arisada
commented
4 years ago I also checked the Bios settings, VT-d and VT-x are disabled, but the laptop itself is booting with bitlocker and TPM.
Closed arisada closed 4 years ago
arisada
commented
4 years ago I also checked the Bios settings, VT-d and VT-x are disabled, but the laptop itself is booting with bitlocker and TPM.
ufrisk
commented
4 years ago I have changed a few things to increase stability and add new hardware in the last week.
You can try the most recent pcileech 4.3 together with the pcileech-fpga 4.0 bitstream version.
But from what I gather from you it's not working with pcileech 4.2 and pcileech-fpga 3.4 bitstream either - it used to - but it's not anymore?
Also be aware that Microsoft have added settings that disable bus mastering on upstream pcie bridges for new unrecognized devices when the computer is locked. But I would not think this should affect anything in between windows versions - unless you activated that GPO setting... If dump and stickykeys are working this is not the issue though ...
arisada
commented
4 years ago Hi, thanks for you quick response
But from what I gather from you it's not working with pcileech 4.2 and pcileech-fpga 3.4 bitstream either - it used to - but it's not anymore?
That's right. I wasn't aware there was a pcileech-fpga 4.0 bitstream, I'll try this on Monday. I have also a second PCIeScreamer that I could try, but I doubt the problem happens on the PHY level. Most probably the kmd isn't writing at the right place. I would have tried with a ´-cr3´ parameter instead of ´-pt´ but I have no idea how to figure out an acceptable value.
arisada
commented
4 years ago Upgrade to 1903 didn't help, kmd injection still times out, but at least the sticky keys thing works again. I'll use that one for my demo together with an USB stick with a .exe, that's sufficient for telling my point that our laptops can be hacked :) I'll try the pcileech-fpga 4.0 bitstream asap and give you feedback.
ufrisk
commented
4 years ago I have done a lot of fixes since the last comment on this issue. I have also released as of today a new more stable kernel injection technique that may be used with pcileech.exe kmdload -kmd WIN10_X64_3. I would think this resolves your quite old issue. If you are still having issues please let me know. I'm closing this issue now though.
Also, the PCIeScreamer R02 have known stability issues even though it's fairly stable. For a more stable product the ScreamerM2 or any of the other supported FPGA boards are recommended.
arisada
commented
4 years ago Thanks for the feedback. Unfortunately I had to reinstall this laptop so I won't be able to test if that fixes my old issue, but I really appreciate the continuous development you make on pcileech.
Hi,
I'm working on a demo of pcileech + PCIeScreamer R02 on an hp elitebook laptop running Win 10 1809/10.0.17763. The whole rooting process was working perfectly yesterday until today when I tried to reharse my demo, and it doesn't work anymore.
Symptoms: pcieleech works normally with patching, e.g. I was still able to dump memory, probe memory and run
patch -sig stickykeys_cmd_win. Pcileech consistently fails to install the KMD:Sometimes the target kernel BSOD's or freezes but most often nothing happens. I've tried with the windows version, both 4.3 and 4.2 versions give the same results. I wanted to go the ntfs.sys way but it looks like this one is not available on more recent windows versions.
I'm still baffled why it worked yesterday and not today. I tried removing/adding windows patches, verifying the wiring, trying from my linux computer, with/without power plug, changing the pcie flat cable, tried with WIN10_X64_2 (fails too).
Right now I'm updating to Win 10 1903, hoping this would change something. I have another laptop with 1903 where the attack works.
Any idea of possible problems I have overlooked?
Thanks