UEFI_RETool is a tool for UEFI firmware reverse engineering.
UEFI firmware analysis with uefi_retool.py script
Usage
ida_plugin/uefi_analyser.py
script and ida_plugin/uefi_analyser
directory to IDA plugins directoryconfig.json
filePE_DIR
is a directory that contains all executable images from the UEFI firmwareDUMP_DIR
is a directory that contains all components from the firmware filesystemLOGS_DIR
is a directory for logsIDA_PATH
and IDA64_PATH
are paths to IDA Pro executable filespip install -r requirements.txt
python uefi_retool.py
command to display the help messageCommands
python uefi_retool.py
Usage: uefi_retool.py [OPTIONS] COMMAND [ARGS]…
Options:
–help Show this message and exit.
Commands:
get-images Get executable images from UEFI firmware.
get-info Analyze the entire UEFI firmware.
get-pp Get a list of proprietary protocols in the UEFI firmware.
Get-Images
python uefi_retool.py get-images –help
Usage: uefi_retool.py get-images [OPTIONS] FIRMWARE_PATH
Get executable images from UEFI firmware. Images are stored in “modules”
directory.
Options:
–help Show this message and exit.
Example
python uefi_retool.py get-images test_fw/fw-tp-x1-carbon-5th.bin
Get-Info
python uefi_retool.py get-info –help
Usage: uefi_retool.py get-info [OPTIONS] FIRMWARE_PATH
Analyze the entire UEFI firmware. The analysis result is saved to .json
file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-info -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Get-PP
python uefi_retool.py get-pp –help
Usage: uefi_retool.py get-pp [OPTIONS] FIRMWARE_PATH
Get a list of proprietary protocols in the UEFI firmware. The result is
saved to .json file.
Options:
-w, –workers INTEGER Number of workers (8 by default).
–help Show this message and exit.
Example:
python uefi_retool.py get-pp -w 6 test_fw/fw-tp-x1-carbon-5th.bin
Additional Tools
tools/update_edk2_guids.py
is a script that updates protocol GUIDs list from edk2
projectIDA plugin
Analyser & Protocol explorer
Usage
uefi_analyser
and uefi_analyser.py
to your %IDA_DIR%/plugins
directoryEdit
-> Plugins
-> UEFI analyser
(alternatively, you can use the key combination Ctrl+Alt+U
)Example
Dependency Browser & Dependency Graph
Usage
<LOGS_DIR>/<FIRMWARE_NAME>-all-info.json
file to IDA (File
-> UEFI_RETool...
)Ctrl+Alt+J
)Example
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…