Hardware Keylogger

[MegaADY]

Hello ! Anyone have any ideea where I can fiind such a project ? Or any ideea how it works ? Thank you !

[lester]

In the interests of helping you to develop your own code.

This is an example of how such a device works:

When the “DATA LOGGER” is powered up it searches the EEPROM for the first empty memory cell. This will be the new write position and older recording sessions will not be deleted. If this position is found, the “DATA LOGGER” will write '***RESET***' to the memory. That means a user can later see when the PC (and the “DATA LOGGER”) was powered up.
In normal operation the “DATA LOGGER” will only listen to the DATA and CLK line of your PS/2 keyboard. The scancodes that come across these lines (e.g. a certain key is pressed or is released) are filtered, because not all keystrokes can be stored (will be explained later). If a scancode passes the filter, it is written into the external EEPROM (e.g. 24C64). The value 0xFF will never be written to the EEPROM as a recorded keystroke, beacuse this is the mark for an emty memory cell. If the EEPROM is cleared ba the “DATA LOGGER”, the value 0xFF is written to all memory cells.

In the normal operation, the “DATA LOGGER” will listen to the scancodes and will recognize if the supervisor password is entered. With this password entered one has the possibility to get access to the “DATA LOGGER” menu that will appear on the screen. If the password is entered, the “DATA LOGGER” will leave its listen-state, will disconnect the keyboard from the PC and will speak to the PC itself like a 'real' keyboard. Before that, a n editor (like NOTEPAD.EXE) has to be opened. The following menu will appear on the screen:

***”DATA LOGGER” V2.0
-o-utput EEPROM
-e-rase EEPROM
-c-hange password
-u-sed memory

By pressing 'o' the supervisor can display all the recorded keystrokes on the screen. The PIC will go into output mode and send all recorded key scancodes to the PC and return to receive mode. The recorded keystrokes remain in memory and the next recording session can begin. Now you will understand that not all the keystrokes that someone has entered before can be played back to the PC. Think, if the “DATA LOGGER” would send Alt-Tab to the PC... the focus would jump out of your editor window and all the recorded keystrokes could do anythink to your machine, that you don't really want...!

If 'e' is pressed, the “Data Logger” will start clearing the EEPROM completely by writing 0xFF to all memory locations. As soon as finished (it will take only a few seconds) the screen displays:

Wait...done.


By pressing 'c' in the menu, the supervisor will be prompted to enter an new password that will be the new supervisor password. This password will be stored in the internal EEPROM of the PIC16C84. If you don't remeber that password, you don't have to reprogram the PIC, but you can reset the password to the default password by connecting the RB4 pin to ground in the power up state.

The option 'used memory' will display the used size and the total size of the connected external EEPROM in hexadecimal.
Limitations:
The “DATA LOGGER” Software will record all keys on the alphanumeric keypad except the TAB-key, the '^'-key, caps-lock, delete, Ctrl, Alt, and Alt-Gr. The left and the right shift key and the return key will be recorded. These limitations are necessary, because otherwise the “DATA LOGGER” output may let the focus 'jump' out of the editor window while playing back recorded keystrokes.
The “DATA LOGGER” can only record one scancode set. There are a few keyboards that use a different scancode set. If a PS/2 keyboard is used in combination with a PS/2 mouse, the mouse must not be moved during “DATA LOGGER” playback, because the mouse will affect the CLOCK line of the keyboard.



The "DATA LOGGER" consists of the following devices:

* Microcontroller PIC16C84
* CMOS analog switch 4053
* serial I²C EEPROM 24C32, 24C64, 24C128, 24C256 or 24C512


In normal operation mode the CMOS analog switch connects the data and clock line from PC to keyboard. The keyboard is always powered with the 5V from the PC. If any key is pressed the PIC receives the keystrokes on the clock and data line, decodes them and stores them in the EEPROM. If the user enters a specific password, the PIC will disconnect the keyboard from the PC and talks to the PC itself.

[MegaADY]

Thanks. This is avery usefull start for me !

[kirtcathey]

While I am not looking to log keystrokes, I do want to position the USB PIC between a keyboard and host and 'listen' for a certain keyboard input before sending a remote command to a motor controller. How can a USB device be created to listen for input? Should it be a Keyboard HID, some generic HID?

[Kamikaze47]

While I am not looking to log keystrokes, I do want to position the USB PIC between a keyboard and host and 'listen' for a certain keyboard input before sending a remote command to a motor controller. How can a USB device be created to listen for input? Should it be a Keyboard HID, some generic HID?

I have made such a device with an 18F4550, however since the PIC is a USB slave device only, it cannot accept input from a USB keyboard. The one I made accepted input from a PS2 keyboard, logged the data, and passed it on to the PC via USB. I configured the USB as a Keyboard HID.

[kirtcathey]

Thanks to Kamikaze and Les for the great info.... now let's take this puppy to USB keyboards. More than a keylogger, I just want to trigger something across a factory floor when a certain string of characters are entered into a database, but the task is the same.

I have done the necessary research and have all the nitty gritty voltage signal requirements for USB communication that has led me to the onboard comparators in many PICs. How do I setup a comparator to take the differential signaling from D-/D+ on the USB data lines and convert that into 0 and 1 in the PIC for further processing? Here is an excerpt that provides most of the details that I need to setup the comparator.
----------------------------------
USB signals are transmitted on a twisted pair data cable with 90Ω ±15% impedance,[9] labeled D+ and D−. These collectively use half-duplex differential signaling to combat the effects of electromagnetic noise on longer lines. Transmitted signal levels are 0.0–0.3 volts for low and 2.8–3.6 volts for high in Full Speed (FS) and Low Speed (LS) modes, and -10–10 mV for low and 360–440 mV for high in High Speed (HS) mode.
---------------------------------
Most of the comparator examples that I have seen only handle one input. I have determined, given the details above, that the reference voltage should probably be about 1.25 volts, so do I use two comparators against the same reference voltage? Or,..... I'm kinda lost on this one, but really want to figure it out.

[magestik]

I do want to position the USB PIC between a keyboard and host and 'listen' for a certain keyboard input

Cheers, i'm just trying to do the exact same thing with a PIC18F4550 and a USB keyboard. Just starting, no clue yet how to do that. I'll keep an eye on this post

[kirtcathey]

Don't jump into this too far without purchasing a USB node controller chip such as the USBN9604, or even better, the Viniculum chip. Putting the code together to interface an 18F2550 and a USBN9604, and will post later.

I've found this schematic that helped with the wire-up between an 18F2550 and a USBN9604.
<a href="http://www.massmind.org/images/www/hobby_elec/e_pic6_f1.htm">http://www.massmind.org/images/www/hobby_elec/e_pic6_f1.htm</a>

The way all is hooked up, I had assumed that communication would be via SPI, but now do not think so. I have read the USBN9604 data sheet (a couple times) and it appears that I need to send commands in order to receive data via microwire... versus just wait for SSPBUF to fill.

Does anybody have sample code for a PIC and USBN9604? Any language will be fine, but PBP would be even nicer.

Or, even a pointer as to what to use. Such as, would SPI work fine? Or, should I do a byte level shiftin and shiftout, with commands on the first two bits as described in the microwire section of the USBN9604 data sheet?

Any help is appreciated. The finalized USB key logger code with schematic will be posted back into this forum.

[snobilman]

Do you have this project made! Becouse i'm intresting in it. I want to make a ps/2 data logger with pic but with time stamp too if its possible. Can You help me?


Bert regards,

mama nasol

In the interests of helping you to develop your own code.

This is an example of how such a device works:

When the “DATA LOGGER” is powered up it searches the EEPROM for the first empty memory cell. This will be the new write position and older recording sessions will not be deleted. If this position is found, the “DATA LOGGER” will write '***RESET***' to the memory. That means a user can later see when the PC (and the “DATA LOGGER”) was powered up.
In normal operation the “DATA LOGGER” will only listen to the DATA and CLK line of your PS/2 keyboard. The scancodes that come across these lines (e.g. a certain key is pressed or is released) are filtered, because not all keystrokes can be stored (will be explained later). If a scancode passes the filter, it is written into the external EEPROM (e.g. 24C64). The value 0xFF will never be written to the EEPROM as a recorded keystroke, beacuse this is the mark for an emty memory cell. If the EEPROM is cleared ba the “DATA LOGGER”, the value 0xFF is written to all memory cells.

In the normal operation, the “DATA LOGGER” will listen to the scancodes and will recognize if the supervisor password is entered. With this password entered one has the possibility to get access to the “DATA LOGGER” menu that will appear on the screen. If the password is entered, the “DATA LOGGER” will leave its listen-state, will disconnect the keyboard from the PC and will speak to the PC itself like a 'real' keyboard. Before that, a n editor (like NOTEPAD.EXE) has to be opened. The following menu will appear on the screen:

***”DATA LOGGER” V2.0
-o-utput EEPROM
-e-rase EEPROM
-c-hange password
-u-sed memory

By pressing 'o' the supervisor can display all the recorded keystrokes on the screen. The PIC will go into output mode and send all recorded key scancodes to the PC and return to receive mode. The recorded keystrokes remain in memory and the next recording session can begin. Now you will understand that not all the keystrokes that someone has entered before can be played back to the PC. Think, if the “DATA LOGGER” would send Alt-Tab to the PC... the focus would jump out of your editor window and all the recorded keystrokes could do anythink to your machine, that you don't really want...!

If 'e' is pressed, the “Data Logger” will start clearing the EEPROM completely by writing 0xFF to all memory locations. As soon as finished (it will take only a few seconds) the screen displays:

Wait...done.


By pressing 'c' in the menu, the supervisor will be prompted to enter an new password that will be the new supervisor password. This password will be stored in the internal EEPROM of the PIC16C84. If you don't remeber that password, you don't have to reprogram the PIC, but you can reset the password to the default password by connecting the RB4 pin to ground in the power up state.

The option 'used memory' will display the used size and the total size of the connected external EEPROM in hexadecimal.
Limitations:
The “DATA LOGGER” Software will record all keys on the alphanumeric keypad except the TAB-key, the '^'-key, caps-lock, delete, Ctrl, Alt, and Alt-Gr. The left and the right shift key and the return key will be recorded. These limitations are necessary, because otherwise the “DATA LOGGER” output may let the focus 'jump' out of the editor window while playing back recorded keystrokes.
The “DATA LOGGER” can only record one scancode set. There are a few keyboards that use a different scancode set. If a PS/2 keyboard is used in combination with a PS/2 mouse, the mouse must not be moved during “DATA LOGGER” playback, because the mouse will affect the CLOCK line of the keyboard.



The "DATA LOGGER" consists of the following devices:

* Microcontroller PIC16C84
* CMOS analog switch 4053
* serial I²C EEPROM 24C32, 24C64, 24C128, 24C256 or 24C512


In normal operation mode the CMOS analog switch connects the data and clock line from PC to keyboard. The keyboard is always powered with the 5V from the PC. If any key is pressed the PIC receives the keystrokes on the clock and data line, decodes them and stores them in the EEPROM. If the user enters a specific password, the PIC will disconnect the keyboard from the PC and talks to the PC itself.