Skip to content
July 10, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Open Source Tool
  • ME Analyzer: Intel Engine Firmware Analysis Tool
  • Open Source Tool

ME Analyzer: Intel Engine Firmware Analysis Tool

Do Son August 26, 2019 7 minutes read
ME Analyzer
Add Daily CyberSecurity as a preferred source on Google

ME Analyzer is a tool which parses Intel Engine firmware images from the Converged Security Management Engine, Converged Security Trusted Execution Engine, Converged Security Server Platform Services, Management Engine, Trusted Execution Engine & Server Platform Services families. It can be used by end-users who are looking for all relevant firmware information such as Family, Version, Release, Type, Date, SKU, Platform etc. It is capable of detecting new/unknown firmware, checking firmware health, Updated/Outdated status and many more. ME Analyzer is also a powerful Engine firmware research analysis tool with multiple structures which allow, among others, full parsing and unpacking of Converged Security Engine (CSE) firmware, Flash Partition Table (FPT) & Boot Partition Descriptor Table (BPDT/IFWI), advanced Size detection etc. Moreover, with the help of its extensive database, ME Analyzer is capable of uniquely categorizing all supported Engine firmware as well as check for any firmware which have not been stored at the Intel Engine Firmware Repositories yet.

A1. ME Analyzer Features

  • Supports all Engine firmware Families (CS)ME 1-12, (CS)TXE 1-4, (CS)SPS 1-4
  • Supports all types of firmware images (Engine Regions, SPI/BIOS etc)
  • Detection of Family, Version, SKU, Date, Revision, Platform etc info
  • Detection of Production, Pre-Production, ROM-Bypass etc Releases
  • Detection of Region (Stock/clean or Extracted/dirty), Update etc Types
  • Detection of Security Version Number (SVN), Version Control Number (VCN) & PV
  • Detection of Intel SPI Flash Descriptor region’s Access Permissions
  • Detection of whether the imported Engine firmware is updated or not
  • Detection of unusual Engine firmware (Corrupted, Compressed, OEM etc)
  • Ability to unpack CSE firmware CSME 11+, CSTXE 3+ and CSSPS 4+
  • Ability to validate Engine RSA Signature and Region table checksums
  • Advanced detection & validation of Engine region’s firmware Size
  • Ability to detect & analyze Integrated Firmware Images (IFWI/BPDT)
  • Detection of CSME 11+ Flash Image Tool platform configuration by OEM
  • Detection of CSME 11 PCH-LP firmware Power Down Mitigation (PDM) erratum
  • Ability to analyze multiple files by drag & drop or by input path
  • Detection of unique mobile Apple Macintosh Engine firmware SKUs
  • Detection of multiple Engine regions in input file, number only
  • Detection of special Engine firmware BIOS GUIDs via UEFIFind
  • Ability to detect & categorize firmware which require attention
  • Supports CodeRush’s UEFIFind & Lordkag’s UEFIStrip utility integration
  • Reports all firmware which are not found at the Engine Firmware Repositories
  • Reports any new, unknown, problematic, incomplete etc Engine firmware images
  • Features command line parameters to enhance functionality & assist research
  • Features user-friendly messages & proper handling of unexpected code errors
  • Shows coloured text to signify the importance of notes, warnings & errors
  • Open Source project licensed under GNU GPL v3, comment assisted code

A2. Engine Firmware Repository Database

ME Analyzer allows end-users and/or researchers to quickly analyze and/or report new firmware versions without the use of special Intel tools (FIT/FITC, FWUpdate) or Hex Editors. To do that effectively, a database had to be built. The Intel Engine Firmware Repositories is a collection of every (CS)ME, (CS)TXE & (CS)SPS firmware we have found. Its existence is very important for ME Analyzer as it allows us to continue doing research, find new types of firmware, compare the same major version releases for similarities, check for updated firmware etc. Bundled with ME Analyzer is a file called MEA.dat which is required for the program to run. It includes entries for all Engine firmware that are available to us. This accommodates primarily three actions: a) Detect each firmware’s Family via unique identifier keys, b) Check whether the imported firmware is up to date and c) Help find new Engine firmware sooner by reporting them at the Intel Management Engine: Drivers, Firmware & System Tools or Intel Trusted Execution Engine: Drivers, Firmware & System Tools threads respectively.

B. How to use ME Analyzer

There are two ways to use ME Analyzer, MEA executable & Command Prompt. The MEA executable allows you to drag & drop one or more firmware and analyze them one by one or recursively scan entire directories. To manually call ME Analyzer, a Command Prompt can be used with -skip as a parameter.

B1. ME Analyzer Executable

To use ME Analyzer, select one or multiple files and Drag & Drop them to its executable. You can also input certain optional parameters either by running MEA directly or by first dropping one or more files to it. Keep in mind that, due to operating system limitations, there is a limit on how many files can be dropped at once. If the latter is a problem, you can always use the -mass parameter to recursively scan entire directories as explained below.

B2. ME Analyzer Parameters

There are various parameters which enhance or modify the default behavior of ME Analyzer:

  • -? : Displays help & usage screen
  • -skip : Skips options intro screen
  • -check : Copies files with messages to check
  • -mass : Scans all files of a given directory
  • -enuf : Enables UEFIFind Engine GUID detection
  • -adir : Sets UEFIFind to the previous directory
  • -pdb : Writes input file DB entry to text file
  • -dbname : Renames input file based on unique DB name
  • -dfpt : Shows info about the FPT and/or BPDT headers (Research)
  • -dsku : Shows debug/verbose SKU detection info for CSME 11 (Research)
  • -unp86 : Unpacks all CSE Converged Security Engine firmware (Research)
  • -ext86 : Prints Extension info during CSE unpacking (Research)
  • -bug86 : Enables debug/verbose mode during CSE unpacking (Research)

The following are Windows specific:

  • -extr : Lordkag’s UEFIStrip mode
  • -msg : Prints only messages without headers
  • -hid : Displays all firmware even without messages (-msg)

B3. ME Analyzer Error Control

During operation, ME Analyzer may encounter issues that can trigger Notes, Warnings and/or Errors. Notes (yellow/green color) provide useful information about a characteristic of this particular firmware. Warnings (purple color) notify the user of possible problems that can cause system instability. Errors (red color) are shown when something unexpected or problematic is encountered.

C. Execute/Download ME Analyzer

ME Analyzer is developed using Python 3.6 and can work under Windows, Linux and macOS operating systems. It consists of two files, the executable (MEA.exe or MEA) and the database (MEA.dat). Regarding the executable, already built/frozen/compiled binaries are provided by me for Windows only (icon designed by Those Icons). Thus, you don’t need to manually build/freeze/compile ME Analyzer under Windows. Instead, download the latest version from the Releases tab, the title should be “ME Analyzer v1.X.X”. You may need to scroll down a bit if there are DB releases at the top. The latter can be used to update the outdated DB which was bundled with the latest executable release, the title should be “DB rXX”. For Linux and macOS or courageous Windows users, the build/freeze/compile instructions for all three OS can be found below.

Note: To extract the already built/frozen/compiled ME Analyzer archives, you need to use programs which support RAR5 compression!

Anti-Virus False Positives

Some Anti-Virus software may claim that the built/frozen/compiled MEA executable contains viruses. Any such detections are false positives, usually of PyInstaller. You can switch to a better Anti-Virus software, report the false positive to their support, add the MEA executable to the exclusions, build/freeze/compile MEA yourself or use the Python script directly.

Download

Copyright (C) 2016 platomav 

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Tags: ME Analyzer

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-15300CVSS 9.1
    The GEO my WP plugin for WordPress was vulnerable to SQL Injection...
  • CVE-2026-15282CVSS 9.8
    The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads...
  • CVE-2026-14894CVSS 9.8
    The Super Forms – Drag & Drop Form Builder plugin for WordPress...
  • CVE-2026-54769CVSS 10.0
    Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2...
  • CVE-2026-58122CVSS 9.1
    Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated...
  • CVE-2026-58123CVSS 9.8
    Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that...
  • CVE-2026-52777
    ## Details ### Sink `tools/bazar/services/CSVManager.php` line 372-399: ``` public function importEntry(array $importedEntries,...
  • CVE-2026-52766CVSS 9.1
    ### Summary The `{{erasespamedcomments}}` wiki action (`actions/EraseSpamedCommentsAction.php`) accepts a `suppr[]` array from...
  • CVE-2026-59827CVSS 9.9
    Metabase is an open-source business intelligence and embedded analytics tool. Prior to...
  • CVE-2026-59826CVSS 9.1
    Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.