l4trace

Extract the fiasco trace buffer running on a target machine using a PCIe screamer device.

Equipment

The screamer access the tracebuffer memory via Busmastering DMA. You need to set:

CONFIG_IOMMU_PASSTHROUGH=y
CONFIG JDB=y
CONFIG JDB LOGGING=y

To enable Busmastering DMA and place the tracebuffer address at a well-known location, add the provided module (./jdb_scream.cpp) to your kernel.

Clone submodules

git submodule update --init --recursive

Install dependencies

sudo apt install libusb-1.0-0-dev babeltrace2 libbabeltrace2-dev

Build LeechCore

make all

Optional: Add udev rules to use device as group member of dialout

sudo cp udev.rules /etc/udev/rules.d/99-screamerM2.rules
sudo udevadm control --reload-rules

./l4trace.sh

Name		Name	Last commit message	Last commit date
Latest commit History 49 Commits
LeechCore @ 24e9258		LeechCore @ 24e9258
LeechCore-plugins @ 5dc815e		LeechCore-plugins @ 5dc815e
fiasco		fiasco
l4ctf		l4ctf
.gitignore		.gitignore
.gitmodules		.gitmodules
Makefile		Makefile
README.md		README.md
device.cpp		device.cpp
device.h		device.h
jdb_scream.cpp		jdb_scream.cpp
l4trace.sh		l4trace.sh
main.cpp		main.cpp
page_table.cpp		page_table.cpp
page_table.h		page_table.h
trace_reader.cpp		trace_reader.cpp
trace_reader.h		trace_reader.h
udev.rules		udev.rules