Evading Keyloggers – Scissor Method (Brute Copy and Paste)

This method of evading key loggers utilizes a method I dub the “The Scissor Method™ ” which takes advantage of my “Scissor Keyboard™”. And, just like Stephen Colbert, I now own the rights to those phrases.

If you’re certain that there is a potential application on your computer, be it at work, at home, or you just don’t trust the computer at the local internet cafe you’ve stopped at, this method may be of interest to you. Please note that this is not for the faint of heart or faint of patience, as it is by far one of the most tedious ways to take the cake from under Mr. Admin’s nose.

This method will utilize the clipboard to bypass key loggers which listen for keys being pressed on the keyboard.

Typical generic key loggers will usually only listen for keys pressed, omitting to check the clip board contents and logging them. Due to this, you can copy and paste the letters and words you need to use to get your end result. As mentioned, this is a very tedious method, and should only be used by individuals in the most paranoid of situations.

Step 1: Initialize the counter-intelligence ASCII data.

You first need to create a text file containing all characters which you would normally type. To make things easier for you, I’ve created four basic types of Scissor Keyboards™ below for your copy and pasting pleasure. If you are typing up your own, I’d recommend leaving a gap between each character, and each line so as to make things visually easier to locate.

Please note that due to design, all function keys are not able to be copied and pasted, and thus have been omitted from the Scissor Keyboards™

Standard Scissor Keyboard

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9
~ ! @ # $ % ^ & * ( ) _ + ` – = { } | [ ] \ : ” ; ‘ < > ? , . /

Partial QWERTY Scissor Keyboard

q w e r t y u i o pa s d f g h j k l
z x c v b n m
0 1 2 3 4 5 6 7 8 9
~ ! @ # $ % ^ & * ( ) _ + ` – = { } | [ ] \ : ” ; ‘ < > ? , . /

Full QWERTY Scissor Keyboard

~ ! # $ % ^ & * ( ) _ +
` 1 2 3 4 5 6 7 8 9 0 – =
q w e r t y u i o p { } |
[ ] \
a s d f g h j k l : ”
; ‘
z x c v b n m < > ?
, . /

Numpad Scissor Keyboard

/ * -
7 8 9 +
4 5 6
1 2 3
0 .

Step 2: Craft time. Cut and paste!

Now comes the dirty work. If you are wanting for instance to access http://www.gmail.com without triggering any automated flags for the keyword gmail.com, you would locate, select, and copy the relevant ASCII text characters from the Scissor Keyboard above as needed, and paste them one at a time. I’ve included spaces between all Scissor Keyboards™ so as to make it easier to locate the needed text characters, as well as to make it easier to select them. Now with the selected text, you can submit the form or save the content as needed. It is as simple as that.

Now let us look into the threat analysis of this method of keyboard logger evasion, and weigh briefly the pros and cons to this method.

Threat Analysis:

This method will:

evade basic raw non-parsing Key loggers; key loggers which do not attempt to interpret anything copied and pasted into any input forms.
raise your managers eye brows as to why your typing speed in words-per-minute has dropped to a mere 10 characters.

This method will not:

evade Intelligent key loggers; key loggers which track and analyze all copied and pasted text, and are programmed to identify patterns and words from separately copied and pasted letters, words, and phrases.
protect your input from key loggers which track the title, name, or input id of the focused window or input fields.

As always, don’t do anything you will regret should you be discovered. Please press the “Any Key” to continue.