-
-
Notifications
You must be signed in to change notification settings - Fork 94
Device_FPGA
The LeechCore library supports reading memory using PCILeech FPGA PCIe to USB hardware.
Facts in short:
- Is supported on all supported platforms.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
If having issues with DMA not working fully on AMD or Thunderbolt please check out DMA on AMD and Thunderbolt.
LeechCore API:
Please specify the acquisition device type (and optionally additional configuration options) LEECHCORE_CONFIG.szDevice when calling LeechCore_Open. Most configuration options should ideally never be used and only exists for debugging purposes. Examples:
FPGA
FPGA://pciegen=1,tmread=500,tmwrite=200,deviceindex=2.
Options:
ft2232h=1 Use FT2232H and FTD2XX.DLL for USB2 connection (instead of default FT601/FTD3XX.DLL).
pciegen= PCIe generation - 2 (default) or 1 (PCIe gen1).
pcienotconnected= PCIe connection requirement: 0 = PCIe connection required (default); 1 = PCIe connection not required.
devindex= device index to open (if multiple devices exist on system).
The devindex parameter is only supported on Windows. It's ignored on Linux.
devreload= Reload bitstream / restart device: 0 = no reload (default); 1 = reload.
May sometimes unfreeze the device on AC701/ScreamerM2 devices on v4.6+ bitstreams.
readsize= max chunk read size in bytes, multiple of page (default depends on FPGA device).
readretry= number of read retries on read fail.
tmread= Read delay in uS (default depends on FPGA device); applies to old algorithm only.
tmwrite= Write delay in uS (default depends on FPGA device).
tmprobe= Probe delay in uS (default depends on FPGA device).
bdf= Override device id. Example: bdf=0x0400 sets device id to 04:00.0 regardless of actual device id.
algo= read algorithm as per below.
| # | algorithm description |
|---|---|
| 0 | async normal read (default) |
| 1 | async tiny read |
| 2 | old normal read |
| 3 | old tiny read |
| 4 | old async read |
Please note that the async algorithm is only available on Windows; Linux will fallback to the synchronous "old" algorithm automatically.
PCILeech / MemProcFS:
Please specify the device type in the -device option.
Examples:
-device FPGA
-device FPGA://devreload=1,algo=1
-device FPGA://pciegen=1,algo=2,tmread=300,tmwrite=300,tmprobe=300
Requires the FPGA hardware which is connected to the target computer over PCIe and to the analysis computer over USB.
FTDI drivers have to be installed if FPGA is used on Windows.
Download the 64-bit FTD3XX.dll from FTDI and place it alongside leechcore.dll.
If using the FT2232H instead of the FT601 please download D2XX drivers from ftdichip.
Requires the driver leechcore_ft601_driver_linux from the LeechCore-plugins project. Place leechcore_ft601_driver_linux.so alongside leechcore.so. This driver is pre-packaged together with the binary release distribution of LeechCore. Also requires libusb (apt-get install libusb-1.0-0) and access to the usb device (permission change or run as root may be required) alternatively a Kernel Driver provided by LambdaConcept. The leechcore_ft601_driver_linux
driver will automatically attempt to locate the kernel driver before using libusb.
If using the FT2232H instead of the FT601 please download D2XX drivers from ftdichip.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖