Skip to content

Latest commit

 

History

History

sp605_ft601

PCILeech SP605 / FT601 PCIe to USB3:

This project contains software and HDL code for the Xilinx SP605 development board used together with the FTDI FT601 add-on board. Once flashed it may be used together with the PCILeech Direct Memory Access (DMA) Attack Toolkit or MemProcFS - The Memory Process File System to perform DMA attacks, dump memory or perform research.

⚠️ The SP605 / FT601 firmware is not actively maintained and may not be up-to-date. The current firmware will still work with PCILeech.

Capabilities:

  • Retrieve memory from the target system over USB3 at 50-75MB/s.
  • Access all memory of target system without the need for kernel module (KMD) unless protected with VT-d/IOMMU.
  • Enumerate/Probe accessible memory at >1GB/s.
  • Raw PCIe Transaction Layer Packet (TLP) access.

For information about more capabilities check out the general PCILeech or MemProcFS abilities and capabilities.

The Hardware:

  • Xilinx SP605 development board. (Xilinx) (Digikey)
  • FTDI FT601 USB3 UMFT601X-B add-on board. (FTDI) (Digikey)
  • Also recommended: PCIe extension cable (very low cost ones exists on eBay).

Please see below for correct jumper and microswitch settings:

Flashing:

  1. Ensure the both the SP605 and FT601 is configured correctly with correct jumpers and switches. Please see images above.
  2. Install Xilinx ISE Development Environment.
  3. Build PCILeech SP605/FT601 (see below) alternatively download and unzip pre-built binary: pcileech.mcs.
  4. Open ISE Design Suite 64-Bit Command Prompt.
  5. Make sure the JTAG USB cable is connected.
  6. Run flash.bat to flash the bitstream onto the SP605.
  7. Finished !!!

If this fails please check out the Xilinx documentation about how to flash manually with Impact.

Building:

  1. Install Xilinx ISE Development Environment.
  2. Open ISE Design Suite 64-Bit Command Prompt.
  3. Run build.bat to generate Xilinx proprietary IP cores and build bitstream.
  4. Finished !!!

Even if just opening the project for viewing it's recommended to first run build - since Xilinx proprietary IP isn't included in soruce form in github project due to licensing issues. The user will have first to rebuild IP by running build.bat or the Xilinx coregen utility before opening the project in ISE.

The PCIe device will show as Xilinx Ethernet Adapter with Device ID 0x0666 on the target system by default. For instructions how to change the device id and other advanced build properties check out the advanced build readme for information.

Other Notes:

The completed solution contains Xilinx proprietary IP cores licensed under the Xilinx CORE LICENSE AGREEMENT. This project as-is published on Github contains no Xilinx proprietary IP. Published source code are licensed under the MIT License. The end user that have puschased a SP605 development board will have the proper licenses and will be able to re-generate Xilinx proprietary IP cores with the build.bat script.

Version History:

v1.0

  • Initial Release.
  • Compatible with PCILeech v2.3-2.4
  • Download pre-built binary here.
    SHA256: 9989a51bfa4800921834cc8262d60dbe962afe36814b9cf5f38c93a2a78c4fb7

v2.0

  • Bug fixes and re-design.
  • Compatible with PCILeech v2.5+
  • Download pre-built binary here.
    SHA256: caaf43d53bc6cb137fb8c4b106e9fd6432524738682aec7dcd75a837c4bcd729

v2.2

  • Improved load speed.
  • Bug fixes - USB and Timing.
  • Compatible with PCILeech v2.6+
  • Download pre-built binary here.
    SHA256: d5077accb4af3eb2dbfa4958590feb6d26653fcf6d33690b848d1aa829c7c824