UEFI_RETool is a tool for UEFI firmware reverse engineering.
UEFI firmware analysis with uefi_retool.py script
Usage
ida_plugin/uefi_analyser.py
script and ida_plugin/uefi_analyser
directory to IDA plugins directoryconfig.json
filePE_DIR
is a directory that contains all executable images from the UEFI firmwareDUMP_DIR
is a directory that contains all components from the firmware filesystemLOGS_DIR
is a directory for logsIDA_PATH
and IDA64_PATH
are paths to IDA Pro executable filespip install -r requirements.txt
python uefi_retool.py
command to display the help messageCommands
python uefi_retool.py
Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]…
Options:
–help Show this message and exit.
Commands:
get-images Get executable images from UEFI firmware.
get-info Analyze the entire UEFI firmware.
get-pp Get a list of proprietary protocols in the UEFI firmware.
Get-Images
python uefi_retool.py get-images –help
Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH
Get executable images from UEFI firmware. Images are stored in “modules”
directory.
Options:
–help Show this message and exit.
Example
python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin
Get-Info
python uefi_retool.py get-info –help
Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH
Analyze the entire UEFI firmware. The analysis result is saved to .json
file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Get-PP
python uefi_retool.py get-pp –help
Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH
Get a list of proprietary protocols in the UEFI firmware. The result is
saved to .json file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Additional Tools
tools/update_edk2_guids.py
is a script that updates protocol GUIDs list from edk2
projectIDA plugin
Analyser & Protocol explorer
Usage
uefi_analyser
and uefi_analyser.py
to your %IDA_DIR%/plugins
directoryEdit
-> Plugins
-> UEFI analyser
(alternatively, you can use the key combination Ctrl+Alt+U
)Example
Dependency Browser & Dependency Graph
Usage
<LOGS_DIR>/<FIRMWARE_NAME>-all-info.json
file to IDA (File
-> UEFI_RETool...
)Ctrl+Alt+J
)Example
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…