GO-PCIe-Screamer

About

PCIe screamer is an FPGA PCIe board developed by LambdaConcept. The device supports raw PCIe Transaction Layer Packet (TLP) access, and helps security researchers assess the host's PCIe security.

LeechCore, developed by Ulf Frisk, is a low-level software library that interacts with the screamer. For additional information, see https://github.com/ufrisk/LeechCore/wiki/Device_FPGA.

go-pcie-screamer is a re-implementation of LeechCore software stack, written in Go.

Hardware setup

Download the v4 bitstream from https://github.com/ufrisk/pcileech-fpga/tree/master/pciescreamer, and follow the flashing instructions at http://blog.lambdaconcept.com/doku.php?id=products:pcie_screamer.

Usage

import "github.com/google/go-pcie-screamer/screamer"

// Enumerates and opens all screamer devices on the system.
devs, err := screamer.OpenScreamers()
if err != nil {
    return nil, err
}

// Closes screamers on exit.
defer func() {
    for _, d := range devs {
        d.Close()
    }
}()

// Creates an io.ReadWriter for reading and writing TLPs.
rw = screamer.NewTLPController(devs[0])

// Writes a single TLP.
tlp := []byte{0xaa, 0xaa, 0xaa, 0xaa}
rw.Write(tlp)

// Reads a single TLP (with timeout).
b := make([]byte, 1024)
n, err := rw.Read(b)

Supported Hardware

go-pcie-screamer was only tested on PCIeScreamer R02 PCIe board, however, other PCILeech FPGA devices may be supported.

License

This project is a derivative work of LeechCore, therefore, it is licensed under GPLv3, as the original work.

Disclaimer

This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.