Kali Linux

efiXplorer : IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation

Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.

Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get full power of most recent SDK’s features.

Supported Platforms: Windows, Linux and OSX.

efiXplorer core features

Features Summary Table

Feature name32-bit64-bit
Boot Services++
Runtime Services++
SMM services+
PEI Services+
Protocols++
GUIDS++
Applying types for local variables++
Vulnerabilities scanner++
Report in JSON format++
Loader+
Dependency graph+

Identify available Boot Services automatically

Annotate Boot Services calls in assembly code automatically:

Identify available Runtime Services automatically

Annotate Runtime Services calls in assembly code automatically:

Identify available SMM services automatically

Annotate SMM Services calls in assembly code automatically:

Identify available PEI services automatically

Annotate PEI Services calls in assembly code automatically:

Identify available EFI Protocols automatically

Build the list of EFI Protocols firmware consumes and installs:

Identify known EFI GUIDs

Build the list of identified EFI GUIDs (including protocol names for known GUIDS):

Applying Types For Protocols Interfaces

This feature works only in conjunction with a HexRays decompiler. If you don’t have a HexRays decompiler, build efiXplorer without hexrays_sdk.

Vulnerabilities Scanner

efiXplorer scans drivers for the following types of vulnerabilities:

  • SMM callouts
  • OOB Write via wrong GetVariable usage (in PEI, DXE and SMM drivers)

At the end of the analysis, a chooser is displayed with the suspected vulnerabilities.

Report in JSON format

After analysis efiXplorer saves the report in JSON format.

Download
R K

Leave a Comment
Share
Published by
R K
Tags: efiXplorerIDA PluginReverse Engineering AutomationUEFI Firmware
4 years ago

Recent Posts

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

7 hours ago

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

4 days ago

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

4 days ago

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

5 days ago

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

1 month ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

1 month ago