efiXplorer – IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer
efiXplorer

efiXplorer is IDA plugin for UEFI firmware analysis and reverse engineering automation.

Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because trying to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.

Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get full power of most recent SDK’s features.

Supported Platforms: Win, Linux and OSX (x86/x64).

Key features

Identify available Boot Services automatically

Annotate assembly code automatically with available Boot Services

Identify available Runtime Services automatically

Annotate assembly code automatically with available Runtime Services

Identify available SMM Services automatically

Before analysis

After analysis

Identify available EFI Protocols automatically

Build the list of available EFI Protocols

Identify known EFI GUID’s

Build the list of available EFI GUID’s (including protocol name identification)

efiXplorer Architecture

From the beginning of the project, we focus on building extensible architecture to make our life easier to support the current version and adding new features.

Build instruction

We try to make the build process for different platforms very simple, just use the build script to automate this process

Build script

Usage:

build.py [OPTIONS] IDASDK_DIR

Options:

  -c, --copy TEXT  path to IDA plugins directory

  --help           Show this message and exit.

example of build process:

./build.py <IDASDK75_DIR>

Installation

Copy compiled binaries of efiXplorer plugin and guids directory to <IDA_DIR>/plugins. Enjoy!

DOWNLOAD efiXplorer

References

For IDA:

  • https://github.com/yeggor/UEFI_RETool
  • https://github.com/gdbinit/EFISwissKnife
  • https://github.com/snare/ida-efiutils
For Ghidra:
  • https://github.com/al3xtjames/ghidra-firmware-utils
  • https://github.com/DSecurity/efiSeek

Contributors:
Alex Matrosov (@matrosov)
Andrey Labunets (@isciurus)
Philip Lebedev (@p41l)
Yegor Vasilenko (@yeggor)

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Microsoft And Adobe Fixes Remote Code Execution Vulnerability

Microsoft And Adobe Fixes Critical Vulnerabilities of their products Microsoft released fixes...
Read More