efiXplorer : IDA Plugin For UEFI Firmware Analysis And Reverse Engineering Automation

efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation

Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.

Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get full power of most recent SDK’s features.

Supported Platforms: Windows, Linux and OSX.

efiXplorer core features

Features Summary Table

Feature name	32-bit	64-bit
Boot Services	+	+
Runtime Services	+	+
SMM services	–	+
PEI Services	+	–
Protocols	+	+
GUIDS	+	+
Applying types for local variables	+	+
Vulnerabilities scanner	+	+
Report in JSON format	+	+
Loader	–	+
Dependency graph	–	+

Identify available Boot Services automatically

Annotate Boot Services calls in assembly code automatically:

Identify available Runtime Services automatically

Annotate Runtime Services calls in assembly code automatically:

Identify available SMM services automatically

Annotate SMM Services calls in assembly code automatically:

Identify available PEI services automatically

Annotate PEI Services calls in assembly code automatically:

Identify available EFI Protocols automatically

Build the list of EFI Protocols firmware consumes and installs:

Identify known EFI GUIDs

Build the list of identified EFI GUIDs (including protocol names for known GUIDS):

Applying Types For Protocols Interfaces

This feature works only in conjunction with a HexRays decompiler. If you don’t have a HexRays decompiler, build efiXplorer without hexrays_sdk.

Vulnerabilities Scanner

efiXplorer scans drivers for the following types of vulnerabilities:

SMM callouts
OOB Write via wrong GetVariable usage (in PEI, DXE and SMM drivers)

At the end of the analysis, a chooser is displayed with the suspected vulnerabilities.

Report in JSON format

After analysis efiXplorer saves the report in JSON format.

Related

UEFI_RETool : A Tool For UEFI Firmware Reverse Engineering

August 12, 2020

In "Kali Linux"

IDArling : Collaborative Reverse Engineering Plugin for IDA Pro & Hex-Ray

April 4, 2019

In "Kali Linux"

hrtng IDA Plugin : Elevating IDA’s Capabilities For Advanced Malware Analysis

December 11, 2024

In "Malware"

R K

Next BurpCrypto : A Collection Of Burpsuite Encryption Plug-Ins, Support AES/RSA/DES/ExecJs(execute JS Encryption Code In Burpsuite) »

Previous « Bopscrk : Tool To Generate Smart And Powerful Wordlists

Leave a Comment

Share

Published by

R K

Tags: efiXplorerIDA PluginReverse Engineering AutomationUEFI Firmware

5 years ago

Recent Posts

How To

Plex Media Server Setup: Install and Configure on Ubuntu 20.04

A Plex Media Server Setup on Ubuntu 20.04 is one of the easiest ways to…

13 minutes ago

TECH

Why Deploying AI Is Just the Beginning: The Case for Ongoing AI Operations Monitoring

Most enterprise AI programs treat deployment as the destination. The business case is built around…

18 hours ago

How To

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

6 days ago

How To

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

6 days ago

How To

How To Debug Bash Scripts Using bash -x And set Commands

Introduction Debugging is an important part of Bash scripting. When a script does not work…

6 days ago

How To

How To Use Cron Jobs With Bash Scripts For Automation

Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…

6 days ago

L