Overview
The Hybrid PCIe Trace Tool (HPTT) represents a significant advancement in hardware security analysis, inspired by the Hybrid Memory Trace Tool (HMTT). While HMTT's direct connection to memory modules imposed severe performance limitations, HPTT overcomes these constraints by integrating DMA technology with the PCIe bus.
The core innovation of HPTT is hiding DMA functionality behind a legitimate PCIe device. This approach achieves powerful DMA capabilities without sacrificing computer performance or revealing its presence to the system.
The system only detects the legitimate PCIe device you're using, which retains all its original functionalities. To the host system, it appears as though you've simply inserted this legitimate PCIe device, effectively concealing the DMA capabilities and preventing their detection.
How It Works
HPTT employs a sophisticated approach to implement DMA functionality while maintaining the original functionality of legitimate PCIe devices.
Technical Implementation
HPTT utilizes Xilinx GT channels to implement the PCIe Gen1/2 physical layer. The system employs a self-developed data link layer processing module that:
- Inserts PCILeech DMA request packets into the data link without disrupting the normal operation of the device
- Analyzes and separates DMA request results from the connected PCIe device data
- Manages the separation of data packets from devices such as wireless network cards
Device Enumeration Process
Unlike traditional PCIe switches, during the device enumeration process:
- The system only recognizes the Bus ID and Device ID of the PCIe sub-card (such as a network card) mounted on the HPTT hardware
- Configuration processes and subsequent BAR read/write operations, memory requests, message packets, etc., are all handled by the mounted sub-card
- HPTT solely manages the merging of PCILeech data requests with the mounted device's data requests and performs traffic control
In Simple Terms
HPTT conceals DMA capabilities within a legitimate and real PCIe device. The PCIe device you are using retains its original functions. The computer with HPTT installed will only detect this legitimate PCIe device and will not be able to detect the DMA functionality.
By using real PCIe devices as carriers, HPTT provides stealth DMA capabilities without the performance penalties associated with traditional memory tracing tools.
Compatibility
HPTT supports a wide range of PCIe devices, though there are some considerations to keep in mind for optimal performance.
Device Support
HPTT supports almost all PCIe 1.0 and PCIe 2.0 x1 devices, although some compatibility issues may arise with certain devices. We have conducted extensive testing across multiple platforms:
| Device Type | Compatibility Status | Notes |
|---|---|---|
| Wi-Fi Network Cards | Full Support | Tested extensively with AX210 and similar network cards |
| USB Controllers | Partial Support | Requires specific firmware configurations |
| Ethernet Controllers | Full Support | Most models compatible with minimal configuration |
| Sound Cards | Partial Support | Some models may require additional configuration |
| Storage Controllers | Partial Support | Limited testing completed |
Motherboard Compatibility
We have tested several mid-to-high-end ASUS and MSI motherboards and have identified compatibility issues with certain PCIe devices. Our ongoing development efforts focus on expanding compatibility across different motherboard platforms and PCIe device types.
Due to variations in operating modes among different types of PCIe sub-cards and motherboard platforms, we currently tailor the HPTT firmware to match specific models of PCIe devices.
Key Features
HPTT conceals DMA functionality within legitimate PCIe devices, preventing detection by the host system.
Unlike traditional memory tracing tools, HPTT does not introduce significant performance penalties.
All mounted PCIe devices retain their full original functionality while HPTT operates.
Seamlessly integrates with PCIe Gen1/2 physical layer using Xilinx GT channels.
Enables sophisticated hardware security analysis without compromising system stability.
Customizable firmware to accommodate different PCIe device types and models.
Firmware Information
Device-Specific Firmware
In the current software version, we tailor the HPTT firmware to match specific models of PCIe devices. For example, if your device currently uses firmware specific to the AX210 wireless network card, it will be compatible with any network card product from various manufacturers that shares the AX210 kernel model as the mounted device.
Firmware Updates and Adaptation
If you need to use a new device as the mounted device in the future (e.g., replacing the AX210 with a USB controller), we will need to adapt the firmware specifically for that device. Unlike traditional DMA firmware replacements, HPTT firmware modifications involve configuring the parameters of the internal channel merging and separation module.
Our development roadmap includes gradually expanding firmware compatibility from individual device models to entire device types (such as all wireless network cards or all USB controllers), with the ultimate goal of supporting all PCIe x1 devices.
Firmware vs. Traditional DMA
It's important to note that HPTT firmware modifications serve a different purpose than traditional DMA firmware replacements:
- The primary purpose is to ensure compatibility with new devices
- HPTT does not need to simulate real device information (as with traditional DMA) because it utilizes actual, legitimate devices
- Modifications focus on configuring the parameters of the internal channel merging and separation module
Frequently Asked Questions
What is the difference between HPTT and HMTT?
HMTT (Hybrid Memory Trace Tool) connects directly to memory modules, which can severely impact computer performance and user experience. HPTT overcomes these limitations by implementing similar technology on the PCIe bus using DMA technology, providing better performance and stealth capabilities.
Will HPTT slow down my system?
Unlike traditional memory tracing tools, HPTT is designed to have minimal impact on system performance. Since it integrates with legitimate PCIe devices that retain their full functionality, the performance impact is significantly lower than direct memory tracing approaches.
Can the DMA functionality be detected?
HPTT is designed to hide DMA functionality behind legitimate PCIe devices. To the system, it appears as though you've inserted a standard PCIe device (such as a wireless network card), effectively concealing the DMA capabilities from detection.
What types of PCIe devices work best with HPTT?
Currently, wireless network cards (particularly the AX210 model) have been extensively tested and show excellent compatibility. We are continuously expanding support for other PCIe device types, including USB controllers, Ethernet adapters, and more.
Do I need special firmware for different devices?
Yes, in the current implementation, the HPTT firmware is tailored to specific models of PCIe devices. If you switch to a different type of PCIe device, you will need a firmware update specifically configured for that device.
Getting Started
System Requirements
- Compatible motherboard (most mid-to-high-end ASUS and MSI motherboards have been tested)
- Available PCIe slot
- Compatible PCIe device (see Compatibility section)
- Latest HPTT firmware specific to your PCIe device
Installation Process
- Ensure your system is powered off and disconnected from power
- Mount your compatible PCIe device (e.g., AX210 wireless network card) onto the HPTT hardware
- Insert the assembled HPTT hardware into an available PCIe slot on your motherboard
- Power on your system
- Install any necessary drivers for your mounted PCIe device as you normally would
- Verify that the PCIe device functions normally
- Verify DMA functionality with pcileech
Always follow proper ESD (Electrostatic Discharge) safety procedures when handling PCIe devices and computer components. Improper handling can damage sensitive electronic components.
Using HPTT
Once installed, HPTT operates seamlessly with the mounted PCIe device. The device will function normally for its intended purpose (e.g., a wireless network card will provide Wi-Fi connectivity), while simultaneously enabling DMA capabilities for advanced hardware security analysis.
Detailed usage instructions and documentation are provided with the HPTT package.