Secondary Categories: 02-Game Hacking, 02-Hardware
Before beginning to create your custom firmware you need to setup your main PC that will have the DMA card installed. In your BIOS you need to make the following changes:
- Disable virtualization settings in the BIOS.
- Intel motherboards = Virtualization/IOMMU and VT-d.
- AMD motherboards = Virtualization/IOMMU and SVM.
- Disable NX-Bit if available.
- Turn Off Kernel DMA protection
- Disable Secure Boot
- (OPTIONAL) Set the PCI slot of the DMA card from Auto to Gen1 (Advanced > PCI Settings).
- Make sure Memory Integrity/Core Isolation is off in Windows Security.
You can check to see if the settings were properly by opening up System Information and checking the
Secure Boot
,Kernel DMA Protections
,Virtualization Based Security
, andHyper-V Virtualization Enabled Firmware
There is a great article about how to write your own firmware for you DMA card here, but doesnβt provide a cohesive picture of how to create custom firmware.
Interupt Emulation BAR Emulation Breathing: https://github.com/Shocka-Zulu/wifi_legacy
Connecting to DMA Card Common Issues
TINY PCIe TLP Algorithm Auto-selected: - Check for secure USB connections and try different ports. - Ensure your USB cable is data-rated (not charging-only).
Reference
- https://github.com/Cr4sh/zc_pcie_dma
- https://www.linkedin.com/pulse/pci-express-primer-3-transaction-layer-simon-southwell
- https://drive.google.com/file/d/1CECftcznLwcKDADtjpHhW13-IBHTZVXx/view
- https://www.simonrak.se/
- https://www.fpga4fun.com/PCI-Express.html
- https://ctf.re/windows/kernel/pcie/tutorial/2023/02/14/pcie-part-1/
- https://ctf.re/kernel/pcie/tutorial/dma/mmio/tlp/2024/03/26/pcie-part-2/
- https://ctf.re/pcie/experiment/linux/keysight/protocol-analyzer/2024/03/26/pcie-experiment-1/
- https://github.com/kilmu1337/DMA-FIRMWARE/tree/main
- https://github.com/Silverr12/DMA-CFW-Guide/tree/main
- https://dma.lystic.dev/anticheat-evasion/clearing-device-history
Tools
- TeleScan password is βphoenixβ
- Firmware Flash Tool xc7a75t (75t) password is βphoenixβ
Video Walk Through
Examples
- https://github.com/ekknod/pcileech-wifi
- https://github.com/yxlnqs/diviner-full-emu-v2
- https://github.com/ClincyJones/RTL8191SE
- https://github.com/ufrisk/pcileech-fpga
Testing Firmware
There are several ways we can check to see if our custom firmware is properly working.
- On the PC with the DMA card open Device Manager then navigate to the section that the DMA card is trying to emulate. Check to see if there is a yellow caution sign next to the device. This describes if the device is not working as intended. This can be caused by a number of reasons such as the device driver cant communicate to the PCIe card.
- Use drvscan. This tool performs numerous checks such as:
- PCIleech defaults
- Device Driver cant communicate to the PCIe device
- Attempting to read and write the the PCIe device config space
- Using emuscan This tool does not provide the source code so I would be weary of executing this on your system.
Also Check Out:
- PLACEHOLDER