ufrisk / pcileech-fpga Goto Github PK
View Code? Open in Web Editor NEWFPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software
FPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software
VmmProc doesn't work for me. Like I can read memory, probe succesfully, do everything. But VmmProc never seems to Initialize. At all.. :(
anybody have any tips. there isn't much to show as it just gets stuck on vmmproc.
How would I do this? I ordered the card so while im waiting for it Im wondering hoe could I do this? Is the Pci Screamer fast enough for that?
Hello,
I am trying to get the pciescreamer r02 to work. I flashed it with the precompiled Pcileech software correctly i think, because when i press the control button the led lights up, also it gets successfully detected at the target system. I then connect it to another System, from which I use the command pcileech.exe probe, but its not working. it starts reading but 100% of the Reads are Errors. It looks like this: https://i.imgur.com/abBQxx6.png.
Things i tried:
Detected on Target System:
https://i.imgur.com/DVCjmqR.png
I hope someone can help me.
I noticed today important stabilities issue with my pciescreamer card.
I already had some problems with it but today it just got worst ; Like failing all the time at retrieving process id or even on initialization ; Losing link after 10 minutes. I needed many reboots and plug/unplug sessions to get it back 'alive'.
My card is connected on a m.2 to pcie adaptator, which is connected on a 12V line from the PSU for the power part.
I am trying to find out how to fix this stability problem.
Does someone know if plugging the external power of the pciescreamer card would help stability in my case ?
Or is that my card or m.2 to adaptator that is defective/not good enough ?
Any other idea ?
I have sometimes used it for hours and hardly had any problem, so I guess something can be done about it ?
Conceptually, Is there any reason that this couldn't be ported to work with the NeTV2? https://www.crowdsupply.com/alphamax/netv2
FPGA: Xilinx XC7A35T-2FGG484
On-board RAM: 512 MBytes, 32-bit wide DDR3-800
Video Ports: 2 x HDMI type A inputs, 1 x HDMI type A output, 1 x HDMI type D output. One input/output pair configured for in-line ‘NeTV mode’ video filtering.
Max Video Bandwidth: 1920 x 1080 @ 60 Hz
Developer I/O: PCI-express 2.0 x4 with “hax” GPIO extensions on optional/unused pins, 100Base-T ethernet, micro-USB, microSD, JTAG
Power: Either 12 VDC via barrel jack, or 12 VDC via PCI-express; 10 W max operating power
SBC: Optional Raspberry Pi 3B+ for seamless JTAG configuration and overlay video generation
HDL: Optimized for migen/LiteX Python-based hardware description language
Dimensions: 160 mm x 120 mm x 51 mm (optional plastic case outer dimensions)
So trying to flash this, using the mega download link https://mega.nz/#!VCBgzZZA!kTgM-J5OM9sv0r4TraetLpOrKxisFQ9RsTIOaoKnGN8. Seems to flash fine (see below). However, power cycling still only shows the red power led. No green leds light up, even when pressing the 'test' button.
plasma pcileech_pciescreamer_3_0_bin # openocd -f flash_screamer.cfg
Open On-Chip Debugger 0.10.0+dev-00299-g6d390e1b-dirty (2018-02-16-15:39)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
none separate
Info : auto-selecting first available session transport "jtag". To override use 'transport select <transport>'.
adapter speed: 10000 kHz
Info : ftdi: if you experience problems at higher adapter clocks, try the command "ftdi_tdo_sample_edge falling"
Info : clock speed 10000 kHz
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
Info : Listening on port 3333 for gdb connections
loaded file bscan_spi_xc7a35t.bit to pld device 0 in 0s 220303us
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
flash 'jtagspi' found at 0x00000000
auto erase enabled
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : sector 0 took 118 ms
Info : sector 1 took 115 ms
Info : sector 2 took 116 ms
Info : sector 3 took 116 ms
Info : sector 4 took 117 ms
Info : sector 5 took 115 ms
Info : sector 6 took 116 ms
Info : sector 7 took 115 ms
Info : sector 8 took 117 ms
Info : sector 9 took 115 ms
Info : sector 10 took 116 ms
Info : sector 11 took 116 ms
Info : sector 12 took 114 ms
Info : sector 13 took 115 ms
Info : sector 14 took 116 ms
Info : sector 15 took 118 ms
Info : sector 16 took 117 ms
Info : sector 17 took 114 ms
Info : sector 18 took 114 ms
Info : sector 19 took 115 ms
Info : sector 20 took 115 ms
Info : sector 21 took 119 ms
Info : sector 22 took 113 ms
Info : sector 23 took 115 ms
wrote 1572864 bytes from file pcileech_pciescreamer_top.bin in 13.739050s (111.798 KiB/s)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
read 1507868 bytes from file pcileech_pciescreamer_top.bin and flash bank 0 at offset 0x00000000 in 1.357913s (1084.405 KiB/s)
contents match
shutdown command invoked
We have tried two bscan_spi_xc7a35t.bit
files. The one at https://github.com/enjoy-digital/pcie_injector didn't work for us, the one available from https://github.com/jordens/bscan_spi_bitstreams worked for us.
plasma pcileech_pciescreamer_3_0_bin # sha1sum *.bi*
3267adbe1c288a4588b50bdd85025252c28f5eef bscan_spi_xc7a35t.bit
2115cc2b19d54616871df7f3599d6ebdc38eeb34 pcileech_pciescreamer_top.bin
Tried flashing both with a 5v power supply and power via PCIe.
I try to connect with pcileech but im getting "Unable to connect to USB/FT601 device"
Hello,
is it possible to get the PEB Base address for a prccess?
Thanks
D:\pcileech_files>pcileech dump -min 0x0010000 -max 0x8000000
Current Action: Dumping memory
Access Mode: Normal
Progress: 127 / 127 (100%)
Speed: 2015 kB/s
Address: 0x0000000008000000
Pages read: 32656 / 32752 (99%)
Pages failed: 96 (0%)
using: pcileech_sp605_ft601_2_2_1.mcs
i tried every slot.
i put also the card directly in the slots and that had the same results.
mainboard = https://www.asus.com/Motherboards/ROG-RAMPAGE-VI-EXTREME/specifications/
cpu = i9-7940x
ft601 driver installed plugged in to usb3 tried almost every slot.
I noticed before one of the LED's would show the USB traffic, made it easy to see if the card was actually doing something, now it's just permanently on with the new bitstream.
I saw you commented that this could be used to bypass anti cheats. However, is this viable, considering I can’t imagine finding the values within memory would be particularly quick. Say at physical memory 0x0040377426 is the value of if local player is in the air. Sure reading this value: dump 0x0040377426 0x0040377426 + sizeof(bool) or however the command is done. However, getting the physical address in the first place seems to be where I imagine it would be slow. Unless you have a driver on the host to convert virtual to physical.
How would you suggest to do this? Also for a Windows 10 target and I’d ideally use a Linux attacker.
Thunderbolt to pcie express -> PCIe express to PCIe -> fpga board -> raspberry pi or another smaller computer. Or even change up the code for the fpga board so no attacked is required and the processing is done via the fpga.
Would the pciescreamer be stable enough for this or not really. Thanks!
Thanks!
Nvm
Hello,
I have been using pcileech with a R01, sticking to the v3.2 firmware was for me the best choice as I was suffering performance/stuterring with the 3.4 dram optimized version.
I was wondering what kind of performance improvement I would/could get by moving to a R02 card and the v3.4 ?
With my current installation I don't suffer much of connection errors anymore (still some sometimes tho), I read the r02 essentially fixes these. Is that like a perfect fix or is it just a bit better than r01 ?
Note. I know you are not the pciescreamer manufacturer, I am more like asking your point of view on the r02 version with your software :-)
First of all, thanks for contributing so much to the Community. I ran into a problem while flashing on ubuntu
i use the JTAG-Serial from Lambdaconcept with OPENOCD but it stops working in the jtagspi.cfg with:
Info : auto-selecting first available session transport "jtag". To override use 'transport select <transport>'. Error: 'jtagspi' driver rejected flash bank at 0x00000000; usage: (null) flash bank bank_id driver_name base_address size_bytes chip_width_bytes bus_width_bytes target [driver_options ...] flash banks flash list mflash bank soc_type base_addr pin_id target
Can you guide me in the right direction? Everything should be connected correctly and the LD3 is green
Thank you very much!
Trying to flash prebuilt binary.
Warn : device needs paging or 4-byte addresses - not implemented
read 1512368 bytes from file pcileech_pciescreamer_top.bin and flash bank 0 at offset 0x00000000 in 1.315813s (1122.441 KiB/s)
contents differ
diff 0 address 0x00000085. Was 0x10 instead of 0x30
diff 1 address 0x0000009f. Was 0x01 instead of 0x13
diff 2 address 0x000000a0. Was 0x20 instead of 0x30
diff 3 address 0x000000a2. Was 0x00 instead of 0x80
diff 4 address 0x000000a3. Was 0x00 instead of 0x01
diff 5 address 0x000000a7. Was 0x01 instead of 0x09
diff 6 address 0x000000a8. Was 0x00 instead of 0x20
diff 7 address 0x000000ae. Was 0x80 instead of 0xc0
diff 8 address 0x000000b6. Was 0x80 instead of 0xa0
diff 9 address 0x000000ba. Was 0x00 instead of 0x05
....
diff 122 address 0x00000874. Was 0x00 instead of 0x30
diff 123 address 0x00000876. Was 0x00 instead of 0x20
diff 124 address 0x00000877. Was 0x00 instead of 0x01
diff 125 address 0x0000087b. Was 0x00 instead of 0x24
diff 126 address 0x0000087c. Was 0x00 instead of 0x30
diff 127 address 0x0000087d. Was 0x00 instead of 0x01
More than 128 errors, the rest are not printed.
anybody knows how to fix this? Using openocd on Ubuntu 18.04.
Test in Thinkpad T440s, modify the device Id as it's self wireless lan card device id.
I can launch the Windows 7 system, but cannot read any memory
What problem maybe?
I recently decided to mess with X.M.P/Ram speeds and i noticed the FPGA stops working if i changed the ram speed to anything above 2700mhz.
Everything works fine with these ram speeds:
2133mhz (Default speed)
2666mhz
2700mhz2800mhz - The FPGA is not detected in Windows at all and reading memory doesn't work
3200mhz (X.M.P) - Nothing works.
Even with X.M.P Off, just manually choosing 2800mhz, nothing works at all.
I also tried different PCI-E slots and extension cables with the same result.
I'm wondering if I'm the only one having this issue or what ?
my setup is:
FPGA: AC701/FT601 (Bitstream 4.2, 4.0)
OS: Windows 10 / Build 1903
RAM: 32 GB DDR4 (Default Speed 2133mhz, X.M.P = 3200mhz)
CPU: Intel i9-9900K (default clocks)
When trying to build the pciescreamer xpr file I get an error after 1-2 minutes
CRITICAL WARNING: [filemgmt 20-1673] Unlinking is not permitted for the source file: 'c:/pcileech-fpga-master/pciescreamer/pciescreamer/pciescreamer.srcs/sources_1/bd/pcileech_vfifo/pcileech_vfifo.bd'
I suppose the build is not completely done? Although I can open the project in Vivado...
Hello,
Somebody can tell me how its possbile to spoorf/change the Vendor (Manufacturer) ID / Device ID of a pciescreamer?
Hello,
I want to know if there is a scanning on the target computer. Which traces can they find?
Like I already changed the device/vendor id so it looks like a complete other device.
ps: is it possible to make it look like a 1080 gtx (if you have already one to look like a SLI setup
Are there any other traces in the memory of the target they know there is a pciscreamer in the PCIE slot?
I'm using PCIeScreamer with the pre-built pcileech_pciescreamer.bin binary flashed, however, the PCI device is never detected on my target. I've booted the target into Windows 10 (device manager doesn't list the Xilinx Ethernet Adapter with Device ID 0x0666), also tried booting the target to Linux but lspci doesn't show anything new either when diff'ing.
Executing pcileech probe
shows:
PCILEECH: Failed to connect to the device.
Which is generated on line 262 at https://github.com/ufrisk/pcileech/blob/master/pcileech/pcileech.c
The PCIeScreamer is directly inserted into the PCIe 1x slot. Only the power and LD1 is lit on the board:
Flashing output:
user@PWarn3r:~/pcileech_pciescreamer_3_0$ /usr/local/bin/openocd -f flash_screamer.cfg
Open On-Chip Debugger 0.10.0+dev-g6f700d2 (2018-03-14-17:11)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
none separate
Info : auto-selecting first available session transport "jtag". To override use 'transport select <transport>'.
adapter speed: 10000 kHz
Info : ftdi: if you experience problems at higher adapter clocks, try the command "ftdi_tdo_sample_edge falling"
Info : clock speed 10000 kHz
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
Info : Listening on port 3333 for gdb connections
loaded file bscan_spi_xc7a35t.bit to pld device 0 in 0s 227356us
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
flash 'jtagspi' found at 0x00000000
auto erase enabled
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Info : sector 0 took 121 ms
Info : sector 1 took 120 ms
Info : sector 2 took 120 ms
Info : sector 3 took 118 ms
Info : sector 4 took 120 ms
Info : sector 5 took 120 ms
Info : sector 6 took 120 ms
Info : sector 7 took 120 ms
Info : sector 8 took 121 ms
Info : sector 9 took 122 ms
Info : sector 10 took 122 ms
Info : sector 11 took 122 ms
Info : sector 12 took 123 ms
Info : sector 13 took 124 ms
Info : sector 14 took 120 ms
Info : sector 15 took 119 ms
Info : sector 16 took 122 ms
Info : sector 17 took 120 ms
Info : sector 18 took 124 ms
Info : sector 19 took 120 ms
Info : sector 20 took 124 ms
Info : sector 21 took 122 ms
Info : sector 22 took 120 ms
Info : sector 23 took 123 ms
wrote 1572864 bytes from file pcileech_pciescreamer_top.bin in 75.291397s (20.401 KiB/s)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
read 1507868 bytes from file pcileech_pciescreamer_top.bin and flash bank 0 at offset 0x00000000 in 1.693188s (869.677 KiB/s)
contents match
shutdown command invoked
I've tried:
Does anyone have a suggesting where I could look next? Could my device be broken even though I never used it before?
I'm using PCIeScreamer v1 and haven't used for like half a year. Everything was fine back then but now I get this strange error: FPGA: ERROR: Unable to load FTD3XX.DLL [0,v0.0,0000]. Windows also don't detect the PCIeScreamer device with 0x0666.
Also flashed the device with old pre-binaries v3.2 and the new ones. Nothing works. FTD3XX.DLL is in the same map as pcileech.exe. LED is flashing while holding down the button on the PCIeScreamer, so I don't think that flashing is the problem.
Booted-up my pc and changed pcie slots like 100 times. I still have the same PC as when it worked so it is really strange..
you think my device is broken?
Hello,
Does PCILeech support VC709 development board?
Where's the best place to build this? I get this error building from Downloads
......
Started : "Synthesize - XST".
ERROR: Unable to create temporary directory /FPGA_PROJECTS/sp605_ft601_v2/xst/projnav.tmp
Reason: can't create directory "/FPGA_PROJECTS": permission denied
Running xst...
Command Line: xst -intstyle ise -ifn "/home/ise/Downloads/pcileech-fpga-master/sp605_ft601/pcileech_top.xst" -ofn "/home/ise/Downloads/pcileech-fpga-master/sp605_ft601/pcileech_top.syr"
Reading design: pcileech_top.prj
ERROR:Xst:439 - No write access in ../../../../../FPGA_PROJECTS/sp605_ft601_v2/xst/projnav.tmp/
Release 14.7 - Promgen P.20160913 (lin64)
Copyright (c) 1995-2013 Xilinx, Inc. All rights reserved.
ERROR:Bitstream:51 - Unable to read file "pcileech_top.bit". Either the
specified directory path does not exist or the file does not have readable
permissions.
ERROR:Bitstream:53 - Missing or invalid bit files found after the -u option.
[ise@localhost sp605_ft601]$
Thanks
new PCIe Screamer R02 connected to PCIe extension cable will work OK?
Because I not have much money, so I want to verify before I purchase one.
THX!
Hi,
I tried to build the pcileech_fpga firmware for the PCIescreamer board. I've updated my very old Vivado installation to 2018.3 (which is the current version) and it fails to build the project with the following error:
ERROR: [BD 5-216] VLNV <xilinx.com:ip:mig_7series:4.1> is not supported for the current part. The latest supported version for this part is:4.2
The attached patch fix the issue for me but obviously because of the s/4.1/4.2/ it won't build with older Vivado versions (MIG has been updated to 4.2 in Vivado 2018.3). I don't know enough about Vivado to know if there are other/better ways.
I've made a patch (commit d11cf7b at https://github.com/yaperez-anssi/pcileech-fpga/tree/vivado-2018.3) but I'm not sure it makes sense to submit a pull request. I mainly open the issue to document the problem for other users.
Do you have Telegram or such I have multiple questions to ask.
On version 4.4 and onwards (respective leechcore and vmm versions), even with latest bitstream, on SP605, I cannot use pcileech. I trace the issue to here:
if(!ctx->wDeviceId) {
szDeviceError = "Unable to retrieve required Device PCIe ID";
goto fail;
}
I can't think of any legitimate reason. There is zero difference, version 4.3 (and leechcore/vmm libs from december 2019) works perfect but new versions from 2020 onwards are totally broken. It doesn't make a difference whether I'm interacting with pcileech itself of using the vmm/leechcore API.
I have latest FTDI dll too.
My friend has asked me to look at this, but i use the sp605 so i don't have a clue.
Does this look like an ok flash? The "warn" near the top is a worry..
If it all looks ok, which button can he press to test all is ok?
Open On-Chip Debugger 0.10.0+dev-00653-g167cff09-dirty (2019-01-16-13:43)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
none separate
Info : auto-selecting first available session transport "jtag". To override use 'transport select '.
adapter speed: 10000 kHz
Info : ftdi: if you experience problems at higher adapter clocks, try the command "ftdi_tdo_sample_edge falling"
Info : clock speed 10000 kHz
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
loaded file bscan_spi_xc7a35t.bit to pld device 0 in 0s 229207us
Info : JTAG tap: xc7.tap tap/device found: 0x0362d093 (mfg: 0x049 (Xilinx), part: 0x362d, ver: 0x0)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Warn : device needs paging or 4-byte addresses - not implemented
flash 'jtagspi' found at 0x00000000
auto erase enabled
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Warn : device needs paging or 4-byte addresses - not implemented
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Warn : device needs paging or 4-byte addresses - not implemented
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Warn : device needs paging or 4-byte addresses - not implemented
Info : sector 0 took 119 ms
Info : sector 1 took 124 ms
Info : sector 2 took 122 ms
Info : sector 3 took 118 ms
Info : sector 4 took 117 ms
Info : sector 5 took 119 ms
Info : sector 6 took 119 ms
Info : sector 7 took 119 ms
Info : sector 8 took 121 ms
Info : sector 9 took 118 ms
Info : sector 10 took 118 ms
Info : sector 11 took 117 ms
Info : sector 12 took 116 ms
Info : sector 13 took 120 ms
Info : sector 14 took 119 ms
Info : sector 15 took 119 ms
Info : sector 16 took 117 ms
Info : sector 17 took 119 ms
Info : sector 18 took 117 ms
Info : sector 19 took 119 ms
wrote 1310720 bytes from file pcileech_pciescreamer_top.bin in 16.316063s (78.450 KiB/s)
Info : Found flash device 'micron n25q256 3v' (ID 0x0019ba20)
Warn : device needs paging or 4-byte addresses - not implemented
read 1252128 bytes from file pcileech_pciescreamer_top.bin and flash bank 0 at offset 0x00000000 in 1.156874s (1056.970 KiB/s)
contents match
shutdown command invoked
Thanks
I try to flash FPGA SP605-FT601 flash use ISE Design Suite with pcileech.mcs version 2.0 successfully, but flash with pcileech.mcs version 2.2 not successfully. What's wrong?
The flash print log show as follows:
Hi, I'm quite new to this and would greatly appreciate any advice or guidance! So I'm facing an error trying to flash the PCIeScreamer card. I'm not sure if it's due to incorrectly following the steps on http://blog.lambdaconcept.com/doku.php?id=products:pcie_screamer or if it's something wrong with how I connected the hardware.
The error i'm facing upon executing the command: openocd -f flash_screamer.cfg
is
Error: The specified debug interface was not found (ftdi).
The following debug interfaces are available:
1: jlink
Here is what I've done so far, as per the lambdaconcept blog instructions:
openocd -f flash_screamer.cfg
and the error occursHere is how I've connected the hardware:
JTAG Adapter connected to JTAGSerial Programmer board with the 6 wires jumper cable
JTAGSerial Programmer board is attached to the PC via USB
Both of them are connected similar to the picture below, but I'm afraid of pushing the 6 wire jumper cable all the way in, lest it spoils:
JTAGSerial Programmer board connected to PCIeScreamer card via the JTAG Adapter
PCIeScreamer card is inserted and powered via the PCIe slot
Also, LD1 has no light, LD2 is blinking and LD3 is lit up
Pressing the test button SW3 has no visible effect
Hello, so I think I have successfully flashed my screamer.
LD1 and LD3 are green.
When I run this on my windows machine I get the following errors;
pcileech kmdload -kmd win10_x64 -device fpga -v
FPGA: ERROR: Unable to retrieve required Device PCIe ID [0,v0.0,0000]
PCILEECH: Failed to connect to the device.
Also, I'm having trouble seeing my device in bios, when I update my bios I can see it but after a reboot or two it disappears.
When I unplug everything and plug it back I can see my device in device manager but after a reboot it's gone.
I've made openocd work with my windows aswell now, looks like this when flashing;
Best regards.
Hi,
I have just purchased the SP605 and have flashed the hardware with your pre built binary.
My windows 10 machine when plugged into the SP605 via the FDTI module will not connect to the board.
Error :
PCILEECH : Failed to connect to the device.
Any thoughts?
Thank you
Can I use pcileech-fpga in FPGA SP605 SDCard? Xilinx FPGA SP605 can flash a linux boot image in its SDCard and boot from the image. But I think I need modify some code such as communicate with another device rather than FT601. So what's your advise? THX
I bought the AC701 which is a pcie 2 / x4 connection, I believe. Can I make a 'bad' decision buying something off Amazon?
Be fine? Or:
I'm sorry to ask such a trivial question.
Ulf,
Sorry to be a bother.
I now have two SlotScreamers in my system. Both programmed, both showing up.
How do I specify which of the two to use on the command line?
Here they are physically:
lsusb |grep 601f
Bus 002 Device 005: ID 0403:601f Future Technology Devices International, Ltd
Bus 001 Device 003: ID 0403:601f Future Technology Devices International, Ltd
lspci |grep -i xi
0e:00.0 Ethernet controller: Xilinx Corporation Device 0666 (rev 02)
19:00.0 Ethernet controller: Xilinx Corporation Device 0666 (rev 02)
I guess I'm asking for the syntax for the -device flag. I've browsed your forum but haven't hit on it yet.
Thanks again,
Vince
I know firewire is old school and limited to 32 bit addressing, but these cards are going for really cheap on ebay, aliexpress, etc. A lot of the cards that are compatible with pcileech are simply not readily available or quite expensive in general. Ever thought of supporting legacy 1394? Amazing work BTW!
Fixed.
How many volts are the external power supply for your PCIeScreamer
I used 12v 1.5A ,i think it just to Flash
When I insert PCIeScreamer into my transferdevice(PCIE to ExpressCard) and insert ExpressCard to target computer.
LD2 never light,target computer can't detect Ethernet Adapter
this is my device
I am trying to use PCILeech with NeTV2. I flashed the fpga and inserted it into PCIe port. I am using the an Ethernet cable to connect the fpga board to my computer. The PCI status light is green and the ETH status is blinking red. I can ping the board:
\PCILeech_files_and_binaries_v4.4-20200316>ping 192.168.0.222
Pinging 192.168.0.222 with 32 bytes of data:
Reply from 192.168.0.222: bytes=32 time<1ms TTL=128
Reply from 192.168.0.222: bytes=32 time<1ms TTL=128
Reply from 192.168.0.222: bytes=32 time<1ms TTL=128
However, when I try to dump by pcileech I get this error.
D:\netv2\PCILeech_files_and_binaries_v4.4-20200316>pcileech.exe dump -device rawudp://ip=192.168.0.222 -v
DEVICE: FPGA: ERROR: Unable to retrieve required Device PCIe ID [5,v4.2,0000]
PCILEECH: Failed to connect to the device.
D:\argus\netv2\PCILeech_files_and_binaries_v4.4-20200316>pcileech.exe dump -device rawudp://ip=192.168.0.222 -vv
----- FPGA DEVICE CONFIG REGISTERS: CORE-READ-ONLY SIZE: 34 BYTES -----
0000 89 ab 00 00 22 00 00 00 04 02 05 00 00 00 00 00 ...."...........
0010 1f 7c fc 91 39 00 00 00 33 7c fc 91 39 00 00 00 .|..9...3|..9...
0020 00 00 ..
----- FPGA DEVICE CONFIG REGISTERS: CORE-READ-WRITE SIZE: 30 BYTES -----
0000 cd ef 04 00 1e 00 00 00 a0 86 01 00 00 00 00 00 ................
0010 ee 10 07 00 ee 10 66 06 02 3c 00 00 00 00 ......f..<....
----- FPGA DEVICE CONFIG REGISTERS: PCIE-READ-ONLY SIZE: 48 BYTES -----
0000 01 23 00 00 30 00 00 00 00 00 19 08 24 00 00 00 .#..0.......$...
0010 00 00 11 10 00 00 00 02 10 29 00 00 00 00 00 00 .........)......
0020 11 10 00 00 1d 7f 00 00 00 00 00 00 00 00 00 00 ..... ..........
----- FPGA DEVICE CONFIG REGISTERS: PCIE-READ-WRITE SIZE: 84 BYTES -----
0000 45 67 00 f0 54 00 00 00 35 0a 00 01 01 00 00 00 Eg..T...5.......
0010 00 00 00 00 00 f0 48 00 00 00 00 0e 00 00 00 00 ......H.........
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 ....
----- PCIe CORE Dynamic Reconfiguration Port (DRP) SIZE: 0x100 BYTES -----
0000 00 00 00 01 00 02 00 00 00 00 00 00 00 00 f0 00 ................
0010 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 ...........@....
0030 00 00 09 02 30 00 21 7f 02 00 01 00 00 03 11 0c ....0.! ........
0040 02 a1 00 43 01 00 1f fd 7f ff 09 ff 01 20 01 48 ...C.... .... .H
0050 00 05 01 60 11 9c 00 00 00 00 00 00 00 00 00 00 ...`............
0060 00 00 10 60 00 02 40 21 00 40 3d 48 00 23 00 00 ...`..@!.@=H.#..
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 15 00 01 ................
0080 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 ................
0090 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 02 00 00 12 34 10 18 .............4..
00b0 00 0b 00 01 00 11 00 00 00 00 00 00 00 01 00 00 ................
00c0 00 28 00 41 ff ff ff ff 00 e0 00 00 80 08 00 22 .(.A..........."
00d0 03 ff 01 72 02 48 00 08 00 20 0e 04 fa ac 00 00 ...r.H... ......
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
----- PCIe CONFIGURATION SPACE (no user set values) SIZE: 0x200 BYTES -----
0000 ee 10 66 06 00 00 10 00 02 00 00 02 00 00 00 00 ..f.............
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020 00 00 00 00 00 00 00 00 00 00 00 00 ee 10 07 00 ................
0030 00 00 00 00 40 00 00 00 00 00 00 00 ff 01 00 00 ....@...........
0040 01 48 03 78 08 00 00 00 05 60 80 00 00 00 00 00 .H.x.....`......
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060 10 00 02 00 e1 8f 00 00 10 29 00 00 12 f4 03 00 .........)......
0070 00 00 11 10 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
0090 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0100 03 00 c1 10 35 0a 00 01 01 00 00 00 00 00 00 00 ....5...........
0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
PCILEECH: Failed to connect to the device.
I tried restarting the computer few times, but it didn't help. When I look into my BIOS, it shows the slot as empty and I can't find Xilinx Ethernet Adapter with Device ID 0x0666 in my target Windows. Am I missing a step to detect the board by the target computer? any suggestion how I can debug this?
Ulf,
I have my R02 PCIeScreamer up and running and I can do memory dumps and get good data so I think things are working properly.
Sorry to be a bother, but I'm having a problem understanding how to receive TLPs and data.
My goal is to be able to send an receive raw TLPs.
I read lots of the information in your forum, but I'm stumped with how to read (and show) the TLPs coming in. Your "dump" command does it fine, so I know the hardware and SW are capable.
I want to issue (for example) the TLP for a MRd32 exactly like your dump command does below.
I send this command:
./pcileech tlp -vvv -vvv -in 000000200e0080ff00000000
There is a pause for 15 seconds then I get just the outbound TX: tlp, no receive.
TLP: Transmitting PCIe TLP. (use -vvv option for detailed info).
TX: MRd32: Len: 020 ReqID: 0e00 BE_FL: ff Tag: 80 Addr: 00000000
0000 00 00 00 20 0e 00 80 ff 00 00 00 00 ... ........
./pcileech -vvv dump -min 0x0 -max 0x8000 -force -out mem.dmp
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 80 Addr: 00000000
0000 00 00 00 00 0e 00 80 ff 00 00 00 00 ............
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 81 Addr: 00001000
0000 00 00 00 00 0e 00 81 ff 00 00 10 00 ............
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 82 Addr: 00002000
0000 00 00 00 00 0e 00 82 ff 00 00 20 00 .......... .
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 83 Addr: 00003000
0000 00 00 00 00 0e 00 83 ff 00 00 30 00 ..........0.
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 84 Addr: 00004000
0000 00 00 00 00 0e 00 84 ff 00 00 40 00 ..........@.
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 85 Addr: 00005000
0000 00 00 00 00 0e 00 85 ff 00 00 50 00 ..........P.
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 86 Addr: 00006000
0000 00 00 00 00 0e 00 86 ff 00 00 60 00 ..........`.
TX: MRd32: Len: 000 ReqID: 0e00 BE_FL: ff Tag: 87 Addr: 00007000
0000 00 00 00 00 0e 00 87 ff 00 00 70 00 ..........p.
RX: CplD: Len: 010 ReqID: 0e00 CplID: 0000 Status: 0 BC: 000 Tag: 80 LowAddr: 00
0000 4a 00 00 10 00 00 00 00 0e 00 80 00 f3 ee 00 f0 J...............
0010 f3 ee 00 f0 c3 e2 00 f0 f3 ee 00 f0 f3 ee 00 f0 ................
0020 54 ff 00 f0 4d 30 00 f0 f5 2f 00 f0 a5 fe 00 f0 T...M0.../......
0030 87 e9 00 f0 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 ................
0040 f3 ee 00 f0 57 ef 00 f0 53 ff 00 f0 ....W...S...
RX: CplD: Len: 020 ReqID: 0e00 CplID: 0000 Status: 0 BC: fc0 Tag: 80 LowAddr: 40
0000 4a 00 00 20 00 00 0f c0 0e 00 80 40 60 0b 00 c0 J.. .......@`...
0010 4d f8 00 f0 41 f8 00 f0 30 71 00 f0 39 e7 00 f0 M...A...0q..9...
0020 34 01 00 e8 2e e8 00 f0 d2 ef 00 f0 00 e0 00 f0 4...............
0030 f2 e6 00 f0 6e fe 00 f0 53 ff 00 f0 53 ff 00 f0 ....n...S...S...
0040 a4 f0 00 f0 c7 ef 00 f0 20 35 00 c0 f3 ee 00 f0 ........ 5......
0050 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 ................
0060 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 ................
0070 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 ................
0080 f3 ee 00 f0 f3 ee 00 f0 f3 ee 00 f0 ............
Hi,
I can't seem to be able to generate the 3.3 version.
I have various error messages like :
[Synth 8-448] named port connection 'DDR3_0_addr' does not exist for instance 'i_pcileech_vfifo' of module 'pcileech_vfifo' ["..../pciescreamer/pciescreamer.srcs/sources_1/imports/pciescreamer/src/pcileech_vfifo_ctl.v":63]
Through the build process you indicate, the error is the following :
Hdl Generation failed for the IP Integrator design ..../pciescreamer/pciescreamer.srcs/sources_1/bd/pcileech_vfifo/pcileech_vfifo.bd
Windows 10 is unable to detect my xilinx ethernet adapter. I only have a "Ethernet-controller" with:
Device PCI\VEN_10EE&DEV_0666&SUBSYS_000710EE&REV_02\0000000101000A3500 requires further installation.
It also won't let me change the deviceID etc. Followed all the steps and re-building takes so many time. So any help would be appreciated
Hi @ufrisk ,
first of all, i really appreciate your great work!
Did you manage to get hot plugging to work with the AC701 / FT601 PCIe FPGA device?
I tried several workstations (Dell Optiplex 7010, Dell Precision T3500) and servers (Dell PowerEdge R820, Dell PowerEdge R610) with various pcie slots and different extension cables, but hot plug does not work.
> .\pcileech.exe -v -vv -device fpga:// probe
DEVICE: FPGA: ERROR: Unable to retrieve required Device PCIe ID [2,v4.1,0000]
PCILEECH: Failed to connect to the device.
However, when i try to boot the system with the FPGA device already installed, everything is alright:
> .\pcileech.exe -v -vv -device fpga:// probe
DEVICE: FPGA: AC701 / FT601 PCIe gen2 x1 [300,0,500] [v4.1,0200]
----- FPGA DEVICE CONFIG REGISTERS: CORE-READ-ONLY SIZE: 34 BYTES -----
0000 89 ab 00 00 22 00 00 00 04 01 02 00 00 00 00 00 ...."...........
0010 a3 8b 80 07 1d 00 00 00 a5 8b 80 07 1d 00 00 00 ................
0020 00 00 ..
----- FPGA DEVICE CONFIG REGISTERS: CORE-READ-WRITE SIZE: 30 BYTES -----
0000 cd ef 04 00 1e 00 00 00 a0 86 01 00 00 00 00 00 ................
0010 ee 10 07 00 ee 10 66 06 02 00 00 00 00 00 ......f.......
----- FPGA DEVICE CONFIG REGISTERS: PCIE-READ-ONLY SIZE: 48 BYTES -----
0000 01 23 00 00 30 00 00 00 02 00 96 0d 5c 00 00 00 .#..0.......\...
0010 ee 10 07 00 07 01 00 04 00 28 00 00 00 00 41 00 .........(....A.
0020 12 10 00 00 1e 7f 00 00 00 00 00 00 00 00 00 00 ..... ..........
----- FPGA DEVICE CONFIG REGISTERS: PCIE-READ-WRITE SIZE: 84 BYTES -----
0000 45 67 00 f0 54 00 00 00 35 0a 00 01 01 00 00 00 Eg..T...5.......
0010 00 00 00 00 00 f0 48 00 00 00 00 0e 00 00 00 00 ......H.........
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 00 ....
Successfully loaded LeechCore v1.5.1 Device 3
Memory Map:
START END #PAGES
0000000000000000 - 000000000009ffff 000000a0
00000000000c0000 - 00000000daffffff 000daf40
0000000100000000 - 000000041e5fffff 0031e600
Current Action: Probing Memory
Access Mode: Normal
Progress: 16870 / 16870 (100%)
Speed: 173 MB/s
Address: 0x000000041E600000
Pages read: 4167136 / 4318720 (96%)
Pages failed: 151584 (3%)
Memory Probe: Completed.
NeTV2 is based on the XC7A35T+RMII. I have a development board that is XC7A35T+RGMII. How do I support it?
thanks!
Would it be possible to use an evaluation board like this https://www.mouser.com/ds/2/690/arty_rm-1020701.pdf (Xilinx Artix-35T FPGA) with pcileech? A Spartan 6 is quite expensive for me and my use case unfortunately requires accessing 64 Bit memory. Thank you.
So more or less i was able to successfuly flash, i think?, the xc7a35t.bit, however when im on my target PC i get the infamous "Unable to retrieve required Device PCIe ID [1, v3.3, 0000]" error. ive tried generating my own bin and using the precompiled one from the screamers wiki however no bueno. Any ideas? Thanks.
Ulf,
If the dump command fails to open its -out file, looks like it frees the file anyway leading to a double free and this stack trace:
Vince
Do this command twice. Second time it will segfault.
./pcileech -vvv dump -min 0x0 -max 0x8000 -force -out mem.dmp
Memory Dump: Failed. File already exists.
*** Error in `./pcileech': double free or corruption (!prev): 0x0000000000e2f1e0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81679)[0x7fa696a40679]
/lib64/libc.so.6(fclose+0x177)[0x7fa696a2d167]
./pcileech[0x40a91c]
./pcileech[0x40aec6]
./pcileech[0x40af1f]
./pcileech[0x403a40]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fa6969e1505]
./pcileech[0x401ab9]
======= Memory map: ========
00400000-00424000 r-xp 00000000 00:29 99023389 /vba/LambdaConcept/PCILeech/pcileech/files/pcileech
00623000-00624000 r--p 00023000 00:29 99023389 /vba/LambdaConcept/PCILeech/pcileech/files/pcileech
00624000-00625000 rw-p 00024000 00:29 99023389 /vba/LambdaConcept/PCILeech/pcileech/files/pcileech
00e2c000-02e99000 rw-p 00000000 00:00 0 [heap]
7fa690000000-7fa690021000 rw-p 00000000 00:00 0
7fa690021000-7fa694000000 ---p 00000000 00:00 0
7fa6947c5000-7fa6947c6000 ---p 00000000 00:00 0
7fa6947c6000-7fa694fc6000 rw-p 00000000 00:00 0
...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.