efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation
Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.
Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get full power of most recent SDK’s features.
Supported Platforms: Windows, Linux and OSX.
efiXplorer core features
Features Summary Table
| Feature name | 32-bit | 64-bit |
|---|---|---|
| Boot Services | + | + |
| Runtime Services | + | + |
| SMM services | – | + |
| PEI Services | + | – |
| Protocols | + | + |
| GUIDS | + | + |
| Applying types for local variables | + | + |
| Vulnerabilities scanner | + | + |
| Report in JSON format | + | + |
| Loader | – | + |
| Dependency graph | – | + |
Identify available Boot Services automatically
Annotate Boot Services calls in assembly code automatically:
Identify available Runtime Services automatically
Annotate Runtime Services calls in assembly code automatically:
Identify available SMM services automatically
Annotate SMM Services calls in assembly code automatically:
Identify available PEI services automatically
Annotate PEI Services calls in assembly code automatically:
Identify available EFI Protocols automatically
Build the list of EFI Protocols firmware consumes and installs:
Identify known EFI GUIDs
Build the list of identified EFI GUIDs (including protocol names for known GUIDS):
Applying Types For Protocols Interfaces
This feature works only in conjunction with a HexRays decompiler. If you don’t have a HexRays decompiler, build efiXplorer without hexrays_sdk.
efiXplorer scans drivers for the following types of vulnerabilities:
GetVariable usage (in PEI, DXE and SMM drivers)At the end of the analysis, a chooser is displayed with the suspected vulnerabilities.
After analysis efiXplorer saves the report in JSON format.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…