Device Spoofing

Information on customizing the PCI Configuration space to spoof device IDs.

Customizing our Device Identifiers

In order to avoid current approaches to DMA device detection, we need to build custom gateware for our device with unique device identifiers. Using Xilinx Vivado, this is extremely easy to do. For devices that use pcileech-fpga, build instructions can be found with details on how to customize these identifiers.

Spoofing Real-World Devices

Spoofing the identifiers of a real-world PCI device ensures that you don't stumble into some previously device identifiers. It also makes the anticheat's job of differentiating between bad and good devices much more difficult.

Retrieving Device Identifiers

In order to spoof a real-world device, we'll need to extract information about the device.

Using LSPCI

Plug the real PCI device into your system and run lspci. This command enables us to dump PCI device information. For windows users, a Windows variant of lspci can be found here. With LSPCI we can dump the entire configuration space of our PCI card. This will enable us to build gateware to spoof this config space.

The device information of your stock Screamer PCIe USB-C (R04) device can be found with the following command: lspci -d 10ee:0666 -vvv -xxxx

Using Device Manager

Simple device identifiers can be extracted using the Device Manager application on Windows. We can't get the entire configuration space, so this approach doesn't provide enough information to fully spoof our target device, but for Xilinx devices, it provides enough.

Example hardware ids viewed from Device Manager.

Customizing the Device Serial Number

As part of our anticheat evasion, we'll want to customize the DSN. For pcileech compatible devices, this is outlined as part of the build readme (example). You'll want this to be unique, so don't change it to some meme.

Last updated

Was this helpful?