A tool for UEFI firmware reverse engineering.
The tool consists of a plugin for IDA and a set of scripts for UEFI firmware analysing.
- IDA plugin
- UEFI firmware analysis with IDA Pro
- UEFI firmware analysis with radare2
- Additional tools
- Similar works
- Contributors
analyse_fw_ida.py is a script for UEFI firmware analysis with IDA Pro
Usage:
- Copy
ida_plugin\uefi_analyserdirectory to IDA plugins directory - Edit
config.jsonfile- "PE_DIR" is a folder that contains all executable images from the UEFI firmware file
- "DUMP_DIR" is a folder that contains all components from the firmware filesystem
- "IDA_PATH" and "IDA64_PATH" are paths to IDA Pro executable files
- Run
pip install -r requirements.txt - Run
python analyse_fw_ida.py -hcommand to display the help message
UEFI_RETool
A tool for UEFI firmware analysis with IDA Pro
usage: python analyse_fw_ida.py [-h] [--all] [--pp_guids] [--get_efi_images]
[--update_edk2_guids EDK2_PATH]
firmware_path
positional arguments:
firmware_path path to UEFI firmware for analysis
optional arguments:
-h, --help show this help message and exit
--all analyse of all UEFI firmware modules and output of
information to .\log\ida_log_all.md file (example:
python analyse_fw_ida.py --all <firmware_path>)
--pp_guids analyse all UEFI firmware modules and save a table
with proprietry protocols to .\log\ida_pp_guids.md
file (example: python analyse_fw_ida.py --pp_guids
<firmware_path>)
--get_efi_images get all executable images from UEFI firmware (images
are stored in .\modules directory, example: python
analyse_fw_ida.py --get_efi_images <firmware_path>)
Examples of logs can be viewed at the following links: log_all, log_pp_guids
analyse_fw_r2.py is a similar script for UEFI firmware analysis with radare2
Usage:
- Run
pip install -r requirements.txt - Run
python analyse_fw_r2.py -hcommand to display the help message
UEFI_RETool
A tool for UEFI firmware analysis with radare2
usage: python analyse_fw_r2.py [-h] [--all] [--pp_guids] [--pp_guids_num]
[--get_efi_images]
[--update_edk2_guids EDK2_PATH]
firmware_path
positional arguments:
firmware_path path to UEFI firmware for analysis
optional arguments:
-h, --help show this help message and exit
--all analyse of all UEFI firmware modules and output of
information to .\log\r2_log_all.md file (example:
python analyse_fw_r2.py --all <firmware_path>)
--pp_guids analyse all UEFI firmware modules and save a table
with proprietary protocols to .\log\r2_pp_guids.md
file (example: python analyse_fw_r2.py --pp_guids
<firmware_path>)
--pp_guids_num analyse all UEFI firmware modules and get number of
proprietary protocols (example: python
analyse_fw_r2.py --pp_guids_num <firmware_path>)
--get_efi_images get all executable images from UEFI firmware (images
are stored in .\modules directory, example: python
analyse_fw_r2.py --get_efi_images <firmware_path>)
tools\get_efi_images.pyis a script that gets all PE-images from the firmware filetools\update_edk2_guids.pyis a script that updates protocol GUIDs list from theconfdirectory
- yeggor ([email protected])
- p41l ([email protected])