Custom DMA Firmware

Secondary Categories: 02-Game Hacking, 02-Hardware

Before beginning to create your custom firmware you need to setup your main PC that will have the DMA card installed. In your BIOS you need to make the following changes:

• Disable virtualization settings in the BIOS.
  • Intel motherboards = Virtualization/IOMMU and VT-d.
  • AMD motherboards = Virtualization/IOMMU and SVM.
• Disable NX-Bit if available.
• Turn Off Kernel DMA protection
• Disable Secure Boot
• (OPTIONAL) Set the PCI slot of the DMA card from Auto to Gen1 (Advanced > PCI Settings).
• Make sure Memory Integrity/Core Isolation is off in Windows Security. You can check to see if the settings were properly by opening up System Information and checking the Secure Boot, Kernel DMA Protections, Virtualization Based Security, and Hyper-V Virtualization Enabled Firmware

There is a great article about how to write your own firmware for you DMA card here, but doesn’t provide a cohesive picture of how to create custom firmware.

Interupt Emulation BAR Emulation Breathing: https://github.com/Shocka-Zulu/wifi_legacy

Connecting to DMA Card Common Issues

TINY PCIe TLP Algorithm Auto-selected: - Check for secure USB connections and try different ports. - Ensure your USB cable is data-rated (not charging-only).

Reference

• https://github.com/Cr4sh/zc_pcie_dma
• https://www.linkedin.com/pulse/pci-express-primer-3-transaction-layer-simon-southwell
• https://drive.google.com/file/d/1CECftcznLwcKDADtjpHhW13-IBHTZVXx/view
• https://www.simonrak.se/
• https://www.fpga4fun.com/PCI-Express.html
• https://ctf.re/windows/kernel/pcie/tutorial/2023/02/14/pcie-part-1/
• https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/
• https://ctf.re/pcie/experiment/linux/keysight/protocol-analyzer/2024/03/26/pcie-experiment-1/
• https://github.com/kilmu1337/DMA-FIRMWARE/tree/main
• https://github.com/Silverr12/DMA-CFW-Guide/tree/main
• https://dma.lystic.dev/anticheat-evasion/clearing-device-history

Tools

• TeleScan password is “phoenix”
  • ALT DOWNLOAD
• Firmware Flash Tool xc7a75t (75t) password is “phoenix”

Video Walk Through

• https://youtu.be/qws3XHYu3sA?si=zP2cfBVkM5S5ml6-
• https://youtu.be/qOPTxYYw63E?si=Q0tYTZaYTuBi8j-u

Examples

• https://github.com/ekknod/pcileech-wifi
• https://github.com/yxlnqs/diviner-full-emu-v2
• https://github.com/ClincyJones/RTL8191SE
• https://github.com/ufrisk/pcileech-fpga

Testing Firmware

There are several ways we can check to see if our custom firmware is properly working.

1. On the PC with the DMA card open Device Manager then navigate to the section that the DMA card is trying to emulate. Check to see if there is a yellow caution sign next to the device. This describes if the device is not working as intended. This can be caused by a number of reasons such as the device driver cant communicate to the PCIe card.
2. Use drvscan. This tool performs numerous checks such as:
   1. PCIleech defaults
   2. Device Driver cant communicate to the PCIe device
   3. Attempting to read and write the the PCIe device config space
3. Using emuscan This tool does not provide the source code so I would be weary of executing this on your system.

Also Check Out:

• PLACEHOLDER