Comments (34)
omstation
commented on July 3, 2024
Also, computer has 16 gb of ram. OS running natively.
from pcileech.
omstation
commented on July 3, 2024
Also, after some restarts and what not, I no longer see the device in the windows device manager, although lspci still shows the 05:00.0 Ethernet controller: Xilinx Corporation Device 0666 (rev 02)
Even though the ft601 is clearly visible through device manager aswell.
Because of this I now consistently get PCILEECH: Failed to connect to the device.
edit This is no longer the case, I noticed the pci link wasn't showing so re-sat the board in the slot and pcileech can connect now, although I still have the problem where I cannot dump any memory
from pcileech.
ufrisk
commented on July 3, 2024
Yes, the probe, that was working, confirms that this is not an issue with your target system.
The PCIeScreamer implementation I currently have is not completely stable. I'm currently looking into why; but since this will take some time (I might have a friend looking at it in a couple of weeks time) I thought it was best to post what I already have - since it's working alright in some scenarios and people have been waiting long enough.
Power cycle the board (reboot computer) may help sometimes.
Are you able to access memory by using the display command:
pcileech.exe display -min 0x1000 -v?
Alternatively are you able to see received TLPs if you run the same command as above in extra verbose mode:
pcileech.exe display -min 0x1000 -vv?
Also, if the link isn't already auto-negotiated to PCIe gen1 it may help to downgrade it. Can you please try: pcileech.exe display -min 0x1000 -v -pcie_gen1 Running pcileech with the verbose option (-v) will show the current link speed.
You may shut down and start the computer if the PCIeScreamer previously was inaccessible.
from pcileech.
omstation
commented on July 3, 2024
Here is what you requested, still nothing
`
C:\Users\fff\Desktop\pcileech-2.6\pcileech_files>pcileech.exe display -min 0x1000 -v
FPGA: Device Info: PCIeScreamer PCIe gen1 x1 [500,0,1000]
Memory Display: Failed reading memory at address: 0x0000000000001000.
C:\Users\fff\Desktop\pcileech-2.6\pcileech_files>pcileech.exe display -min 0x1000 -vv
FPGA: Device Info: PCIeScreamer PCIe gen1 x1 [500,0,1000]
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
Memory Display: Failed reading memory at address: 0x0000000000001000.
C:\Users\fff\Desktop\pcileech-2.6\pcileech_files>pcileech.exe display -min 0x1000 -v -pcie_gen1
FPGA: Device Info: PCIeScreamer PCIe gen1 x1 [500,0,1000]
Memory Display: Failed reading memory at address: 0x0000000000001000.
C:\Users\fff\Desktop\pcileech-2.6\pcileech_files>`
Looks like we're getting nothing on the RX end?
I again had to resit the card in another slot/the same slot, even though the pcie link led was shown, lspci saw nothing and device manager saw nothing. I have not been able to successfully boot and the card show up properly, maybe this is contributing to the issue?
Probing still works by the way.
from pcileech.
ufrisk
commented on July 3, 2024
ít is really strange that the probe is working for you and not the memory dump.
can you please run the command pcileech.exe probe -max 0x2000 -vv and return with the output (if there was a success. I need the line (and the hex dump below) that starts with RX: CplD
When I have this I'll send you some additional instructions for another test to run.
from pcileech.
omstation
commented on July 3, 2024
pcileech.exe probe -max 0x2000 -vv
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00000000
0000 00 00 00 01 05 00 00 0f 00 00 00 00 ............
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00001004
0000 00 00 00 01 05 00 00 0f 00 00 10 04 ............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 00
0000 4a 00 00 01 00 00 00 04 05 00 00 00 18 0a cf 8f J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 04
0000 4a 00 00 01 00 00 00 04 05 00 00 04 01 00 00 00 J...............
Memory Map:
START END #PAGES
0000000000000000 - 0000000000001fff 00000002
Current Action: Probing Memory
Access Mode: DMA (hardware only)
Progress: 0 / 0 (100%)
Speed: 8 kB/s
Address: 0x0000000000001000
Pages read: 2 / 2 (100%)
Pages failed: 0 (0%)
Memory Probe: Completed.
from pcileech.
omstation
commented on July 3, 2024
@ufrisk This might interest you aswell, I ran a dump command -min 0x1000 max 0x10000 and got some but they seem to be quite late.
pcileech.exe dump -min 0x1000 -max 0x10000 -vv
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 01 Addr: 00002000
0000 00 00 00 00 05 00 01 ff 00 00 20 00 .......... .
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 02 Addr: 00003000
0000 00 00 00 00 05 00 02 ff 00 00 30 00 ..........0.
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 03 Addr: 00004000
0000 00 00 00 00 05 00 03 ff 00 00 40 00 ..........@.
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 04 Addr: 00005000
0000 00 00 00 00 05 00 04 ff 00 00 50 00 ..........P.
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 05 Addr: 00006000
0000 00 00 00 00 05 00 05 ff 00 00 60 00 ..........`.
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 06 Addr: 00007000
0000 00 00 00 00 05 00 06 ff 00 00 70 00 ..........p.
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 07 Addr: 00008000
0000 00 00 00 00 05 00 07 ff 00 00 80 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 08 Addr: 00009000
0000 00 00 00 00 05 00 08 ff 00 00 90 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 09 Addr: 0000a000
0000 00 00 00 00 05 00 09 ff 00 00 a0 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0a Addr: 0000b000
0000 00 00 00 00 05 00 0a ff 00 00 b0 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0b Addr: 0000c000
0000 00 00 00 00 05 00 0b ff 00 00 c0 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0c Addr: 0000d000
0000 00 00 00 00 05 00 0c ff 00 00 d0 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0d Addr: 0000e000
0000 00 00 00 00 05 00 0d ff 00 00 e0 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0e Addr: 0000f000
0000 00 00 00 00 05 00 0e ff 00 00 f0 00 ............
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00001000
0000 00 00 00 01 05 00 00 0f 00 00 10 00 ............
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00002004
0000 00 00 00 01 05 00 00 0f 00 00 20 04 .......... .
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00003008
0000 00 00 00 01 05 00 00 0f 00 00 30 08 ..........0.
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000400c
0000 00 00 00 01 05 00 00 0f 00 00 40 0c ..........@.
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00005010
0000 00 00 00 01 05 00 00 0f 00 00 50 10 ..........P.
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00006014
0000 00 00 00 01 05 00 00 0f 00 00 60 14 ..........`.
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00007018
0000 00 00 00 01 05 00 00 0f 00 00 70 18 ..........p.
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000801c
0000 00 00 00 01 05 00 00 0f 00 00 80 1c ............
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00009020
0000 00 00 00 01 05 00 00 0f 00 00 90 20 ...........
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000a024
0000 00 00 00 01 05 00 00 0f 00 00 a0 24 ...........$
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000b028
0000 00 00 00 01 05 00 00 0f 00 00 b0 28 ...........(
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000c02c
0000 00 00 00 01 05 00 00 0f 00 00 c0 2c ...........,
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000d030
0000 00 00 00 01 05 00 00 0f 00 00 d0 30 ...........0
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000e034
0000 00 00 00 01 05 00 00 0f 00 00 e0 34 ...........4
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 0000f038
0000 00 00 00 01 05 00 00 0f 00 00 f0 38 ...........8
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 00
0000 4a 00 00 01 00 00 00 04 05 00 00 00 e9 4d 06 00 J............M..
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 04
0000 4a 00 00 01 00 00 00 04 05 00 00 04 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 08
0000 4a 00 00 01 00 00 00 04 05 00 00 08 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 0c
0000 4a 00 00 01 00 00 00 04 05 00 00 0c 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 10
0000 4a 00 00 01 00 00 00 04 05 00 00 10 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 14
0000 4a 00 00 01 00 00 00 04 05 00 00 14 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 18
0000 4a 00 00 01 00 00 00 04 05 00 00 18 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 1c
0000 4a 00 00 01 00 00 00 04 05 00 00 1c 00 00 00 00 J...............
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 20
0000 4a 00 00 01 00 00 00 04 05 00 00 20 00 00 00 00 J.......... ....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 24
0000 4a 00 00 01 00 00 00 04 05 00 00 24 00 00 00 00 J..........$....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 28
0000 4a 00 00 01 00 00 00 04 05 00 00 28 00 00 00 00 J..........(....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 2c
0000 4a 00 00 01 00 00 00 04 05 00 00 2c 00 00 00 00 J..........,....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 30
0000 4a 00 00 01 00 00 00 04 05 00 00 30 00 00 00 00 J..........0....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 34
0000 4a 00 00 01 00 00 00 04 05 00 00 34 00 00 00 00 J..........4....
RX: CplD: Len: 001 ReqID: 0500 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 38
0000 4a 00 00 01 00 00 00 04 05 00 00 38 00 00 00 00 J..........8....
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 05 00 00 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 00 Addr: 00002000
0000 00 00 00 00 05 00 00 ff 00 00 20 00 .......... .
Memory Map:
START END #PAGES
(No memory successfully read yet)
Current Action: Dumping Memory
Access Mode: DMA (hardware only)
Progress: 0 / 0 (6%)
Speed: 4 kB/s
(No memory successfully read yet)
Current Action: Dumping Memory
Access Mode: DMA (hardware only)
Progress: 0 / 0 (13%) ff Tag: 00 Addr: 00002000
Speed: 8 kB/s .......... .
(No memory successfully read yet)
: 00 Addr: 00003000
Current Action: Dumping Memory .........0.
Access Mode: DMA (hardware only)
Progress: 0 / 0 (20%) ff Tag: 00 Addr: 00003000
Speed: 12 kB/s ..........0.
(No memory successfully read yet)
: 00 Addr: 00004000
Current Action: Dumping Memory .........@.
Access Mode: DMA (hardware only)
Progress: 0 / 0 (26%) ff Tag: 00 Addr: 00004000
Speed: 16 kB/s ..........@.
(No memory successfully read yet)
: 00 Addr: 00005000
Current Action: Dumping Memory .........P.
Access Mode: DMA (hardware only)
Progress: 0 / 0 (33%) ff Tag: 00 Addr: 00005000
Speed: 20 kB/s .........p. (No memory successfully read yet)
Address: 0x0000000000006000
: 00 Addr: 00006000
Current Action: Dumping Memory .......... Access Mode: DMA (hardware only) Progress: 0 / 0 (40%) ff Tag: 00 Addr: 00006000 Speed: 24 kB/s ...........
(No memory successfully read yet)
: 00 Addr: 00007000
Current Action: Dumping Memory ......
Access Mode: DMA (hardware only)
Progress: 0 / 0 (46%) ff Tag: 00 Addr: 00007000
Speed: 14 kB/s ..........p.
(No memory successfully read yet)
: 00 Addr: 00008000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (53%) ff Tag: 00 Addr: 00008000
Speed: 16 kB/s ............
(No memory successfully read yet)
: 00 Addr: 00009000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (60%) ff Tag: 00 Addr: 00009000
Speed: 18 kB/s ............
(No memory successfully read yet)
: 00 Addr: 0000a000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (66%) ff Tag: 00 Addr: 0000a000
Speed: 20 kB/s ............
(No memory successfully read yet)
: 00 Addr: 0000b000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (73%) ff Tag: 00 Addr: 0000b000
Speed: 22 kB/s ............
(No memory successfully read yet)
: 00 Addr: 0000c000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (80%) ff Tag: 00 Addr: 0000c000
Speed: 24 kB/s ............
(No memory successfully read yet)
: 00 Addr: 0000d000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (86%) ff Tag: 00 Addr: 0000d000
Speed: 26 kB/s ............
(No memory successfully read yet)
: 00 Addr: 0000e000
Current Action: Dumping Memory ...........
(No memory successfully read yet)
: 00 Addr: 0000e000
Current Action: Dumping Memory ...........
Access Mode: DMA (hardware only)
Progress: 0 / 0 (100%) ff Tag: 00 Addr: 0000f000
Speed: 30 kB/s ............
Address: 0x0000000000010000
Pages read: 0 / 15 (0%) ff Tag: 00 Addr: 0000f000
Pages failed: 15 (100%) ............
Memory Dump: Failed. Cannot dump any sequential data in 16MB - terminating.
from pcileech.
ufrisk
commented on July 3, 2024
Thanks.
It's seems like your computer is not accepting full page dumps. Strange, but interesting.
In between the two rows in your trace below pcileech switched from dump to probe (that is
done when read fails automatically to speed things up). The probe replies are working.
// READ MEMORY BELOW:
TX: MRd32: Len: 000 ReqID: 0500 BE_FL: ff Tag: 0e Addr: 0000f000
0000 00 00 00 00 05 00 0e ff 00 00 f0 00 ............
// PROBE BELOW:
TX: MRd32: Len: 001 ReqID: 0500 BE_FL: f0 Tag: 00 Addr: 00001000
0000 00 00 00 01 05 00 00 0f 00 00 10 00 ............
Anyway, your PCIe Device ID is: 0500 in the slot you tried this.
Can you please transmit these raw PCIe TLPs and return with the result?
READ 4 BYTES (same as probe)
pcileech.exe tlp -vv -in 000000010500000f00001000
READ 128 BYTES
pcileech.exe tlp -vv -in 00000020050000ff00001000
READ 512 BYTES
pcileech.exe tlp -vv -in 00000020050000ff00001000
READ 1024 BYTES
pcileech.exe tlp -vv -in 00000100050000ff00001000
READ 2048 BYTES
pcileech.exe tlp -vv -in 00000200050000ff00001000
READ 4096 BYTES
pcileech.exe tlp -vv -in 00000000050000ff00001000
from pcileech.
omstation
commented on July 3, 2024
I'm trying in a different slot so i changed the id accordingly to 0100.
Your 128 byte tlp and the 512 byte tlp are the same by the way.
You were correct, it seems I cannot read 1024 bytes and over.
Here are the results (Note there is a double result caused by me inputting your duplicated 128,512 tlp)
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 000000010100000f00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 001 ReqID: 0100 BE_FL: f0 Tag: 00 Addr: 00001000
0000 00 00 00 01 01 00 00 0f 00 00 10 00 ............
RX: CplD: Len: 001 ReqID: 0100 CplID: 0000 Status: 0 BC: 004 Tag: 00 LowAddr: 00
0000 4a 00 00 01 00 00 00 04 01 00 00 00 e9 4d 06 00 J............M..
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000020010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 020 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 20 01 00 00 ff 00 00 10 00 ... ........
RX: CplD: Len: 020 ReqID: 0100 CplID: 0000 Status: 0 BC: 080 Tag: 00 LowAddr: 00
0000 4a 00 00 20 00 00 00 80 01 00 00 00 e9 4d 06 00 J.. .........M..
0010 01 00 00 00 01 00 00 00 3f 00 18 10 00 00 00 00 ........?.......
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 9b 20 00 00 00 00 00 .......... .....
0040 00 00 00 00 ff ff 00 00 00 93 cf 00 00 00 00 00 ................
0050 00 00 00 00 ff ff 00 00 00 9b cf 00 00 00 00 00 ................
0060 00 00 00 00 00 b0 f3 8e 00 00 00 00 7c 16 00 00 ............|...
0070 30 00 c6 16 00 00 10 00 00 00 00 00 90 fe 62 f7 0.............b.
0080 03 f8 ff ff 00 90 00 40 82 f7 ff ff .......@....
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000020010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 020 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 20 01 00 00 ff 00 00 10 00 ... ........
RX: CplD: Len: 020 ReqID: 0100 CplID: 0000 Status: 0 BC: 080 Tag: 00 LowAddr: 00
0000 4a 00 00 20 00 00 00 80 01 00 00 00 e9 4d 06 00 J.. .........M..
0010 01 00 00 00 01 00 00 00 3f 00 18 10 00 00 00 00 ........?.......
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 9b 20 00 00 00 00 00 .......... .....
0040 00 00 00 00 ff ff 00 00 00 93 cf 00 00 00 00 00 ................
0050 00 00 00 00 ff ff 00 00 00 9b cf 00 00 00 00 00 ................
0060 00 00 00 00 00 b0 f3 8e 00 00 00 00 7c 16 00 00 ............|...
0070 30 00 c6 16 00 00 10 00 00 00 00 00 90 fe 62 f7 0.............b.
0080 03 f8 ff ff 00 90 00 40 82 f7 ff ff .......@....
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000100010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 100 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 01 00 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000200010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 200 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 02 00 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000000010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 000 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>
from pcileech.
ufrisk
commented on July 3, 2024
sorry, I posted the wrong TLP in the 512 bytes one; it should be:
can you please retry? you don't have to post the results here, just if they were successful or failed.
READ 512 BYTES
pcileech.exe tlp -vv -in 00000080010000ff00001000
READ 1008 BYTES
pcileech.exe tlp -vv -in 000000FC010000ff00001000
READ 1024 BYTES
pcileech.exe tlp -vv -in 00000100010000ff00001000
also, can you try to force PCIe gen1 (not that I believe it will do a difference):
READ 4096 BYTES/PCIe gen1
pcileech.exe tlp -pcie_gen1 -vv -in 00000000010000ff00001000
from pcileech.
omstation
commented on July 3, 2024
@ufrisk All those seemingly failed
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000080010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 080 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 80 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 000000FC010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 0fc ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 fc 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -vv -in 00000100010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen2 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 100 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 01 00 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>pcileech.exe tlp -pcie_gen1 -vv -in 00000000010000ff00001000
FPGA: Device Info: PCIeScreamer PCIe gen1 x1 [500,0,1000]
TLP: Transmitting PCIe TLP.
TX: MRd32: Len: 000 ReqID: 0100 BE_FL: ff Tag: 00 Addr: 00001000
0000 00 00 00 00 01 00 00 ff 00 00 10 00 ............
C:\Users\ffff\Desktop\pcileech-master\pcileech_files>
from pcileech.
ufrisk
commented on July 3, 2024
Thanks for this report. I'll have to re-implement the read algorithm in pcileech to support this system. I suspect there are more systems with this problem so it's probably worthwhile. It will take some additional days though.
just out of curiosity, what is this target system of yours? cpu and mobo?
from pcileech.
omstation
commented on July 3, 2024
Mobo
https://m.newegg.com/products/N82E16813130872
CPU : 6700k
from pcileech.
ufrisk
commented on July 3, 2024
I'll fix this; but since it requires a change of the read algorithm I use it's probably going to take some time to change and test.
If everything goes according to a best-case scenario I'll be able to co-bundle the changes, which might have to be enabled using command line option, with some other feature updates and bug fixes; hopefully next week. But as usual no promises.
Thanks for helping me to locate this one .
from pcileech.
ufrisk
commented on July 3, 2024
This will be fixed in next release. You'll have to add an extra command line option and it will work. Unfortunately the fix will have a larger impact on performance (~10MB/s dump speed).
The plan is to have everything ready and tested in a few weeks.
from pcileech.
omstation
commented on July 3, 2024
@ufrisk Good to know. Any idea what would be causing this? I can mess around with my bios if you need, or have any presumptions what would be causing it.
Does the system give any info about the TLP? Does it fail, hang etc..?
from pcileech.
omstation
commented on July 3, 2024
@ufrisk I recently updated my bios and restored my pc and now dump is working.. I've been having alot more stability with the card, no more issues with re-seating it (strange)..
The only issue I'm having now is dump is cutting out at 0x91000000
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech probe
Memory Map:
START END #PAGES
0000000000000000 - 000000000009ffff 000000a0
00000000000c0000 - 000000008fbfffff 0008fb40
0000000100000000 - 000000046effffff 0036f000
Current Action: Probing Memory
Access Mode: DMA (hardware only)
Progress: 21856 / (unknown)
Speed: 218 MB/s
Address: 0x0000000555FFF000
Pages read: 4189152
Pages failed: 1405984
^C
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech dump
Current Action: Dumping Memory
Access Mode: DMA (hardware only)
Progress: 2320 / (unknown)
Speed: 30 MB/s
Address: 0x0000000091000000
Pages read: 588768
Pages failed: 5152
Memory Dump: Failed. Cannot dump any sequential data in 16MB - terminating.
Also the speeds for both dump and probe are a bit slow...
from pcileech.
omstation
commented on July 3, 2024
I think i'm having some ft601 driver issues though, not sure if windows installed the right ones, I'm getting strange disconnects (like if the usb was disconnected from the system and windows 10 makes a noise) while probing that I think are affecting the speed.
Do you happen to have a link to the definitely correct drivers?
from pcileech.
ufrisk
commented on July 3, 2024
awesome that you managed to get it to work.
PCILeech automatically stops if unable to dump any memory in 16MB. Around 0x91000000 there is a memory hole or memory mapped PCIe devices on your computer. To not stop dumping apply the -force option.
The other part; the PCIeScreamer is a bit unstable; but I hope to have managed to add extra redundancy in PCILeech for this error. If it still works don't bother about it.
from pcileech.
omstation
commented on July 3, 2024
I was trying to check if the force flag fixed my issue but all day today I've been getting cannot connect to the device, verbose output is failed to read pci device Id or something quite similar to that. I have no clue what is wrong and even attempted to run the card off my external power supply in case there was some power up timing issues on boot. I wonder if these issues are relating to the current unstableness, even though I'm running them without an extension
Also, does the new windows updates regarding the vulnerabilitys from Intel cause any or could cause any issues?
Anyways an sp605 is getting quite tempting, is there any place selling them for less than xilinx is selling them for?
from pcileech.
ufrisk
commented on July 3, 2024
yes, your recent troubles are related to the stability issue. Only advice I can currently give is to retry a couple of times, shut down/reboot target and try again until it works.
About the other FPGA dev boards you'll have to google for prices about those ones to get the best possible deals if you decide to go down that route.
from pcileech.
omstation
commented on July 3, 2024
@ufrisk I recently purchased the sp605 but am experiencing similar issues to the pciescreamer. Link led is green and responsive to computer shutoffs, etc.. But I am after getting dumps/probes that consistantly fail.
Seems to be after something occurs, probe and dump will no longer work, otherwise they work fine. I seem to be getting no rx response.
A little info, after a clean restart I seem to be able to probe/dump fine at normal speeds, but for example if I probe/dump again the device seems to lock up, no longer sending back any rx data. (It sometimes takes multiple attempts for it to lock up, not always the second try)
I have attempted pressing the reset button on the daughter board, but that seems to do nothing to help and also pressing the prog button (reset) on the sp605 causes it to no longer get a good pcie link (understandable as hot swapping pcie is never that good of an idea)
from pcileech.
ufrisk
commented on July 3, 2024
- How well fares the target computer when the SP605 stopped responding. Is it still alive? (it's not freezed or anything like that?)
- is it always stopping after a few attempts, maybe when there has been some idle time in between? Or is it stopping working in the middle of things as well?
from pcileech.
omstation
commented on July 3, 2024
@ufrisk I have been testing this with the same target + attacking pc, I hope this is ok, I'll see if I can try it with my laptop today and will report back if anything changes.
To your second question, I'll test this right now.
from pcileech.
omstation
commented on July 3, 2024
More onto your other comment, the pc is fully working even though the dma requests seem to fail (the pci link led is still on though)
Also I've been getting more invalid pci device id messages, even though lspci clearly shows the device is connected to they system.
https://i.imgur.com/iWr0Eoh.png
from pcileech.
omstation
commented on July 3, 2024
Have you tested attacking newer versions of windows 10, especially after the meltdown fix? I wonder if this might be a reason why I'm having troubles. Just an idea though.
from pcileech.
ufrisk
commented on July 3, 2024
I don't think it's meltdown related.
If the error is that it stops working after it's been used for a while and then you stop using it for a minute or two, I actually think it's been like that a long time. I haven't given it any thought really, I always just powered off and on the FPGA board with the power switch and it worked perfectly again. I can see how it's irritating though.
Or do you have more severe problems?
from pcileech.
omstation
commented on July 3, 2024
@ufrisk Any idea which would cause this (fresh restart)
https://i.imgur.com/heglszN.png
from pcileech.
ufrisk
commented on July 3, 2024
I have no idea actually. It's the first time I see that error.
It's normal that it will fail at 0xa0000-0xbffff since that memory area is reserved non readable. But the reads should work fine after that.
X:\bin>pcileech probe
Memory Map:
START END #PAGES
0000000000000000 - 000000000009ffff 000000a0
00000000000c0000 - 000000007dffffff 0007df40
Maybe it's your system that is behaving badly when trying to read that part of memory? If so try: pcileech probe -min 0xc0000 But I really have no clue in this case since I never seen that behaviour. I've seen the computer freeze when reading certain reserved memory in some systems, but that was in the 3-4GB region...
from pcileech.
omstation
commented on July 3, 2024
@ufrisk This is with the new version by the way
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech probe -min 0xc0000
Memory Map:
START END #PAGES
00000000000c0000 - 000000000015bfff 0000009c
Current Action: Probing Memory
Access Mode: DMA (hardware only)
Progress: 84736 / 268435455 (0%)
Speed: 1460 MB/s
Address: 0x00000014B00BF000
Pages read: 156 / 68719476544 (0%)
Pages failed: 21692260 (0%)
^C
C:\Users\admin\Desktop\pcileech-master\pcileech_files>
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech probe -min 0xc0000
PCILEECH: Failed to connect to the device.
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech probe -min 0xc0000
PCILEECH: Failed to connect to the device.
Firstly you can see that it is failing the test you presented, but also I think I found out what makes the board stop responding. To close pcileech because probe will run seemingly indefinitely, I use ctrl+c to force close the console app. It seems as you can see, after I do this, I can no longer connect to the device with the error
FPGA: ERROR: Unable to retrieve required Device PCIe ID.
PCILEECH: Failed to connect to the device.
I wonder if this could be related to a iommu/virtualization setting that I'm not seeing, but I don't think that is the case. EDIT did some more bios checks, and vt-d and virtualization tech are both disabled.
from pcileech.
omstation
commented on July 3, 2024
@ufrisk I don't know if this is a fluke, but setting the card in the slot seems to be making it perform perfectly
C:\Users\admin\Desktop\pcileech-master\pcileech_files>pcileech probe -max 30000000000
Memory Map:
START END #PAGES
0000000000000000 - 000000000009ffff 000000a0
00000000000c0000 - 00000000c77fffff 000c7740
0000000100000000 - 0000000436ffffff 00337000
Current Action: Probing Memory
Access Mode: DMA (hardware only)
Progress: 28610 / 28610 (100%)
Speed: 1144 MB/s
Address: 0x00000006FC239000
Pages read: 4188128 / 7324218 (57%)
Pages failed: 3136090 (42%)
Memory Probe: Completed.
The machine is 16gb, so around 16gb stop is correct.
from pcileech.
omstation
commented on July 3, 2024
It does seem to be working flawlessly even after letting it idle for some time, might have been because was using some cheap pcie extenders.
from pcileech.
ufrisk
commented on July 3, 2024
Thanks for the update. Good to hear that the issue resolved itself. I'm well aware that the PCIeScreamer instability remains though.
from pcileech.
ufrisk
commented on July 3, 2024
Closing Issue. All old issues related to PCIeScreamer R01 are assumed to be hardware related.
from pcileech.
Related Issues (20)
- pcileech3.0 cannot run on Nexus 5x HOT 7
- Self Maded Card 100% Page Failed HOT 6
- DMA problem: Insufficient memory[-] bulk transfer error HOT 4
- VS2022 compilation HOT 2
- Freeze target PC during memory dump HOT 1
- Issue while kmdload on win7x64 HOT 3
- Dealing with newer laptop boards. HOT 16
- Windows 10 - FPGA - Unable to locate valid DTB HOT 11
- DEVICE: FPGA: ERROR: Unable to retrieve required Device PCIe ID [4,v4.10,0000] HOT 1
- Hi, I'm having some problems initializing the device HOT 11
- Mouse&Keyboard status HOT 1
- read memory size and data problem HOT 3
- After time a module fetched will become unavailable HOT 2
- How to find information about a shared memory section HOT 2
- Using pcileech to move mouse HOT 1
- pci squirrel (Failed to connect to the device.) HOT 4
- DMA freezes every few seconds HOT 4
- Unable to retrieve required Device PCIe ID [4,v4.7,0000,FWCUST] HOT 2
- AMD + Screamer PCIe Squirrel: Probe reads 10% then fails subsequently HOT 1
- ERROR: PCILeech Invalid LeechDMA version number HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcileech.