Read from the device PCIe configuration space. Only the values used by the xilinx ip core itself is read.

By now many of you know about ECheats, a DMA cheat provider. As part of developing this platform, I have taken a closer look at LeechCore, MemProcFS, and the DMA libraries everyone relies on.

These are libraries the entire DMA cheat ecosystem is built on. If you go out and buy a DMA cheat, you first need these libraries. They all use them, and some even embed them in their cheat.

Diving deeper into the LeechCore library, I found LC_CMD_FPGA_PCIECFGSPACE this is a nifty little command your FPGA DMA card can run using the LcCommand API call. It returns the entire Configuration Space of your DMA card.

Don’t believe me? Compile the CfgDump example in MemStream and print out your own Configuration Space.

This leads me to the title line. If a cheat developer can dump your configuration space from his cheat, is your firmware safe?

The short answer is, the cheat developer can’t dump the bitstream of your device, so they can’t copy your device. But, with your Configuration Space, they could create their own firmware which clones your firmware. If they used it and got banned, you could be as well.

So how do you protect yourself?

  1. Only use cheats which let you bring your own LeechCore.dll
  2. Compile a safe LeechCore.dll which blocks this command.

For the first item, if the developers cheat doesn’t require any dependencies, it’s a no-go.

For that second item, follow LeechCore’s build instructions and remove this and this from the source code.

This isn’t flawless. Developers could rip your configuration space from the device many ways. So you may need to get creative around limiting the DeviceFPGA_PCIeCfgSpaceCoreRead function to just what LeechCore needs to operate.

Anyway, that’s it. Stay safe 🙂