Open und3ath opened 11 months ago
Thunderbolt is quite well secured by default. But you indicate that you changed some settings. Also, Windows 11 employs a few protection techniques when the computer is locked in addition to the ones you mention.
On a freshly booted (not rebooted) and unlocked target system does the command below work and display some memory?
pcileech.exe display -min 0x1000 -device fpga -v
Also, if you run some custom firmware this may be causing issues. I don't think it should be an issue of it works thru PCIe ports tho. But you can also try (on a freshly booted system):
pcileech.exe display -min 0x1000 -device fpga://algo=1 -v
Please let me know how it goes, if you have any success or if you're still having issues.
Hello, i have a leetdma but i have flashed the pcieSquirrel firmware .
The thunderbolt adapter is a wikingoo egpu ( seen as TB4 Home in the thunderbolt app ) and the leetdma is shown as an ethernet adapter in the device tree ( just changed id in vivado before compiling )
On a fresh boot, after unlocking the session:
#######################################################
pcileech.exe display -min 0x1000 -device fpga -v
DEVICE: FPGA: ScreamerM2 PCIe gen2 x1 [300,25,500] [v4.12,0e00] [ASYNC,NORM] Memory Display: Failed reading memory at address: 0x0000000000001000.
#######################################################
pcileech.exe display -min 0x1000 -device fpga://algo=1 -v
DEVICE: FPGA: ScreamerM2 PCIe gen2 x1 [300,25,500] [v4.12,0e00] [ASYNC,TINY] Memory Display: Failed reading memory at address: 0x0000000000001000.
It seems like communicating with the device works fine, but DMA is not working.
Ensure Thunderbolt security mode is set to no security / legacy in BIOS settings. Also if you have some extra Thunderbolt controller software installed you may need to disable it here as well. Ensure IOMMU / VT-d is disabled in BIOS settings. Ensure Windows is booted and you're logged in (i.e. the computer is unlocked).
On a freshly booted (and logged on unlocked state) try: pcileech.exe display -min 0x1000 -device fpga://algo=1 -v
Context: hp laptop with vt-d, vbs, kernel dma etc
I have successfully read dma through the pci, (a lot of unreadable pages which is normal with vt-d)
If I do the same thing with thunderbolt (no security at the thunderbolt level, my pci device is present once the session is open), If I read outside physical ranges, I get a blue screen or the pc freeze which is normal. But if i stay in the physical range 100% of the pages read fail and sometime the pc freez or get a bsod too .
It is normal ?