Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thunderbolt issue #256

Open
und3ath opened this issue Aug 20, 2023 · 3 comments
Open

Thunderbolt issue #256

und3ath opened this issue Aug 20, 2023 · 3 comments

Comments

@und3ath
Copy link

und3ath commented Aug 20, 2023

Context: hp laptop with vt-d, vbs, kernel dma etc

I have successfully read dma through the pci, (a lot of unreadable pages which is normal with vt-d)

If I do the same thing with thunderbolt (no security at the thunderbolt level, my pci device is present once the session is open), If I read outside physical ranges, I get a blue screen or the pc freeze which is normal. But if i stay in the physical range 100% of the pages read fail and sometime the pc freez or get a bsod too .

It is normal ?
@ufrisk
Copy link
Owner

ufrisk commented Aug 20, 2023

Thunderbolt is quite well secured by default. But you indicate that you changed some settings. Also, Windows 11 employs a few protection techniques when the computer is locked in addition to the ones you mention.

On a freshly booted (not rebooted) and unlocked target system does the command below work and display some memory?

pcileech.exe display -min 0x1000 -device fpga -v

Also, if you run some custom firmware this may be causing issues. I don't think it should be an issue of it works thru PCIe ports tho. But you can also try (on a freshly booted system):

pcileech.exe display -min 0x1000 -device fpga://algo=1 -v

Please let me know how it goes, if you have any success or if you're still having issues.

@und3ath
Copy link
Author

und3ath commented Aug 22, 2023
edited
Loading

Hello, i have a leetdma but i have flashed the pcieSquirrel firmware .

The thunderbolt adapter is a wikingoo egpu ( seen as TB4 Home in the thunderbolt app ) and the leetdma is shown as an ethernet adapter in the device tree ( just changed id in vivado before compiling )

On a fresh boot, after unlocking the session:

#######################################################

pcileech.exe display -min 0x1000 -device fpga -v

DEVICE: FPGA: ScreamerM2 PCIe gen2 x1 [300,25,500] [v4.12,0e00] [ASYNC,NORM]
Memory Display: Failed reading memory at address: 0x0000000000001000.

#######################################################

pcileech.exe display -min 0x1000 -device fpga://algo=1 -v

DEVICE: FPGA: ScreamerM2 PCIe gen2 x1 [300,25,500] [v4.12,0e00] [ASYNC,TINY]
Memory Display: Failed reading memory at address: 0x0000000000001000.

@ufrisk
Copy link
Owner

ufrisk commented Aug 22, 2023

It seems like communicating with the device works fine, but DMA is not working.

Ensure Thunderbolt security mode is set to no security / legacy in BIOS settings. Also if you have some extra Thunderbolt controller software installed you may need to disable it here as well.
Ensure IOMMU / VT-d is disabled in BIOS settings.
Ensure Windows is booted and you're logged in (i.e. the computer is unlocked).

On a freshly booted (and logged on unlocked state) try: pcileech.exe display -min 0x1000 -device fpga://algo=1 -v

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@und3ath @ufrisk