This is a Python service relaying read and write queries from PCILeech to an HP iLO4 device flashed with a modified firmware.
Practical DMA attack on Windows 10
Written by Jean-Christophe Delaunay · 2018-05-30 · in Pentest
Among the various security assessments performed by Synacktiv, some involve attacking the security hardening of a laptop or workstation master image that will be massively deployed in an infrastructure. The purpose of this kind of security assessment is to give the client an overview of its level of maturity regarding security concerns and provide him with some recommendations in order to increase his level of security. This post describes how Synacktiv defeated a workstation security measures by using a hardware approach.[…]
Example photo of Evil Maid attacker in their lab: 🙂
Targets 64-bit Intel systems running Windows.
Latest commit: 2 days ago
PCIe Injector Gateware
The PCIe bus is now the main high speed communication bus between a processor and its peripherials. It is used in all PC (sometime encapsulated in Thunderbolt) and now even in mobile phones. Doing security research on PCIe systems can requires very expensive tools (>$50k) and packet generaration for such tools is not a common feature. PCIe Injector provides a such tool at a more reasonable price. Currently, only few attacks were made on PCIe devices. Most of them were done using a Microblaze inside a Xilinx FPGA to send/receive the TLPs, making it hard to really analyze. (Using embedded C software to generate/analyze traffic) An other way is to use USB3380 chip, but it is also not flexible enough (only supporting 32bits addressing) and does not allow debugging the PCIe state machine.
The PCIe injector is based on a Artix7 FPGA from Xilinx connected to a DDR3 and a high speed USB 3.0 FT601 chip from FTDI. It allows:
* Having a full control of the PCIe core.
* Sending/Receiving TLPs through USB 3.0 (or bufferize it to/from DDR3)
* Using flexible software/tools on the Host for receiving/generating/analyzing the TLPs. (Wireshark dissectors, scapy, …)
Nice article by Sysdream on using PCIleech to attack Windows DMA.
PCILeech FPGA contains software and HDL code for FPGA based devices that may be used together with the PCILeech Direct Memory Access (DMA) Attack Toolkit. Using FPGA based devices have many advantages over using the USB3380 hardware that have traditionally been supported by PCILeech. FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system. FPGA based devices are also more stable compared to the USB3380. FPGA based devices may also send raw PCIe Transaction Layer Packets TLPs – allowing for more specialized research.
PCILeech FPGA contains software and HDL code for FPGA based devices that may be used together with the PCILeech Direct Memory Access (DMA) Attack Toolkit. Using FPGA based devices have many advantages over using the USB3380 hardware that have traditionally been supported by PCILeech. FPGA based hardware provides full access to 64-bit memory space without having to rely on a kernel module running on the target system. FPGA based devices are also more stable compared to the USB3380. FPGA based devices may also send raw PCIe Transaction Layer Packets TLPs – allowing for more specialized research. For information about PCILeech itself please check out the PCILeech project.
This repository contains a set of tools and proof of concepts related to PCI-E bus and DMA attacks. It includes HDL design which implements software controllable PCI-E gen 1.1 endpoint device for Xilinx SP605 Evaluation Kit with Spartan-6 FPGA. In comparison with popular USB3380EVB this design allows to operate with raw Transaction Level Packets (TLP) of PCI-E bus and perform full 64-bit memory read/write operations. It’s early version of my first much or less complicated FPGA project, so the speed is quite slow (around 1-2 Mb/s), but in upcoming releases it will be significantly increased by connecting PCI-E endpoint to MicroBlaze soft processor with AXI DMA engine. However, even such low speed is more than enough for reliable implementation of various practical attacks over PCI-E bus: to demonstrate applied use cases of the design, there’s a tool for pre-boot DMA attacks on UEFI based machines which allow executing arbitrary UEFI DXE drivers during platform init. Another example shows how to use pre-boot DMA attacks to inject Hyper-V VM exit handler backdoor into the virtualization-based security enabled Windows 10 Enterprise running on UEFI Secure Boot enabled platform. Provided Hyper-V backdoor PoC might be useful for reverse engineering and exploit development purposes, it provides an interface for inspecting of hypervisor state (VMCS, physical/virtual memory, registers, etc.) from guest partition and perform the guest to host VM escape attacks.
Ulf has a new presentation on PCIe attacks online!
Dmytro has an interesting 6-part twitter post on PCI-e security:
Ulf has an informative new article (and video) about attacking UEFI Runtime Services on Linux-based systems using PCILeech:
Attackers with physical access are able to attack the firmware on many fully patched computers with DMA – Direct Memory Access. Once code execution is gained in UEFI/EFI Runtime Services it is possible to use this foothold to take control of a running Linux system. The Linux 4.8 kernel fully randomizes the physical memory location of the kernel. There is a high likelyhood that the kernel will be randomized above 4GB on computers with sufficient memory. This means that DMA attack hardware only capable of 32-bit addressing (4GB), such as PCILeech, cannot reach the Linux kernel directly. Since the EFI Runtime Services are usually located below 4GB they offer a way into Linux on high memory EFI booting systems. Please see the video below for an example of how an attack may look like. […]