be able to
create new keys directly in HKEY_LOCAL_MACHINE. If
nano is unable to create the subkey you specified,
it will at first try to create that subkey in
HKEY_LOCAL_MACHINESoftware and if this is not
possible either (ie. when you did not specify a
correct format for the subkey), the logfiles will
be stored in HKEY_LOCAL_MACHINE directly.
Logfile Title Format
Each Logfile will have a title - this title
will be the filename for FTP-uploaded HTML files
and it will be the subject in any emails that
contain a nano logfile. You should choose the
logfile title wisely as every title should be
unique for each logfile and since it should be a
possible filename as well. You can ensure that
each logfile has a unique title by inserting
several variables to the logf
