search

ufrisk / pcileech

Direct Memory Access (DMA) Attack Software
GNU Affero General Public License v3.0
5.05k stars 735 forks source link

Ryzen B series boards #145

Closed ghost closed 4 years ago

ghost commented 4 years ago

Does not seem compatible with any "B" series boards.

ufrisk commented 4 years ago

I have tested this on my "B" series board and it works. I suspect this may be due to some other issue.

Can you on a freshly powered on (not rebooted) system that is booted into windows run:

pcileech.exe dump -out none -v -vv -device fpga -memmap auto

It may be due to memory clocking and such as well; i kbow intel ppl had issues with that.

ghost commented 4 years ago

B450 On fresh everything, that outputted https://hastebin.com/hamaqixenu.http

When running MemProcFS.exe -device fpga://algo=2 -v -vv however, received VmmWinInit_TryInitialize: Initialization Failed. Unable to locate valid DTB #2 VmmProc: Unable to auto-identify operating system for PROC file system mount. MOUNT: INFO: PROC file system not mounted

ufrisk commented 4 years ago

  1. I was wrong about my mobo, it was a x470, I don't believe this to be the issue though.

  2. Can you please try to, on a freshly booted system (cold boot - no reboot) run the command MemProcFS.exe -device fpga://algo=1 -v -vv (note the algo=1, not algo=2, I changed this around a bit; algo=1 is the new improved tiny algorithm, while the algo=2 is the older large read).

  3. your configuration space looks custom. can you please try to re-flash with the original v4.6 bitstream you can download from my pcileech-fpga project just to have a device that is as standard as possible. once you get it working you may try to alter this config space.

  4. can you please try to, on a freshly booted system (cold boot - no reboot) re-run the command pcileech.exe dump -out none -v -vv -device fpga -memmap auto

  5. if (3) is not working can you on a freshly booted system (cold boot - no reboot) that windows is fully started on and you're logged in run pcileech.exe display -min 0x1000 -v -vv -device fpga

  6. if (4) is not working can you on a freshly booted system (cold boot - no reboot) that windows is fully started on and you're logged in run pcileech.exe display -min 0x1000 -v -vv -device fpga://algo=1

can you please let me know how it goes? I believe we'll resolve this somehow :)

ghost commented 4 years ago
  1. I was wrong about my mobo, it was a x470, I don't believe this to be the issue though.
  2. Can you please try to, on a freshly booted system (cold boot - no reboot) run the command MemProcFS.exe -device fpga://algo=1 -v -vv (note the algo=1, not algo=2, I changed this around a bit; algo=1 is the new improved tiny algorithm, while the algo=2 is the older large read).
  3. your configuration space looks custom. can you please try to re-flash with the original v4.6 bitstream you can download from my pcileech-fpga project just to have a device that is as standard as possible. once you get it working you may try to alter this config space.
  4. can you please try to, on a freshly booted system (cold boot - no reboot) re-run the command pcileech.exe dump -out none -v -vv -device fpga -memmap auto
  5. if (3) is not working can you on a freshly booted system (cold boot - no reboot) that windows is fully started on and you're logged in run pcileech.exe display -min 0x1000 -v -vv -device fpga
  6. if (4) is not working can you on a freshly booted system (cold boot - no reboot) that windows is fully started on and you're logged in run pcileech.exe display -min 0x1000 -v -vv -device fpga://algo=1

can you please let me know how it goes? I believe we'll resolve this somehow :)

I am still following this. I have a friend who has a new screamer being shipped and a brand new B450 coming in so we are going to use the brand new hardware to get the best results we can.

ghost commented 4 years ago

I can't reproduce this anymore. Not sure what was going on, 2 people had an issue, 2 did not after getting some people together. I am going to go ahead and close. Will let you know if it starts consistently happening again.

ufrisk commented 4 years ago

I'm glad this issue seems to have been resolved. I wish you the best of luck with your future DMA attacking and please let me know if you run into any more issues.

Also, if you find PCILeech / MemProcFS useful please consider sponsoring the project here on Github. I see people purchasing hardware for hundreds of dollars (of which I receive absolutely zero dollars for - since I'm not related to hardware sales) just to be able to run my free open source software. Sponsorships go for as little as $2 and Github is matching it - a $2 sponsorship for you is a $4 sponsorship for me. Thank You 💖