pcileech 4.4 releases: Direct Memory Access (DMA) Attack Software
PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed for the target system.
PCILeech supports multiple hardware. Currently, only the USB3380 hardware is publically available. The USB3380 is only able to read 4GB of memory natively but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel.
PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”. It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows/Linux/Android. Supported target systems are currently the x64 versions of UEFI, Linux, FreeBSD, macOS, and Windows.
- Retrieve memory from the target system at >150MB/s.
- Write data to the target system memory.
- 4GB memory can be accessed in native DMA mode.
- ALL memory can be accessed if kernel module (KMD) is loaded.
- Mount live RAM as file [Linux, Windows, macOS].
- Mount file system as drive [Linux, Windows, macOS].
- Execute kernel code on the target system.
- Spawn system shell [Windows].
- Spawn any executable [Windows].
- Load unsigned drivers [Windows].
- Pull files [Linux, FreeBSD, Windows, macOS].
- Push files [Linux, Windows, macOS].
- Patch / Unlock (remove password requirement) [Windows, macOS].
- Easy to create own kernel shellcode and/or custom signatures.
- Even more, features not listed here …
- Bug fixes and stability improvements.
- Support for MemProcFS v3 library.
- Code signing of binaries.
- “tlploop” command.
Clone the PCILeech Github repository.
git clone https://github.com/ufrisk/pcileech.git
The binaries are found in pcileech_files and should work on 64-bit Windows and Linux. Please copy all files from pcileech_files since some files contain additional modules and signatures.
The Google Android USB driver also has to be installed. Download the Google Android USB driver from http://developer.android.com/sdk/win-usb.html#download Unzip the driver. Open Device Manager. Right-click on the computer, choose to add legacy hardware. Select install the hardware manually. Click Have Disk. Navigate to the Android Driver, select android_winusb.inf and install.
To mount live ram and target file system as drive in Windows the Dokany file system library must be installed. Please download and install the latest version of Dokany at https://github.com/dokan-dev/dokany/releases/latest
Linux and Android:
Copyright (C) 2016 ufrisk