MIT License Python Versions

UEFI_RETool

A tool for UEFI firmware reverse engineering.

Click to open TOC

- [UEFI firmware analysis with uefi_retool.py script](#uefi-firmware-analysis-with-uefi_retoolpy-script) - [Commands](#commands) - [get-images](#get-images) - [get-info](#get-info) - [get-pp](#get-pp) - [Additional tools](#additional-tools) - [IDA plugin](#ida-plugin) - [Analyser & Protocol explorer](#analyser--protocol-explorer) - [Usage](#usage) - [Example](#example) - [Before analysis](#before-analysis) - [After analysis](#after-analysis) - [Protocol explorer window](#protocol-explorer-window) - [Dependency browser & Dependency graph](#dependency-browser--dependency-graph) - [Usage](#usage-1) - [Example](#example-1) - [Dependency browser window](#dependency-browser-window) - [Dependency graph](#dependency-graph) - [Similar works](#similar-works)

UEFI firmware analysis with uefi_retool.py script

Usage:

Copy ida_plugin/uefi_analyser.py script and ida_plugin/uefi_analyser directory to IDA plugins directory
Edit config.json file
- PE_DIR is a directory that contains all executable images from the UEFI firmware
- DUMP_DIR is a directory that contains all components from the firmware filesystem
- LOGS_DIR is a directory for logs
- IDA_PATH and IDA64_PATH are paths to IDA Pro executable files
Run pip install -r requirements.txt
Run python uefi_retool.py command to display the help message

Commands

python uefi_retool.py

Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  get-images  Get executable images from UEFI firmware.
  get-info    Analyze the entire UEFI firmware.
  get-pp      Get a list of proprietary protocols in the UEFI firmware.

get-images

python uefi_retool.py get-images --help

Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH

  Get executable images from UEFI firmware. Images are stored in "modules"
  directory.

Options:
  --help  Show this message and exit.

Example:

python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin

get-info

python uefi_retool.py get-info --help

Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH

  Analyze the entire UEFI firmware. The analysis result is saved to .json
  file.

Options:
  -w, --workers INTEGER  Number of workers (8 by default).
  --help                 Show this message and exit.

Example:

python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin

get-pp

python uefi_retool.py get-pp --help

Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH

  Get a list of proprietary protocols in the UEFI firmware. The result is
  saved to .json file.

Options:
  -w, --workers INTEGER  Number of workers (8 by default).
  --help                 Show this message and exit.

Example:

python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin

Additional tools

tools/update_edk2_guids.py is a script that updates protocol GUIDs list from edk2 project

IDA plugin

IDA plugin for UEFI analysis

Analyser & Protocol explorer

Usage

Copy uefi_analyser and uefi_analyser.py to your %IDA_DIR%/plugins directory
Open the executable UEFI image in IDA and go to Edit -> Plugins -> UEFI analyser (alternatively, you can use the key combination Ctrl+Alt+U)

Example

Before analysis

before_analysis

After analysis

after_analysis

Protocol explorer window

protocols

Dependency browser & Dependency graph

Usage

Analyse the firmware using uefi_retool.py
```
  python uefi_retool.py get-info FIRMWARE_PATH
```
- Load <LOGS_DIR>/<FIRMWARE_NAME>-all-info.json file to IDA (File -> UEFI_RETool...)
  
  alternatively, you can use the key combination Ctrl+Alt+J)

UEFI_RETool

Table of Contents

UEFI firmware analysis with uefi_retool.py script

Commands

get-images

get-info

get-pp

Additional tools

IDA plugin

Analyser & Protocol explorer

Usage

Example

Before analysis

After analysis

Protocol explorer window

Dependency browser & Dependency graph

Usage

Example

Dependency browser window

Dependency graph

Similar works