pci screamer & pcileech, tracing completion TLP #228
Comments
|
The probe command is super aggressive and it's likely that DMA will stop working until you restart your computer (or boot it from power-off state) again. Don't use it unless you absolutely have to (especially if on an AMD system). https://github.com/ufrisk/LeechCore/wiki/Device_FPGA_AMD_Thunderbolt In the above you see that all reads in your probe failed. After a fresh boot try running If you have a success then try the TLP command. Another issue may be that you may have the wrong PCIe ReqID (3f00) in your TLP. But I'm unable to judge this, you'll see it very clearly in the display example above though. Please let me know if you have a better success with this. |
|
Thanks @ufrisk for response. Yes the ReqID was wrong earlier(attached the screenshot of BDF), I changed the requester TLP to have correct one and tried, but its the same issue.
VT-d is disabled in BIOS And another question I wanted to ask is this tool compatible with Linux env, do you want to check any piece of code for more info in pcileech & leechcore? |
|
it should work on linux as well, it's found in the releases section. this might actually be a good idea since you may get some good info about whats up if you do a dmesg (if DMA is blocked and the device tries to read). In your example PCILeech have identified ReqID 0200 (and it fail to get an answer for some unknown reason) and you specify ReqID 0100 (which is wrong? and you would never get an answer back that way). |
|
Screamer card bdf is 01:00.0 and completion TLP for single TLP read is received $ sudo ./pcileech tlp -vvv -in 00000020010080ff001ae000 [+] using FTDI device: 0403:601f (bus 1, device 3) TX: MRd32: Len: 020 ReqID: 0100 BE_FL: ff Tag: 80 Addr: 001ae000 RX: CplD: Len: 020 ReqID: 0100 CplID: 0000 Status: 0 BC: 080 Tag: 80 LowAddr: 00 I have requirement for continuously capturing completion TLP generated by screamer, kind of daemon mode $ sudo ./pcileech tlp -vvv -tlpwait 60 [+] using FTDI device: 0403:601f (bus 1, device 3)
|
|
There are two things at play here,
As far as a daemon goes, I haven't implemented anything like that in the pcileech binary, but it should be possible to do by making use of the LeechCore API - which is the backend of PCILeech. I also have a Python PIP package for LeechCore which will allow you to receive/send TLPs. BARs are not implemented though, but if you receive TLPs I guess you should be able to implement them in software - just that the latency will be terrible coz of the USB. |
|
thanks @ufrisk , I will try and go through the code and get back to you! |
|
I'm closing the issue since I never heard anything back. I'm assuming things resolved itself 👍 |
Procured pci screamer, I am trying to understand the working of the screamer card to trace PCIe TLP packets using pcileech tool, but not able to see any dump of completion TLP after invoking memory read using following command.
"pcileech.exe tlp -vvv -in 000000203f0080ff001ad000"
As I understand the pcieleech pushes the Read TLP onto the screamer and screamer responds back with TLP and that TLP is captured on usb serial port.
Is my assumption wrong?
The text was updated successfully, but these errors were encountered: