UEFI_RETool is a tool for UEFI firmware reverse engineering.
UEFI firmware analysis with uefi_retool.py script
Usage
ida_plugin/uefi_analyser.py
script and ida_plugin/uefi_analyser
directory to IDA plugins directoryconfig.json
filePE_DIR
is a directory that contains all executable images from the UEFI firmwareDUMP_DIR
is a directory that contains all components from the firmware filesystemLOGS_DIR
is a directory for logsIDA_PATH
and IDA64_PATH
are paths to IDA Pro executable filespip install -r requirements.txt
python uefi_retool.py
command to display the help messageCommands
python uefi_retool.py
Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]…
Options:
–help Show this message and exit.
Commands:
get-images Get executable images from UEFI firmware.
get-info Analyze the entire UEFI firmware.
get-pp Get a list of proprietary protocols in the UEFI firmware.
Get-Images
python uefi_retool.py get-images –help
Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH
Get executable images from UEFI firmware. Images are stored in “modules”
directory.
Options:
–help Show this message and exit.
Example
python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin
Get-Info
python uefi_retool.py get-info –help
Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH
Analyze the entire UEFI firmware. The analysis result is saved to .json
file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Get-PP
python uefi_retool.py get-pp –help
Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH
Get a list of proprietary protocols in the UEFI firmware. The result is
saved to .json file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Additional Tools
tools/update_edk2_guids.py
is a script that updates protocol GUIDs list from edk2
projectIDA plugin
Analyser & Protocol explorer
Usage
uefi_analyser
and uefi_analyser.py
to your %IDA_DIR%/plugins
directoryEdit
-> Plugins
-> UEFI analyser
(alternatively, you can use the key combination Ctrl+Alt+U
)Example
Dependency Browser & Dependency Graph
Usage
<LOGS_DIR>/<FIRMWARE_NAME>-all-info.json
file to IDA (File
-> UEFI_RETool...
)Ctrl+Alt+J
)Example
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…