Device Spoofing
Information on customizing the PCI Configuration space to spoof device IDs.
Last updated
Information on customizing the PCI Configuration space to spoof device IDs.
Last updated
In order to avoid current approaches to DMA device detection, we need to build custom gateware for our device with unique device identifiers. Using Xilinx Vivado, this is extremely easy to do. For devices that use pcileech-fpga, build instructions can be found with details on how to customize these identifiers.
Spoofing the identifiers of a real-world PCI device ensures that you don't stumble into some previously device identifiers. It also makes the anticheat's job of differentiating between bad and good devices much more difficult.
In order to spoof a real-world device, we'll need to extract information about the device.
Plug the real PCI device into your system and run lspci. This command enables us to dump PCI device information. For windows users, a Windows variant of lspci can be found here. With LSPCI we can dump the entire configuration space of our PCI card. This will enable us to build gateware to spoof this config space.
The device information of your stock Screamer PCIe USB-C (R04) device can be found with the following command: lspci -d 10ee:0666 -vvv -xxxx
Simple device identifiers can be extracted using the Device Manager application on Windows. We can't get the entire configuration space, so this approach doesn't provide enough information to fully spoof our target device, but for Xilinx devices, it provides enough.
As part of our anticheat evasion, we'll want to customize the DSN. For pcileech compatible devices, this is outlined as part of the build readme (example). You'll want this to be unique, so don't change it to some meme.