Capture Guard

[ictmehrdad]

Hi Dear Ufrisk Have you ever seen this: http://www.windowsscope.com/product/captureguard-gateway-access-to-locked-computers/ I want to know your idea about it! it is so expensive Is there any way to have something like that?(I mean in both Hardware and the way that it act automatically?) they claim that they can do it in Mac and Linux and windows 8 and 10 too! thanks

[ufrisk]

Yes, I'm aware of the CaptureGuard (which removes the passphrase requirement). I really doubt it works on macOS High Sierra though.

Yes, it's possible to implement this on both the USB3380 and the FPGA. I had a working version of it on the USB3380 which I never released (it's nowdays a bit crappy), and also it's possible to do this much better on an FPGA.

Depending on the degree of flexibility you could either implement this on-chip on the FPGA (in a soft CPU) or just connect a Raspberry Pi running the pcileech binary to the current FPGA solution...

My main problem with regards to this is lack of time. I just haven't prioritized making my PCILeech stuff completely standalone.

[devdoomari]

Wow so there's no defense against these on windows?

2018년 5월 15일 (화) 오후 9:16, Ulf Frisk notifications@github.com님이 작성:

Yes, I'm aware of the CaptureGuard (which removes the passphrase requirement). I really doubt it works on macOS High Sierra though.

Yes, it's possible to implement this on both the USB3380 and the FPGA. I had a working version of it on the USB3380 which I never released (it's nowdays a bit crappy), and also it's possible to do this much better on an FPGA.

Depending on the degree of flexibility you could either implement this on-chip on the FPGA (in a soft CPU) or just connect a Raspberry Pi running the pcileech binary to the current FPGA solution...

My main problem with regards to this is lack of time. I just haven't prioritized making my PCILeech stuff completely standalone.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ufrisk/pcileech/issues/42#issuecomment-389145379, or mute the thread https://github.com/notifications/unsubscribe-auth/AFym2mJLbtThZ6gAl4gICN0M5f271R5pks5tyscNgaJpZM4T-04V .

[ufrisk]

@devdoomari There are defenses, but they aren't enabled by default. Defenses have to be enabled by group policy or similar (win10).

[devdoomari]

Sorry to bother you, but can you point to the specific group policy? If you're busy, simply linking to a url will do : )

2018년 5월 15일 (화) 오후 11:04, Ulf Frisk notifications@github.com님이 작성:

@devdoomari https://github.com/devdoomari There are defenses, but they aren't enabled by default. Defenses have to be enabled by group policy or similar (win10).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ufrisk/pcileech/issues/42#issuecomment-389178965, or mute the thread https://github.com/notifications/unsubscribe-auth/AFym2oAcekRl-nti9-UFFnWVgfxz5ecaks5tyuB0gaJpZM4T-04V .

[ictmehrdad]

Thanks Great If I can do something for you to do it faster, I am at your service

[ufrisk]

@devdoomari a few different GPOs affect things, I haven't had the time to test everything as much as I really would like though, so I'm refraining from commenting on this one.

@ictmehrdad a pull request to the fpga-project :) otherwise I'm not too interested in this at the moment - mostly due to lack of a suitable hardware device and lack of time. The PCIeScreamer isn't as stable as I would like, and no point in doing this for the huge Xilinx dev boards I also support. If/when a more suitable (= cheaper more compact) FPGA device is released I may look into this again.

[ictmehrdad]

What are the features the we need in FPGA that support tht?! And if we want to work with raspberry pi what should i do?! How can we recognition the traget os automatically?! In General if you explain more in details I can work on it(in both raspberry pi and select a sustainable FPGA) I mean the technical guide about the way of doing that Because you know PCILeech more than me

[ictmehrdad]

And you said that these days you’re working on something else, May ask that what are you working on nowadays?!

[ufrisk]

@ictmehrdad With regards to the FPGA possibility (best one) a suitable inexpensive PCIe board with a small form factor is needed to make a standalone unit worthwile for me to look into. You probably need to add an on-board soft CPU on the FPGA for it.

As for the Raspberry PI option, it should be possible to just recompile PCILeech and run it on the RPi. I haven't added auto-detect stuff to PCILeech so that would have to be coded somehow.

Anyway, this is a hobby project of mine, as such I just don't have unlimited time to put into it since I do have a day job to take care of. For me creating a standalone unit it just a lot hard of work - it won't really add something new. I'd rather spend my limited time adding completely new features or researching new ways into the systems (or just keep the ways I already have working ...)

I feel that this is just not worth looking into at the moment with the big FPGA dev board hardware I currently support. If you carry a big board like that you may as well carry a small windows tablet or laptop as well. As far as the older USB3380 I do support running PCILeech on Android with OTG cable...

[ictmehrdad]

What do you mean by new features?! Can you tell me more about them. You know I am really a big fan of your work And experts, and I want to work with your idea, just i need to know that what should i do?!what are the new features that can be added to that?!

[ufrisk]

Thanks :) The plan is to release some improved features next week if everything goes well. Mostly related to the process file system - adding a lot of new auto-analysis stuff.

[ufrisk]

Closing this issue due to old age.