UEFI_RETool is a tool for UEFI firmware reverse engineering.
UEFI firmware analysis with uefi_retool.py script
Usage
ida_plugin/uefi_analyser.py script and ida_plugin/uefi_analyser directory to IDA plugins directoryconfig.json filePE_DIR is a directory that contains all executable images from the UEFI firmwareDUMP_DIR is a directory that contains all components from the firmware filesystemLOGS_DIR is a directory for logsIDA_PATH and IDA64_PATH are paths to IDA Pro executable filespip install -r requirements.txtpython uefi_retool.py command to display the help messageCommands
python uefi_retool.py
Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]…
Options:
–help Show this message and exit.
Commands:
get-images Get executable images from UEFI firmware.
get-info Analyze the entire UEFI firmware.
get-pp Get a list of proprietary protocols in the UEFI firmware.
Get-Images
python uefi_retool.py get-images –help
Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH
Get executable images from UEFI firmware. Images are stored in “modules”
directory.
Options:
–help Show this message and exit.
Example
python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin
Get-Info
python uefi_retool.py get-info –help
Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH
Analyze the entire UEFI firmware. The analysis result is saved to .json
file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Get-PP
python uefi_retool.py get-pp –help
Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH
Get a list of proprietary protocols in the UEFI firmware. The result is
saved to .json file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Additional Tools
tools/update_edk2_guids.py is a script that updates protocol GUIDs list from edk2 projectIDA plugin
Analyser & Protocol explorer
Usage
uefi_analyser and uefi_analyser.py to your %IDA_DIR%/plugins directoryEdit -> Plugins -> UEFI analyser (alternatively, you can use the key combination Ctrl+Alt+U)Example
Dependency Browser & Dependency Graph
Usage
<LOGS_DIR>/<FIRMWARE_NAME>-all-info.json file to IDA (File -> UEFI_RETool...)Ctrl+Alt+J)Example
Opera is one of the most popular cross-platform web browsers in the world, available on Windows,…
Gogs is a free, self-hosted Git service written in Go. It gives you a private GitHub-like…
Elasticsearch is an open-source distributed search and analytics engine built on Apache Lucene. It supports RESTful…
Flask is a free, open-source micro web framework for Python. It is built on Werkzeug and…
Memcached is a free, open-source, high-performance in-memory caching system. It stores data as key-value pairs in…
TensorFlow is a free, open-source machine learning platform developed by Google. It is used by major…