Documentation
UEFI Development
UEFI Keylogger

UEFI Keylogger

In this documentation we will develop simple uefi keylogger.

Coding 

#include <Uefi.h>
#include <Library/UefiApplicationEntryPoint.h>
#include <Library/UefiLib.h>

EFI_STATUS
EFIAPI
UefiMain(
    EFI_HANDLE        ImageHandle,
    EFI_SYSTEM_TABLE  *SystemTable
) {
  EFI_SIMPLE_TEXT_INPUT_PROTOCOL *TextInput;
  EFI_INPUT_KEY Key;

  /* Protokole erişim sağla */
  TextInput = SystemTable->ConIn;

  Print (L"UEFI Keylogger!\n");

  while(1) {
    TextInput->ReadKeyStroke (
        TextInput, 
        &Key
    );
    if (Key.ScanCode == SCAN_ESC) {
      Print (L"ESC Button Detected\n");
      break;
    }

    if (Key.UnicodeChar != 0) {
      Print (L"Pressed: %c\n", Key.UnicodeChar);
    }
  }

  return EFI_SUCCESS;
}

Now let’s take a look at the codes

EFI_SIMPLE_TEXT_INPUT_PROTOCOL *TextInput;
EFI_INPUT_KEY Key;

We start by creating a pointer in our driver with the EFI_SIMPLE_TEXT_INPUT_PROTOCOL protocol. We will use this pointer to capture input from the keyboard. The EFI_SIMPLE_TEXT_INPUT_PROTOCOL protocol is a basic protocol that reads keyboard input.

We then create a variable of type EFI_INPUT_KEY to store the keys pressed from the keyboard in a variable.

TextInput = SystemTable->ConIn;

In this section, we access EFI_SIMPLE_TEXT_INPUT_PROTOCOL. ConIn is a member variable for Console Input Protocol.

while(1) {
    TextInput->ReadKeyStroke ( 
        TextInput, 
        &Key
    );
    if (Key.ScanCode == SCAN_ESC) {
      Print (L"ESC Button Detected\n");
      break;
    }

    if (Key.UnicodeChar != 0) {
      Print (L"Pressed: %c\n", Key.UnicodeChar);
    }
}

Now we start printing the pressed keys on the screen with a loop. With ReadKeyStroke we pass the pressed keys to the Key variable.

If the key pressed is the ESC (SCAN_ESC) key, the driver exits the loop. If it is not, then we print the pressed key on the screen.

Running the Driver

Create the KeyLogger.inf file and paste the following codes:

[Defines]
  INF_VERSION                    = 0x00010006
  BASE_NAME                      = KeyLogger
  MODULE_TYPE                    = UEFI_APPLICATION
  VERSION_STRING                 = 1.0
  ENTRY_POINT                    = UefiMain

[Sources]
  KeyLogger.c

[Packages]
  MdePkg/MdePkg.dec
  ShellPkg/ShellPkg.dec
  MdeModulePkg/MdeModulePkg.dec

[LibraryClasses]
  UefiApplicationEntryPoint
  UefiLib

Now build the project via this code:

Build -m ShellPkg\Application\KeyLogger\KeyLogger.inf

Here’s the result:

Conclusion

In this documentation we have learned how to develop a simple Keylogger with a UEFI driver. I realize that the documentation is simple, but since we are new to UEFI projects, I think it would be nice to move forward with simple projects like this.

Last updated on
UEFI to Windows Communication via NVRAM VariablesIntroduction to UEFI