dma-attacks
dma-attacks copied to clipboard
xairy
Materials for my DMA attacks talk
DMA Attacks
Materials for my "Introduction to PCIe and DMA attacks" talk (slides, video).
Also see xairy/usb-hacking for my "Introduction to USB hacking" talk.
Below is a list of links related to DMA attacks.
Overview
2020: "DMA explained" [article]
2017: "Practical introduction to PCI Express with FPGAs" by Michal Husejko and John Evans [slides]
2017: "Introduction to PCI Express" by Paolo Durante [slides]
2015: "Overview of PCI(e) Subsystem" by Kishon Vijay Abraham [slides] [video]
2015: "Does PCIe hotplug actually work in practice?" [stackoverflow]
2012: "Thunderbolt Technology" [article]
Attacks
"Security | DMA | Hacking" by Ulf Frisk [blog]
Ulf Frisk [twitter]
Dmytro Oleksiuk [twitter]
2022: "PCIe DMA Attack against a secured Jetson Nano (CVE-2022-21819)" [article]
2021: "Characterizing, Exploiting, and Detecting DMA Code Injection Vulnerabilities in the Presence of an IOMMU" [paper] [video]
2021: "Dumping the Sonos One Smart Speaker" [article]
2021: "Modifying the Acorn CLE-215+ FPGA into a PCILeech DMA attack device" [article]
2021: "PCIe Device Attacks: Beyond DMA" [slides]
2020: "Things not to do when using an IOMMU" by Ilja van Sprundel and Joseph Tartaro [video]
2020: "IOMMU and DMA attacks" by Jean-Christophe Delaunay [slides] [video]
2020: "IOMMU-resistant DMA attacks" by Gil Kupfer [thesis]
2020: "DIRECT MEMORY ACCESS ATTACKS: A WALK DOWN MEMORY LANE" [article]
2019: "IOMMU and DMA attacks" by Jean-Christophe Delaunay [slides]
2019: "PicoDMA - DMA Attacks at your fingertips" by Ben Blaxill and Joel Sandin [slides]
2019: "Prevent DMA attacks from untrusted devices" by Lu Baolu [slides]
2019: "Exploitation from malicious PCI Express peripherals" by Colin Rothwell [thesis]
2018: "PRACTICAL DMA ATTACK ON WINDOWS 10" by Jean-Christophe Delaunay [article]
2018: "Kernel DMA Protection for Thunderbolt 3" [article]
2018: "BitLocker Countermeasures" [article]
2018: "Thunderbolt 3 and Security on Microsoft Windows® 10 Operating system" [article]
2017: "Public FPGA based DMA Attacking" by Ulf Frisk [slides] [video]
2017: "Evil devices and direct memory attacks" by Ulf Frisk [slides] [video]
2017: "Introducing bolt: Thunderbolt 3 security levels for GNU/Linux" by Christian Kellner [article]
2017: "Getting Physical With USB Type-C" by Alex Ionescu [slides] [video]
2017: "A Tour Beyond BIOS: Using IOMMU for DMA Protection in UEFI Firmware" [paper]
2017: "The True Story of Windows 10 and the DMA-protection" by Sami Laiho [article]
2017: "PCI EXPRESS: ВЗГЛЯД DIY-РАЗРАБОТЧИКА И ХАКЕРА" by Dmytro Oleksiuk [slides]
2017: "Taking DMA Attacks to the Next Level" by Anna Trikalinou and Dan Lake [slides] [video]
2016: "Bypassing IOMMU Protection against I/O Attacks" [paper]
2016: "Direct Memory Attack the Kernel" by Ulf Frisk [slides] [video]
2015: "Breaking UEFI security with software DMA attacks" by Dmytro Oleksiuk [article]
2015: "NSA Playset: PCIe" by Joe FitzPatrick and Miles Crabill [video] [slides]
2013: "Funderbolt: Adventures in Thunderbolt DMA Attacks" by Russ Sevinsky [slides] [video]
2010: "Memory Forensics over the IEEE 1394 Interface" by Freddie Witherden [paper]
Other
2023: "PCI Express To Hell" by Gynvael Coldwind
2021: "Fuzzing Linux with Xen" by Tamas K Lengyel [slides] [video
2021: "An Introduction to IOMMU Infrastructure in the Linux Kernel" [article]
2020: "IOMMU Support in Linux" [article]
Linux kernel documentation: USB4 and Thunderbolt
Tools
https://github.com/ufrisk/pcileech
https://github.com/Cr4sh/s6_pcie_microblaze
http://thunderclap.io/
https://github.com/NSAPlayset/SLOTSCREAMER
https://github.com/carmaa/inception
https://github.com/defparam/BAR-Tender
https://github.com/Cr4sh/pico_dma
xairy