Screamer M.2 replaces PCIe Screamer R02 with an M.2 form factor and PCIe x4 connectivity.
- * PCIe x4
- * M.2 2280 (22x80 mm)
- * Key: M
- * Screamer M.2
- * PCIe x4 to M.2 Adapter card
- * PCIe x1 to M.2 Adapter card
- * USB 3.0 Cable
Screamer M.2 is supported by PCILeech.
PCIe is the main high speed way of communicating between a processor and its peripherals. It is used in PC (also encapsulated in Thunderbolt) and now even in mobile phones. Doing security research on a PCIe system is complex because it requires expensive tools (>$50k) and such tools are not that common when packet generation is needed. Screamer M2 provides a such tool at a more reasonable price.
We recommend you to get the JtagSerial pack in order to program it.
Documentation and examples
- XC7A35T Xilinx 7 Series FPGA
- FT601 FTDI USB 3.0
- PCIe Gen2 X4
Currently, only few attacks were made on PCIe devices. Most of them were done using a Microblaze inside a Xilinx FPGA to send/receive the TLPs, making it hard to really analyze. (Using embedded C software to generate/analyze traffic) An other way is to use USB3380 chip, but it is also not flexible enough (only supporting 32bits addressing) and does not allow debugging the PCIe state machine.
The PCIe injector is based on a Series 7 Xilinx FPGA connected to a high speed USB 3.0 FT601 chip from FTDI.
- Having a full control of the PCIe core.
- Sending/Receiving TLPs through USB 3.0
- Using flexible software/tools on the Host for receiving/generating/analyzing the TLPs. (Wireshark dissectors, scapy, ...)
You might also like