DMA RTL8125

Warning

For educational purposes only

Tested on Easy Anti-Cheat (EAC) in APEX Legends.

Tested on BattlEye in Arma3/DayZ.

Usage

Download CH347FPGATool from.

Download firmware for you DMA from.

Open CH347FPGATool:

Select your DMA card.
Select "BIN".
Select firmware.
Start flash.

Guide to creating your own firmware

1. Find Bar's Address

sudo lspci -vv -s 05:00.0

05:00.0 — This is your PCI device ID

output:

05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTLXXXX PCI Express Gigabit Ethernet Controller (rev 02)
	Subsystem: Realtek Semiconductor Co., Ltd. Device 0123
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0, Cache Line Size: 64 bytes
	Interrupt: pin A routed to IRQ 17
	Region 0: I/O ports at 3000 [size=256]
	Region 2: Memory at ADDRESS_1 (64-bit, non-prefetchable) [size=SIZE_1 K]
	Region 4: Memory at ADDRESS_2 (64-bit, prefetchable) [size=SIZE_2 K]

2. Create Memory Dump

sudo dd if=/dev/mem of=bar2.bin bs=1 count=$((SIZE_1*1024)) skip=$((0xADDRESS_1)) iflag=skip_bytes
sudo dd if=/dev/mem of=bar4.bin bs=1 count=$((SIZE_2*1024)) skip=$((0xADDRESS_2)) iflag=skip_bytes

Where is 0xdf200000 - Bar2 address and 64 - is size in K
Where is 0xdf210000 - Bar4 address and 16 - is size in K

3. Convert Dump to Verilog

Use dump.py:

Run:

python3 dump.py -i bar2.bin -o bar2.v
python3 dump.py -i bar4.bin -o bar4.v

4. Update ver

In the file pcileech_tlps128_bar_controller.sv replace the values with your own.

Insert bar2.v code here.
Insert bar4.v code here.

Update pcie_7x_0_core_top.v.
For this, it's convenient to use LeCroy TeleScan PE or drvscan

Result of work

Credits

Special thanks to: ekknod

pa1n-dev/rtl8125_emulation