PCILeech uses PCIe devices to read and enrollment from system memory. This is achieved by using DMA over PCIe. No pre-requisites are requiredletterthe drivers for the target system.
PCILeech supports many hardware. Currently, only USB3380 is available to the public. The USB3380 can read 4 GB native memory, but can read all memory if a kernel unit (KMD) is first inserted into the kernel of the destination system.
PCILeech is capable of inserting a wide range of plug-ins into the kernel, allowing easy access to the active ram and file system via a "mount drive".
It is also possible to remove the login password requirement, the loading of unsigned drivers, the implementation code and the system shell. PCIleech runs on Windows/Linux/Android. Supported target systems are currently the x64 versions of UEFI, Linux, FreeBSD, macOS, and Windows.
Specifications:
- Memory recovery from the destination system at> 150MB / s.
- Write data to the destination system memory.
- You can access the 4 GB memory in native DMA mode.
- ALL memory can be accessed if the kernel unit (KMD) is loaded.
- Insert RAM as a file [Linux, Windows, macOS].
- Attach file system as a drive [Linux, Windows, macOS].
- Run the kernel code on the destination system.
- Spawn System Shell [Windows].
- Create anything executable [Windows].
- Loading unsigned drivers [Windows].
- Download files [Linux, FreeBSD, Windows, macOS].
- Patch / Unlock (remove password requirement) [Windows, macOS].
- Easy creation of your own shell in the kernel and / or custom signatures.
Installation
git clone https://github.com/ufrisk/pcileech.git
Windows
The Google Android USB Driver must also be installed. Download Google Android USB Driver from http://developer.android.com/sdk/win-usb.html#download
Unzip it and open Device Manager. Right click on the computer, choose to add old hardware. Select manual installation of the hardware. Click Have Disk. Go to the Android driver, select android_winusb.inf and install it.
To attach Live ram and a destination file system as a drive to Windows, the Dokany file system library must be installed. Download and install the latest version of Dokany from address https://github.com/dokan-dev/dokany/releases/latest
Linux and Android
See the PCILeech-on- guide Linux for information about running PCILeech on Linux or PCILeech-on- Android for Android.
Application snapshots
Information on using the program, you will find here.