search

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software
GNU Affero General Public License v3.0
4.87k stars 718 forks source link

PCIeScreamer R02 - probe pages read: 0 / 4194305 && failed reading memory at address #103

Closed sky-coding closed 4 years ago

sky-coding commented 5 years ago

Hi Ulf, I've flashed my PCIeScreamer R02 with pcileech_pciescreamer_xc7a35. My target machine and analysis machine are separate devices, both running Windows 10. The PCIeScreamer shows up correctly in the target machine's device manager. When I run a probe, it does detect my 16GB of RAM, but fails to read every single page:

> pcileech -device fpga -v -vv probe

DEVICE: FPGA: PCIeScreamer R2 PCIe gen2 x1 [400,0,750] [v3.4,2500]
Successfully loaded LeechCore v1.2.2 Device 3
 Memory Map:
 START              END               #PAGES

 Current Action: Probing Memory
 Access Mode:    Normal
 Progress:       16384 / 16384 (100%)
 Speed:          528 MB/s
 Address:        0x0000000400000000
 Pages read:     0 / 4194305 (0%)
 Pages failed:   4194305 (100%)
Memory Probe: Completed.

On some boots I've noticed it only seems to detect 4GB (progress reports 4096 / 4096, and 1048576 failed pages) but I'm not sure if that is relevant.

Other commands such as display fail as well:

> pcileech -device fpga -v -vv display -min 0x1000

DEVICE: FPGA: PCIeScreamer R2 PCIe gen1 x1 [400,0,750] [v3.4,2500]
Successfully loaded LeechCore v1.2.2 Device 3
Memory Display: Failed reading memory at address: 0x0000000000001000.

I've tried reflashing the board, and also reseating it in different slots (x1 and x16) with no changes.

I double checked my BIOS configuration, I disabled IOMMU and SVM Mode (virtualization) early on but there are other options that may be relevant (the 4GB memory option under PCI settings looks interesting but does not seem to have any effect) The board is an msi b450 tomahawk, here are some of the relevant options:

bios

Any suggestions to resolve this issue would be greatly appreciated. Thanks!

ufrisk commented 5 years ago

Unfortunately I do not have much ideas around this. You seems to have a good understanding of the things and already been doing quite some debugging yourself. The device seems to be successfully flashed.

You can try the option -device fpga://1:1000:1000:1000 to manually force additional delays into the read logic. Unfortunately I don't think it will make much of a difference.

Also if it fails completely, shut down the computer and then power it on again to power cycle the board.

sky-coding commented 5 years ago

Thanks for the response. I had unsuccessfully tried that option previously, as I saw you had suggested it in another thread. I will continue experimenting when I have the time and update this issue if I find a resolution. Regardless, Ulf, thank you for you work on this project!

ufrisk commented 4 years ago

I have made quite a few stability updates to PCILeech since this. Hopefully it should resolve your issues. SInce this issue is very old I'm closing it.

Also, the PCIeScreamer R02 have known stability issues that I'm unable to do anything about. In most situations it should be fairly stable; but if stability is paramount I'd recommend another supported FPGA product.