Device Spoofing

Customizing our Device Identifiers

In order to avoid current approaches to DMA device detection, we need to build custom gateware for our device with unique device identifiers. Using Xilinx Vivado, this is extremely easy to do. For devices that use pcileech-fpga, build instructions can be found with details on how to customize these identifiers.

Spoofing Real-World Devices

Spoofing the identifiers of a real-world PCI device ensures that you don't stumble into some previously device identifiers. It also makes the anticheat's job of differentiating between bad and good devices much more difficult.

Retrieving Device Identifiers

In order to spoof a real-world device, we'll need to extract information about the device.

Using LSPCI

Plug the real PCI device into your system and run lspci. This command enables us to dump PCI device information. For windows users, a Windows variant of lspci can be found here. With LSPCI we can dump the entire configuration space of our PCI card. This will enable us to build gateware to spoof this config space.

Using Device Manager

Simple device identifiers can be extracted using the Device Manager application on Windows. We can't get the entire configuration space, so this approach doesn't provide enough information to fully spoof our target device, but for Xilinx devices, it provides enough.

Customizing the Device Serial Number

As part of our anticheat evasion, we'll want to customize the DSN. For pcileech compatible devices, this is outlined as part of the build readme (example). You'll want this to be unique, so don't change it to some meme.