Thread: keybag log
LinkBack URL
About LinkBacks-
09-16-2010, 03:28 PM #1
keybag log
i have found this log file on my 3gs that i bought secondhand
and from the log it has been loading this from the day i turned it on
the phone was not jailbroken when i got it, i did that some 6weeks later,
i have read that keybag is a keylogger for the mac, i cant find the app on the phone just this log file
has anyone come across anything like it on there phones?
the file was in /private/var/logs
any help would be appreciated
this is the log i found
Sat Jul 17 16:42:52 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Jul 18 07:41:08 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Jul 18 12:09:16 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Jul 18 13:05:36 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Thu Jul 22 08:30:16 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Fri Jul 23 19:43:35 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sat Jul 24 09:04:39 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Jul 25 10:04:47 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Jul 25 10:37:28 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Mon Jul 26 08:42:29 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=NULL newpass=SECRET has blob
Mon Jul 26 08:42:29 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: success
Mon Jul 26 08:43:15 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=SECRET newpass=SECRET has blob
Mon Jul 26 08:43:15 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: success
Mon Jul 26 13:37:09 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sat Jul 31 11:27:00 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Aug 1 03:27:20 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Aug 1 05:16:10 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Sun Aug 1 05:32:24 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Wed Aug 4 12:00:54 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
Tue Aug 10 12:34:39 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Tue Aug 10 13:00:46 2010 pid=147 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=SECRET newpass=SECRET has blob
Tue Aug 10 13:00:47 2010 pid=147 (0x381000) __handle_changepasscode_block_invoke_1: success
Tue Aug 10 14:30:18 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Fri Aug 13 17:00:33 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Fri Aug 13 18:58:49 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Fri Aug 13 21:24:48 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Fri Aug 13 23:49:43 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Sat Aug 14 00:42:53 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Sun Aug 15 00:35:18 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Sun Aug 15 10:48:11 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Tue Aug 17 22:07:01 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Tue Aug 17 22:09:01 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Tue Aug 17 22:22:40 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
Wed Aug 18 15:53:20 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Wed Aug 18 16:12:28 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
Wed Aug 18 17:31:48 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Wed Aug 18 18:05:34 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Sat Aug 21 02:13:04 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Sat Aug 21 02:14:51 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
Sat Aug 21 17:51:30 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
Sat Aug 21 19:23:55 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Sun Aug 22 00:17:32 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Sun Aug 22 12:24:57 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Mon Aug 23 00:18:53 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Mon Aug 30 14:37:50 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Mon Sep 6 00:53:33 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Tue Sep 7 00:11:57 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Tue Sep 7 23:35:54 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Wed Sep 8 18:57:41 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Wed Sep 8 20:05:13 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
Wed Sep 8 20:07:35 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Wed Sep 8 20:12:35 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Wed Sep 8 20:26:27 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Thu Sep 9 17:29:45 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Fri Sep 10 14:03:23 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Fri Sep 10 14:09:36 2010 pid=37 (0x3e7037c8) main: System Keybag loaded
Fri Sep 10 14:12:32 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Sat Sep 11 10:13:51 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Sat Sep 11 17:20:37 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Mon Sep 13 18:12:06 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Mon Sep 13 23:34:33 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Tue Sep 14 17:05:26 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Tue Sep 14 17:06:54 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
Tue Sep 14 17:20:41 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
Thu Sep 16 20:00:51 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
-
09-16-2010, 03:57 PM #2Livin the iPhone Life
- Join Date
- Feb 2010
- Location
- Cambridge, U.K
- Posts
- 1,506
- Thanks
- 57
- Thanked 122 Times in 101 Posts
Possibly password checks? Thats what it looks like to me. Maybe the previous owner had it password protected? Or had this been logged since you owned it?
Sent from my iPhone using ModMyi
iPhone4 16gb black - 4.1 Limera1ned
iPhone 3G 16gb white - 3.1.2 jailbroken Blackra1ned
THANKYOU ONCE AGAIN GEOHOT!
-
09-16-2010, 04:15 PM #3
i switched it on,on Sat Jul 17 and always had a pass in it so its been logged from me owning it
-
10-17-2010, 12:50 PM #4 keybagd??
Same symptoms as krist... 3g U/JB... Can someone give us a clarification of "keybagd" and it's function? No references to it other than the mac keylogger and unanswered forum questions; sounds a little suspicious to me.
"We are always paid for our suspicions by finding what we suspect."
- Henry David Thoreau
-
10-17-2010, 10:33 PM #5
That does not seem good. Could it be this
actymac.com/ProteMac_KeyBag/
-
10-18-2010, 12:45 AM #6
Sounds like someone is getting keystrokes logged..not good my friend, not good at all. Have you done a restore in iTunes??
-
10-18-2010, 02:51 PM #7iPhone? More like MyPhone
- Join Date
- Jul 2010
- Location
- Manchester
- Posts
- 273
- Thanks
- 87
- Thanked 54 Times in 32 Posts
I was curious about this so I checked to see if I had it, and I have the same log file. There is no way this could be a keylogger. I bought my iPhone 4 brand new from an official UK carrier store. And I'm careful with what I install and download, as I do a lot of personal stuff on this device. I don't see a reason to worry about this, I'm not worried.
iPad 2 16GB Wifi iOS 5.0.1 - Absinthe
iPhone 4S 16GB iOS 5.0.1 - Absinthe
-
04-08-2011, 12:23 AM #8
how old are you? Maybe ur parental put a piece of iphone spy software in your 3gs to keep a safe eye on you.
Last edited by EmmaL; 04-08-2011 at 07:46 PM.
-
04-08-2011, 12:37 AM #9iPhone Underground
- Join Date
- Jun 2009
- Location
- Underground
- Posts
- 1,172
- Thanks
- 2
- Thanked 117 Times in 110 Posts
It's for your passcode. Turn it on in settings, put phone to sleep, then turn off passcode and look at the last few entries in this log. It tells you exactly what it's doing. Null is no passcode secret is your pass code.
-
04-17-2011, 06:33 PM #10
Originally Posted by A3gOwner
yes this is all sorted now and your right thats what it was
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
