PCILeech
AGPL-3.0🧬 Reverse Engineering · C
PCILeech uses PCIe/Thunderbolt/USB3380 hardware to perform Direct Memory Access (DMA) attacks against target computers. It can read and write physical memory of live systems without requiring any software on the target. Capabilities include dumping full physical memory, patching kernel code in-memory (e.g., removing authentication), injecting code into running processes, and extracting encryption keys. PCILeech supports FPGA-based hardware (Screamer, PCIe squirrel) for high-speed transfers and includes plugins for common attack scenarios like Windows login bypass, BitLocker key extraction, and macOS FileVault attacks. A powerful tool for physical security assessments.
Installation
$ git clone https://github.com/ufrisk/pcileech.gitUse Cases
- Physical memory acquisition from live systems
- Bypassing full-disk encryption via DMA
- Kernel-level code patching without target software
- Physical security assessment of DMA protections
Tags
Details
- Category
- 🧬 Reverse Engineering
- Language
- C
- Repository
- ufrisk/pcileech
- License
- AGPL-3.0
- Platforms
- 🐧linux🪟windows
Links
Community Reviews
Alternatives & Comparisons
More in Reverse Engineering
dnSpy
C#.NET debugger, decompiler, and assembly editor. Inspect and modify .NET and Unity assemblies without source code.
ILSpy
C#Open-source .NET decompiler and assembly browser. Produces clean C# from compiled binaries with cross-platform support.
x64dbg
C++Open-source x64/x32 debugger for Windows. Full-featured binary debugger with plugin ecosystem for malware analysis and reverse engineering.
Detect It Easy
C++/QtBinary packer and compiler detection. Identifies compilers, linkers, packers, and protectors used to build PE, ELF, and Mach-O files.
angr
PythonBinary analysis framework. Symbolic execution, CFG recovery, and vulnerability discovery for compiled binaries in Python.
RetDec
C++Retargetable decompiler by Avast. Converts machine code back to C from x86, ARM, MIPS, and PowerPC binaries.