Results 1 to 10 of 10

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: keybag log

  1. #1
    Default keybag log
    i have found this log file on my 3gs that i bought secondhand
    and from the log it has been loading this from the day i turned it on
    the phone was not jailbroken when i got it, i did that some 6weeks later,
    i have read that keybag is a keylogger for the mac, i cant find the app on the phone just this log file
    has anyone come across anything like it on there phones?
    the file was in /private/var/logs
    any help would be appreciated

    this is the log i found

    Sat Jul 17 16:42:52 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Jul 18 07:41:08 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Jul 18 12:09:16 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Jul 18 13:05:36 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Thu Jul 22 08:30:16 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Fri Jul 23 19:43:35 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sat Jul 24 09:04:39 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Jul 25 10:04:47 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Jul 25 10:37:28 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Mon Jul 26 08:42:29 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=NULL newpass=SECRET has blob
    Mon Jul 26 08:42:29 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: success
    Mon Jul 26 08:43:15 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=SECRET newpass=SECRET has blob
    Mon Jul 26 08:43:15 2010 pid=572 (0x381000) __handle_changepasscode_block_invoke_1: success
    Mon Jul 26 13:37:09 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sat Jul 31 11:27:00 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 1 03:27:20 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 1 05:16:10 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 1 05:32:24 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Wed Aug 4 12:00:54 2010 pid=19 (0x3e7037c8) main: System Keybag loaded
    Tue Aug 10 12:34:39 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Tue Aug 10 13:00:46 2010 pid=147 (0x381000) __handle_changepasscode_block_invoke_1: oldpass=SECRET newpass=SECRET has blob
    Tue Aug 10 13:00:47 2010 pid=147 (0x381000) __handle_changepasscode_block_invoke_1: success
    Tue Aug 10 14:30:18 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Fri Aug 13 17:00:33 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Fri Aug 13 18:58:49 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Fri Aug 13 21:24:48 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Fri Aug 13 23:49:43 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Sat Aug 14 00:42:53 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 15 00:35:18 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 15 10:48:11 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Tue Aug 17 22:07:01 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Tue Aug 17 22:09:01 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Tue Aug 17 22:22:40 2010 pid=20 (0x3e7037c8) main: System Keybag loaded
    Wed Aug 18 15:53:20 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Wed Aug 18 16:12:28 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
    Wed Aug 18 17:31:48 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Wed Aug 18 18:05:34 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Sat Aug 21 02:13:04 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Sat Aug 21 02:14:51 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
    Sat Aug 21 17:51:30 2010 pid=35 (0x3e7037c8) main: System Keybag loaded
    Sat Aug 21 19:23:55 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 22 00:17:32 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Sun Aug 22 12:24:57 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Mon Aug 23 00:18:53 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Mon Aug 30 14:37:50 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Mon Sep 6 00:53:33 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Tue Sep 7 00:11:57 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Tue Sep 7 23:35:54 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Wed Sep 8 18:57:41 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Wed Sep 8 20:05:13 2010 pid=33 (0x3e7037c8) main: System Keybag loaded
    Wed Sep 8 20:07:35 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Wed Sep 8 20:12:35 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Wed Sep 8 20:26:27 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Thu Sep 9 17:29:45 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Fri Sep 10 14:03:23 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Fri Sep 10 14:09:36 2010 pid=37 (0x3e7037c8) main: System Keybag loaded
    Fri Sep 10 14:12:32 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Sat Sep 11 10:13:51 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Sat Sep 11 17:20:37 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Mon Sep 13 18:12:06 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Mon Sep 13 23:34:33 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Tue Sep 14 17:05:26 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Tue Sep 14 17:06:54 2010 pid=36 (0x3e7037c8) main: System Keybag loaded
    Tue Sep 14 17:20:41 2010 pid=34 (0x3e7037c8) main: System Keybag loaded
    Thu Sep 16 20:00:51 2010 pid=36 (0x3e7037c8) main: System Keybag loaded

  2. #2
    Livin the iPhone Life iNT3Rv3NTiONZz's Avatar
    Join Date
    Feb 2010
    Location
    Cambridge, U.K
    Posts
    1,512
    Thanks
    57
    Thanked 123 Times in 101 Posts

    Possibly password checks? Thats what it looks like to me. Maybe the previous owner had it password protected? Or had this been logged since you owned it?


    Sent from my iPhone using ModMyi

    iPhone4 16gb black - 4.1 Limera1ned
    iPhone 3G 16gb white - 3.1.2 jailbroken
    Blackra1ned
    THANKYOU ONCE AGAIN GEOHOT!

  3. #3
    i switched it on,on Sat Jul 17 and always had a pass in it so its been logged from me owning it

  4. #4
    Default keybagd??
    Same symptoms as krist... 3g U/JB... Can someone give us a clarification of "keybagd" and it's function? No references to it other than the mac keylogger and unanswered forum questions; sounds a little suspicious to me.
    "We are always paid for our suspicions by finding what we suspect."

    - Henry David Thoreau

  5. #5
    That does not seem good. Could it be this
    actymac.com/ProteMac_KeyBag/

  6. #6
    Banned
    Join Date
    Mar 2010
    Location
    The Ozarks
    Posts
    116
    Thanks
    8
    Thanked 2 Times in 2 Posts

    Sounds like someone is getting keystrokes logged..not good my friend, not good at all. Have you done a restore in iTunes??

  7. #7
    iPhone? More like MyPhone Funked's Avatar
    Join Date
    Jul 2010
    Location
    Manchester
    Posts
    272
    Thanks
    87
    Thanked 54 Times in 32 Posts

    I was curious about this so I checked to see if I had it, and I have the same log file. There is no way this could be a keylogger. I bought my iPhone 4 brand new from an official UK carrier store. And I'm careful with what I install and download, as I do a lot of personal stuff on this device. I don't see a reason to worry about this, I'm not worried.

    iPad 2 16GB Wifi iOS 5.0.1 - Absinthe
    iPhone 4S 16GB iOS 5.0.1 - Absinthe

  8. #8
    iPhone Underground A3gOwner's Avatar
    Join Date
    Jun 2009
    Location
    Underground
    Posts
    1,172
    Thanks
    2
    Thanked 117 Times in 110 Posts

    It's for your passcode. Turn it on in settings, put phone to sleep, then turn off passcode and look at the last few entries in this log. It tells you exactly what it's doing. Null is no passcode secret is your pass code.

  9. #9
    Quote Originally Posted by A3gOwner View Post
    It's for your passcode. Turn it on in settings, put phone to sleep, then turn off passcode and look at the last few entries in this log. It tells you exactly what it's doing. Null is no passcode secret is your pass code.

    yes this is all sorted now and your right thats what it was

  10. #10
    Yeah, it is obvious that you are key logged by the keybag...............terrible............
    NEVER SAY GOODBYE

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •