UEFI_RETool: tool for UEFI firmware reverse engineering
UEFI_RETool
A tool for UEFI firmware reverse engineering.
The tool consists of a plugin for IDA and a set of scripts for UEFI firmware analyzing.
Download
git clone https://github.com/yeggor/UEFI_RETool.git
Use
IDA plugin
UEFI firmware analysis with IDA Pro
analyse_fw_ida.py is a script for UEFI firmware analysis with IDA Pro
Usage:
- Copy ida_plugin\uefi_analyser directory to IDA plugins directory
- Edit config.json file
- “PE_DIR” is a folder that contains all executable images from the UEFI firmware file
- “DUMP_DIR” is a folder that contains all components from the firmware filesystem
- “IDA_PATH” and “IDA64_PATH” are paths to IDA Pro executable files
- Run pip install -r requirements.txt
- Run python analyse_fw_ida.py -h command to display the help message
UEFI firmware analysis with radare2
analyse_fw_r2.py is a similar script for UEFI firmware analysis with radare2
Usage:
- Run pip install -r requirements.txt
- Run python analyse_fw_r2.py -h command to display the help message
Additional tools
- tools\get_efi_images.py is a script that gets all PE-images from the firmware file
- tools\update_edk2_guids.py is a script that updates protocol GUIDs list from the
confdirectory
Copyright (c) 2018-2019 yeggor
Source: https://github.com/yeggor/
