A tool for UEFI firmware reverse engineering.
Usage:
ida_plugin/uefi_analyser.py
script and ida_plugin/uefi_analyser
directory to IDA plugins directoryconfig.json
file
PE_DIR
is a directory that contains all executable images from the UEFI firmwareDUMP_DIR
is a directory that contains all components from the firmware filesystemLOGS_DIR
is a directory for logsIDA_PATH
and IDA64_PATH
are paths to IDA Pro executable filespip install -r requirements.txt
python uefi_retool.py
command to display the help messagepython uefi_retool.py
Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
get-images Get executable images from UEFI firmware.
get-info Analyze the entire UEFI firmware.
get-pp Get a list of proprietary protocols in the UEFI firmware.
python uefi_retool.py get-images --help
Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH
Get executable images from UEFI firmware. Images are stored in "modules"
directory.
Options:
--help Show this message and exit.
Example:
python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin
python uefi_retool.py get-info --help
Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH
Analyze the entire UEFI firmware. The analysis result is saved to .json
file.
Options:
-w, --workers INTEGER Number of workers (8 by default).
--help Show this message and exit.
Example:
python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin
python uefi_retool.py get-pp --help
Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH
Get a list of proprietary protocols in the UEFI firmware. The result is
saved to .json file.
Options:
-w, --workers INTEGER Number of workers (8 by default).
--help Show this message and exit.
Example:
python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin
tools/update_edk2_guids.py
is a script that updates protocol GUIDs list from edk2
projectCopy uefi_analyser
and uefi_analyser.py
to your %IDA_DIR%/plugins
directory
Open the executable UEFI image in IDA and go to Edit
-> Plugins
-> UEFI analyser
(alternatively, you can use the key combination Ctrl+Alt+U
)
Analyse the firmware using uefi_retool.py
python uefi_retool.py get-info FIRMWARE_PATH
Load <LOGS_DIR>/<FIRMWARE_NAME>-all-info.json
file to IDA (File
-> UEFI_RETool...
)
alternatively, you can use the key combination Ctrl+Alt+J
)