from the doc: Nano is a keylogger dessigned for Windows platforms. It is, unlike other keylogger products, not dessigned for monitoring your own system but to monitor remote computers. However, as this behaviour is quite similar to the behaviour of a trojan horse, there are no nano binaries available - you will only get the source code. This is because nano has been coded for educational purpose only and should not be abused for any illegal activities. I presume upon the fact that nano has the solemn purpose to serve as a subject to studies for experienced coders.Nano Development HistoryThe nano development began just after the release of Typ0 V2.4, the first keylogger published by RS Incorporated. Whereas Typ0 was dessigned to provide as many options as possible to monitor the behaviour of an infected user, nano should be small and stealthy, more advanced and effective. While Typ0 was now able to log Internet Explorer Passwords, all visited URL's and mouse clicks, nano should have completely different advantages. The Typ0 executable was around 350k in size, because it had not been a primary aim to reduce the size. Nano was originally ment to be around 10k in size, but during development, I realized that this was just too small. Nevertheless, nano does not become larger than 20k, compiled with all possible options. However, nano is lacking the extended functionality of Typ0 - nano was coded with the sole intention to log keystrokes and clipboard activity and send these logfiles to an email address and / or and FTP account. There is no URL monitoring, no IE passwords, no mouse clicks, nothing like that.So, I had to start somewhere - and as a big fan of "Under the Hood", I searched MSDN to find some article on reducing the size of an executable. Fortunately, I found this great article by Matt Pietrek, whome I want to give the due credit here: http://msdn.microsoft.com/msdnmag/issues/01/01/hood/default.aspxI used LIBCTINY.LIB to replace the standard library and added my own implementation of several standard library functions here and there to reduce the size as good as possible. Second step was getting rid of most or all C++ elements in the code, I wanted to do the nano code itself in sheer C. Not just because this would make the application faster and smaller, but also to force myself not to add too complex mechanisms to the functionality. It should perform the keylogger task and send the logfiles, nothing else - but it should be perfect at doing so. Die Hard OOP fans might not agree with me, but pure C code is not that bad if you keep separate modules for each part of the program and, most important, keep the whole thing small. And that's what I did, I created separate mpdules for each part of the keylogger and you can see the result if you check the source files yourself.Nano also exports some of its important functions, and you might ask yourself why - these exports have been left for later development, it might help me add a firewall bypassing mechanism some day.After Nano was coded the way I wanted it, I dessigned the Nano editor NED which modifies the nano executable's resources to allow an easy configuration. NED is also able to change the nano executable's icon. Other than that, NED is based on the concept of TED which is the Typ0 editor, so I don't think I have to lose many words about it. Future plans for nano development include a logfile viewer for your local system and a removal tool, both of them do not exist currently.UsageOk, listen up: I am assuming that only experienced coders read this file and deal with the nano code. I will not go into every obvious detail but only explain the basic usage here. Anyone who doesn't get it should leave it.The Nano executable can be compiled with various options to control the size even better. The configuration file can be found in the nano directory and it is named "nanocfg.h". This file also includes detailed instructions about how to configure nano. To modify the compiled code, macros can be enabled or disabled to add or leave out support for certain nano features. For instance, you can only define the NANO NT macro to leave out support for Windows ME and earlier Windows versions. Of course, you have to enable support for at least one OS. Further options include: - Include support for uploading logfiles to an FTP Server - Include support for sending logfiles by emailPretty self-explanatory I think. You can indeed remove both the support for FTP uploads and Email from nano, thus the logfiles would merely be stored on the computer.These macros are only the lowest layer of configuration, though. The core nano configuration is stored inside a string table resource stored inside the nano executable. You can, of course, change the resource script that is used when nano is compiled and linked to set up your standard configuration, but it is easier to use the nano editor (NED: ned.exe) to alter the configuration of the executable directly. NED provides a more or less user-friendly GUI, which, along with this readme, should allow you to set up your nano executable as you want it. Once you execute NED, you should be able to open your nano executable from the File menu and NED will load it's configuration data. Let's see what kind of configuration you can do.Display NameThis is the name that nano will use for the service name and for almost everything else that requires a name. So, if you do not want nano to look like it is nano, name it however you like. If nano runs on a non-NT system, the autostart registry key will have this name as well.Service DescriptionThis string is only relevant on Windows NT machines. Nano will install itself as a service on NT and this string will be used as a description for the service. Registry Key NameNano uses the Registry key HKEY LOCAL MACHINE to store logfiles. The registry key name is actually the subkey that should be used to store the logfiles. You can also configure nano to store the logfiles within a subkey that is more than one level deep by separating the subkeys by backslashes: SECURITYKeyloggerNano If nano is running as a service, it will not be able to create new keys directly in HKEY LOCAL MACHINE. If nano is unable to create the subkey you specified, it will at first try to create that subkey in HKEY LOCAL MACHINESoftware and if this is not possible either (ie. when you did not specify a correct format for the subkey), the logfiles will be stored in HKEY LOCAL MACHINE directly.Logfile Title FormatEach Logfile will have a title - this title will be the filename for FTP-uploaded HTML files and it will be the subject in any emails that contain a nano logfile. You should choose the logfile title wisely as every title should be unique for each logfile and since it should be a possible filename as well. You can ensure that each logfile has a unique title by inserting several variables to the logf
Wextract
nano.exenanoagent.exe