Cannot flash PCIEScreamer

[leolongvu]

So I tried to flash the PCIEScreamer with the following set up: PICEScreamer plugged in to PCIE slot, JTAG plugged in to PCIEScreamer and connect to same PC via USB. Flasing using Vivado Tcl Shell on Windows. I always get the error:

ERROR: [Labtoolstcl 44-199] No matching targets found on connected servers: localhost Resolution: If needed connect the desired target to a server and use command refresh_hw_server. Then rerun the get_hw_targets command. ERROR: [Common 17-39] 'get_hw_targets' failed due to earlier errors.

while executing "get_hw_targets" invoked from within "current_hw_target [get_hw_targets]" (file "vivado_flash_hs2.tcl" line 11)

I have tried to flash directly with OpenOCD but it said no device found. I then checked the light indicated (with JTAG still plugged in), TEST BTN is blinking, LD2 is always on and LD3 is off.

What might be the problems?

[leolongvu]

Further to my previous report, I have tried to update the BIOS and now the device is recognise as FTDISuperSpeed, however the JTAG cable is not recognised either in Vivado or iMPACT.

OpenOCD throws the following errors:

Info : auto-selecting first available session transport "jtag". To override use 'transport select '. adapter speed: 10000 kHz Error: libusb_open() failed with LIBUSB_ERROR_NOT_FOUND Error: no device found Error: unable to open ftdi device with vid 0403, pid 6011, description '', serial '' at bus location '*'

I suspect that the JTAG cable driver maybe missing or corrupted. I use Windows 10 64-bit

[ufrisk]

If you are using the JTAG cable from LambdaConcept it's only supported by the most recent OpenOCD as per their instructions. It's not supported by Vivado.

I never tried to use the most recent version of OpenOCD on Windows. I would recommend Linux for flashing (if you are using LambdaConcept cable and not Xilinx cable).

Also; you need to power the PCIeScreamer - either via the barrel jack or PCIe before flashing. Flashing with power only from the JTAG cable won't work even though the LEDs light up.

[leolongvu]

I have managed to successfully flash the board via OpenOCD (a pain to setup with all dependencies). I tried a test dump and unfortunately, it doesnt work.

pcileech.exe probe returns PCILEECH: Failed to connect to the device. while pcileech.exe dump -v returns FPGA: ERROR: Unable to retrieve required Device PCIe ID [1,v3.2,0000] PCILEECH: Failed to connect to the device.

Step I have tried:

• Use a seperate power chord (with adjust on-board pins bind).
• Updated BIOS (ASUS STRIX X99 GAMING)
• Check virtuallization disabled in BIOS.

So far no success. May be I have missed somethings, I know that PCIEScreamer is not stable but I have not managed to get it to probe once.

Edit 1: LD2 and LD3 are alway on, if I press SW3 LD1 is on as long as I hold it.

Edit 2: I have made it to work by swapping the card to PCIEx16 slot. No idea why x1 doesnt accept it though.

[ufrisk]

Thanks, problem solved then :+1: I have no clue why your x1 slot wasn't working but I'm glad it works for you in the other slot. Good Luck with your DMA attacking.

[leolongvu]

I left board overnight untouch and it was working fine. The morning I reset my PC and suddenly it does not work anymore. I will dig into the problem and report to you if I can come up with a solution.

[leolongvu]

So for few days I was trying to find out why the board stopped working and I failed. I tried all 3 available PCIE slots on my motherboard and non of them working. The only thing I found out was that at the first glance I turned my PC on, PCIEScreamer LD2 didnt lit but if I pressed SW1, the LED was on. If I use an external power source then I dont have to press SW1 to make LD2 lit. Despite of board LED on (LD2 and LD3), I was still unable to get the board communicate with the motherboard.

Always get this error:

FPGA: ERROR: Unable to retrieve required Device PCIe ID [1,v3.2,0000] PCILEECH: Failed to connect to the device.

[ufrisk]

The PCIeScreamer unfortunately isn't completely stable. It often stops working after a while and a reboot or power-off/start-up will fix it. You should not be using an external power source if you put it directly into the PCIe slot. But if you do you probably have to power off the computer and the PCIeScreamer before you start again to get it working.

I never heard before that it was working alright for someone and then just completely stops working forever as you describe.

[leolongvu]

I finally found what happen with the board. There are a number problems and they are a little bit complicated so I will try to explain them.

Firstly, to get my motherboard to detect the PCIeScreamer after every restart/shutdown, I had to press the SW1 button just after the power button of the PC is pressed and a few second before the ASUS logo appears on my monitor. I really had to be very precise with the timing here, otherwise the board will not be detected. I can be sure that the motherboard will be able detect the PCIeScreamer if LD2 is not lit after I pressed SW1 and lights up itself when the ASUS logo shows up. If SW1 is pressed to early LD2 will not lit at all and if pressed to late LD2 will not be off before it lit - both cases will result in a fail to detect.

Secondly, after I booted to Windows and was successful in trying the command pcieleech display, I then tried the probe command. At the beginning it was fine although I do notice the speed is a little bit too high, about 300MB/s. Then at progress 4000/unknown (exact everytime), my PC was just frozen. The first time I tried probing resulted in a BDOS, but the subsequent tries just frozen, nothing happened. To be more clear, I have 16GB RAM so I would expect the progress to go higher.

Finally, I tried command dump, this time there is no guarantee progress number that the PC frozen, seemed to be between 2000-3000, but I have not managed to successfully dumped my entire memory.

I suspect somethings not right with the connection between my motherboard and the Screamer but you may have had these problems before so I will report everything here. Other than that, other commands work fine.

[ufrisk]

I never heard about the first problem. But you could try the earlier 3.0 version of the PCIeScreamer FPGA bitstream - it loads considerably slower and will probably be a long enough delay to resolve your problem.

Your 2nd problem isn't related to the PCIeScreamer (most likely) - but rather your computer. Computers contains not only memory in physical memory space - but also memory mapped devices - which are most often loaded at addresses around 2-4 GB depending on vendor. Some devices and vendors are really sensitive to reads and will freeze the system if someone tries to read from that address. I suspect thats what is going on in your case. Another computer with another motherboard and/or other devices may react in a different way and may be stable.

Unfortunately, I do not as of today, have the ability for you to supply a blacklist of addresses to PCILeech. But it will most likely work if you split the reads/probes into two. like: pcileech dump -max 0xcdefa000 (replace 0xcdefa000 with your bad address) and pcileech dump -min 0x100000000 (start dump from above 4GB.

[leolongvu]

Many thanks. I am now able to dump through my entire memory. I now got 2 dump files, how should I mount these files to use the Memory Process File System? To my understanding, I have to somehow join these dump files into one before mounting it.

[ufrisk]

yes, either you run PCILeech against live memory now when you have the max address (and if you're lucky maybe your computer won't freeze) pcileech.exe mount -max 0x<max_addr>

or you can also join the files (and zero-pad the parts of memory that you left out in the dump) into a single file and run pcileech against it pcileech.exe mount -device <yourfilename>

[leolongvu]

I tried to mount the File System and got the following error:

VMM: Skipping process due to parsing error. PML4: 0000000000000000 PID: 0 STATE: 0 EPROCESS: fffff803a0fc0128 NAME:

This kept repeating itself and prevented the mount to continue to excute.

I have not found any documented infos on this, although I can somewhat guess that this is maybe related to the probing problem before as fffff803 was the corrupted memory address. Is there a way to force skip this address during mounting?

[ufrisk]

it's not really preventing the mount hopefully, that is more like a debug message - can you check if the file system was mounted anyway?

[leolongvu]

It went like this, and the file system was not mounted, otherwise I could see it right away.

[ufrisk]

As mentioned previously this is mostly a debug message when the walk of the process list becomes broken due to bad memory reads for some reason. I guess it's depending on where this is broken in the list. If it's at the very first processes not much will show. My guess is that it will go away if you do a new memory dump or try again after a reboot of the target system.

In order for me to look into this further I would require the memory dump file that triggers this error.

[ufrisk]

Closing this issue due to old age.