Skip to content

Commit

Permalink
Merge branch 'master' of github.com:binarly-io/efiXplorer
Browse files Browse the repository at this point in the history
  • Loading branch information
p41l committed Sep 25, 2020
2 parents d9cddce + 1d6c9e4 commit 7ba7be4
Show file tree
Hide file tree
Showing 34 changed files with 7,996 additions and 5,154 deletions.
132 changes: 99 additions & 33 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0)
[![Join the chat at https://gitter.im/efiXplorer/dev](https://badges.gitter.im/efiXplorer/efiXplorer.svg)](https://gitter.im/efiXplorer/dev?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

**efiXplorer** - IDA plugin for UEFI firmware analysis and reverse engineering automation :octocat:

Expand All @@ -9,64 +8,99 @@ __Contributors__:
* Philip Lebedev ([@p41l](https://github.com/p41l/))
* Yegor Vasilenko ([@yeggor](https://github.com/yeggor/))

__Supported versions of Hex-Rays products:__ everytime we focus on last versions of IDA and Decompiler because trying to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.
__Supported versions of Hex-Rays products:__ everytime we focus on last versions of IDA and Decompiler because we try to use most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations.

__Why not IDApython:__ all code developed in C++ because it's a more stable and performant way to support a complex plugin and get full power of most recent SDK's features.

__Supported Platforms:__ Win, Linux and OSX (x86/x64).
__Supported Platforms:__ Windows, Linux and OSX (x86/x64).

![overview](img/overview.gif)
![overview](pics/efiXplorer_new_1.gif)

# Key features
# efiXplorer Key features

## Identify available Boot Services automatically

Annotate assembly code automatically with available Boot Services
Annotate Boot Services calls in assembly code automatically

![bs2](img/bs2.png)
![bs](pics/efiXplorer_new_2.gif)

## Identify available Runtime Services automatically

Annotate assembly code automatically with available Runtime Services
Annotate Runtime Services calls in assembly code automatically

![rt2](img/rt2.png)
![rt](pics/efiXplorer_new_3.gif)

## Identify available SMM Services automatically
## Identify available SMM services automatically

Annotate SMM Services calls in assembly code automatically

![efiXplorer_new_6](pics/efXplorer_new_6.gif)

## Identify available PEI services automatically

Annotate PEI Services calls in assembly code automatically

![efiXplorer_new_6](pics/efXplorer_new_7.gif)

| Before analysis | After analysis |
| --- | --- |
| ![smm_before](img/smm_before.png) | ![smm_after](img/smm_after.png) |

## Identify available EFI Protocols automatically

* Build the list of available EFI Protocols
* Build the list of EFI Protocols firmware consumes and installes

![protocols](img/protocols.png)
![protocols](pics/efiXplorer_new_4.gif)

## Identify known EFI GUID's

* Build the list of available EFI GUID's (including protocol name identification)
* Build the list of identified EFI GUID's (including protocol names for known GUIDS)

![guids](pics/efiXplorer_new_5.gif)

# efiXloader Key features

* `efiXloader` is an IDA Pro loader module, responsible for processing UEFI drivers within single IDA Pro instance.

![loader_1.gif](pics/loader_1.gif)

## UEFI drivers entry points identification

* During UEFI drivers analysis `efiXloader` identifies each driver's entry.

![loader_2.gif](pics/loader_6.gif)

## Navigation between different UEFI drivers

* Each UEFI driver is accessible within single IDA Pro instance for reverse-engineering.

![loader_3.gif](pics/loader_3.gif)

## UEFI drivers extraction

* All processed UEFI drivers are dropped into prepared folder.

![loader_4.gif](pics/loader_4.gif)

![guids](img/guids.png)
## efiXplorer + efiXloader in action

# efiXplorer Architecture
* All `efiXplorer` analysis capabilities can be applied to the whole UEFI firmware image (instead of reverse-engineering each single executable in a separate IDA session)

From the beginning of the project, we focus on building extensible architecture to make our life easier to support the current version and adding new features :rocket:
![loader_5.gif](pics/loader_5.gif)

![arch](img/arch.png)
## SMI handlers identification within the whole firmware

![loader_5.gif](pics/loader_7.gif)

# Build instruction

We try to make the build process for different platforms very simple, just use the build script to automate this process🐍
We try to make the build process for all supported platforms very simple, just use the build script to automate this process.

## Build script

```
Usage: build.py [OPTIONS] IDASDK_DIR
Options:
-c, --copy TEXT path to IDA plugins directory
--help Show this message and exit.
--copy TEXT path to IDA plugins directory
--help Show this message and exit.
```

example of build process:
Expand All @@ -75,20 +109,52 @@ example of build process:
./build.py <IDASDK75_DIR>
```

## Compilation with cmake

```
mkdir build
cd build
cmake .. -DIdaSdk_ROOT_DIR="/path/to/idasdk"
cmake --build . --config Release
```

## efiXloader compilation and installation

The common steps are next.

```bash
cd efiXloader
mkdir build
cd build
cmake .. -DIdaSdk_ROOT_DIR="/path/to/idasdk"
cmake --build . --config Release
```

# Installation

Copy compiled binaries of efiXplorer plugin and `guids` directory to `<IDA_DIR>/plugins`. Enjoy!
## efiXplorer

# Publications
* [How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware](https://www.youtube.com/watch?v=FFGQJBmRkLw)
Copy compiled binaries of `efiXplorer` plugin and `guids` directory to `<IDA_DIR>/plugins`. Enjoy!

# References
__For IDA:__
* https://github.com/yeggor/UEFI_RETool
* https://github.com/gdbinit/EFISwissKnife
* https://github.com/snare/ida-efiutils
## efiXloader

Copy `builds/efiXloader64.dll` to `<IDA_DIR>/loaders`.

# Features summary table

__For Ghidra:__
| Feature \ Bitness | 32-bit | 64-bit |
| --- | --- | --- |
| Boot Services | + | + |
| Runtime Services | + | + |
| SMM services | - | + |
| PEI Services | + | - |
| Loader | - | + |

# References

* https://github.com/LongSoft/UEFITool
* https://github.com/yeggor/UEFI_RETool
* https://github.com/gdbinit/EFISwissKnife
* https://github.com/snare/ida-efiutils
* https://github.com/al3xtjames/ghidra-firmware-utils
* https://github.com/DSecurity/efiSeek

Binary file removed img/arch.png
Binary file not shown.
Binary file removed img/bs1.png
Binary file not shown.
Binary file removed img/bs2.png
Binary file not shown.
Binary file removed img/guids.png
Binary file not shown.
Binary file removed img/overview.gif
Binary file not shown.
Binary file removed img/protocols.png
Binary file not shown.
Binary file removed img/rt1.png
Binary file not shown.
Binary file removed img/rt2.png
Binary file not shown.
Binary file removed img/smm_after.png
Binary file not shown.
Binary file removed img/smm_before.png
Binary file not shown.
Binary file added pics/efXplorer_new_6.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efXplorer_new_7.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efiXplorer_new_1.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efiXplorer_new_2.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efiXplorer_new_3.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efiXplorer_new_4.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/efiXplorer_new_5.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_1.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_2.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_3.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_4.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_5.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_6.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added pics/loader_7.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 7ba7be4

Please sign in to comment.