Skip to content

Releases: binarly-io/efiXplorer

efiXplorer v6.1 [BHEU Edition]

05 Dec 17:28
bc5f930
Compare
Choose a tag to compare
  • [plugin] Improved annotations/quality of pseudocode
    • use const CHAR16 instead of CHAR16 for NVRAM variable names so that they are automatically resolved to L"VariableName" strings
    • automatically resolve status code constants from MACRO_EFI (e.g. EFI_LOAD_ERROR, EFI_INVALID_PARAMETER, etc.)
  • [plugin] Improved detection of variables based on Hex-Rays
  • [loader] Improved UEFI firmware unpacking
    • if PE32 body is compressed
    • if UI section is located before PE32 section
  • [loader] Updated deps.json and images.json formats:
  • Updated guiddb (@TakahiroHaruyama)
  • Bug fixes and lots of refactoring for plugin and loader
  • Improved build scripts and GitHub actions
  • Support for IDA SDK 9.0 (IDA SDK v8.3 and IDA SDK v8.4 are still supported, but any new features will be added with the latest SDK in mind)

efiXplorer v6.0 [H2HC Edition]

19 Dec 21:30
f4e2ec0
Compare
Choose a tag to compare
  • [plugin] Multiple bug fixes and exception handling
  • [plugin] Improvements in the double GetVariable scanner (@river-li)
  • [plugin] Improvements in the UEFI global variables identification
  • [plugin] Improvements in the SMI handlers identification
  • [plugin] Hex-Rays based analysis for PEI services detection
  • [plugin] Use of shifted pointers to improve pseudocode in PEI modules
  • [plugin] PEI modules analysis support for Ampere ARM firmware
  • [plugin] Update guids.json database
  • [plugin] Flush all cached decompilations to automatically update decompiler output (@pagabuc)
  • [loader] Integrate patfind plugin to identify more functions (@pagabuc)
  • [loader] Add PEI and DXE a priori dependencies to deps.json
  • Update dependencies
  • Improve FindIdaSdk.cmake
  • Moving to support of IDA SDK v8.3

efiXplorer v5.2 [Xmas Edition]

20 Dec 20:54
f81e0cd
Compare
Choose a tag to compare
  • [bug fix] Avoid using of decompiler APIs if the decompiler is not present (#56)
  • [bug fix] Fixed false positive recognition of gBS, gRT, gSmst
  • [new feature] Improve search for SMM call-outs
    • detect use of pointers obtained with gBS->LocateProtocol() or gBS->AllocatePool() in SMI handlers
  • Moving to support of IDA SDK v8.2
  • Other minor improvements to the plugin

efiXplorer v5.1 [Ekoparty Edition]

10 Nov 17:36
Compare
Choose a tag to compare
  • [bug fix] Fixed MacOS universal binaries building (#68)
  • [new feature] AArch64 module analysis improved
  • [new feature] Added support for AArch64-based firmware in efiXloader
  • [bug fix] Improved module extraction in efiXloader
  • [new feature] Added report generation for AArch64-based files (with native loader and efiXloader)
  • Moving to support of IDA SDK v8.1

efiXplorer v5.0 [LABScon Edition]

30 Sep 19:38
1bdc939
Compare
Choose a tag to compare
  • [FEATURE] GUIDs installation mechanism
  • [FEATURE] The GUIDs database is now located in a separate repository: https://github.com/binarly-io/guiddb
  • [FEATURE] The JSON report generated by efiXplorer now includes additional information, such as service arguments addresses
  • [FEATURE] Improved SMM modules analysis
  • [BUGFIX] efiXloader (thanks to @cc-crack)
  • [FEATURE] Added attributes extraction for NVRAM variables
  • [FEATURE] Improved detection of vulnerabilities related to improper use of GetVariable service (thanks to @naconaco)
  • [FEATURE] Improved GUIDs detection
  • [FEATURE] Added segment permissions fixes (to fix the results of decompilation of some modules)
  • [FEATURE] Dependencies and idasdk updated to the latest versions
  • [FEATURE] Added support for analysis of EFI modules with AArch64 architecture
  • [FEATURE] Added tracking types of arguments that are passed to child functions to change child function prototypes
  • [FEATURE] Other minor improvements to the plugin

Our blog contains a complete changelog: ARM-based Firmware Support in New efiXplorer v5.0 [LABScon Edition]

efiXplorer v4.1 [BHASIA Edition]

29 Apr 20:47
d2cdee8
Compare
Choose a tag to compare
  • [new feature] Improved SMI handlers recognition to support: SxSmiHandler, IoTrapSmiHandler, UsbSmiHandler and etc.
  • [new feature] Improved child SW SMI handlers recognition and now annotated as ChildSwSmiHandler.
  • [new feature] Added visual representation for NVRAM variables and additional context in JSON report: address, service name, var name and var GUID.
  • [bug fix] Numerous improvements and bug fixes in code analyzer and firmware image loader
  • Moving to support of IDA SDK v7.7

efiXplorer v4.0 [2021 Xmas Edition]

30 Dec 22:24
d6d2cdb
Compare
Choose a tag to compare
  • efiXplorer:

    • [new feature] automatic type information recovery powered by Hex-Rays SDK
    • [new feature] import/export json report to transfer EFI specific type information and avoid re-analysis
    • [new feature] multiple improvements in search algorithm for SMM callouts patterns
    • [new feature] "efiXplorer: protocols" chooser:
      • shows dependencies between protocols
      • shows a list of EFI modules in order of execution
  • efiXloader:

    • [new feature] support for Linux and macOS
    • [new feature] extract additional GUID's and protocols information from DEPEX sections
    • [bug fix] firmware parsing bugs and other issues
  • A lot of small fixes and improvements. Enjoy!

efiXplorer v3.0 [BHEU Edition]

17 Dec 00:08
Compare
Choose a tag to compare

Release notes:

  • EFI modules dependency graph inside efiXloader
  • Potential vulnerability checkers:
    • SMM callout
    • GetVariable (PEI/DXE/SMM)
  • Multiple improvements and bugfixes

efiXplorer v2.0 [Hex-Rays Contest Edition]

25 Sep 21:11
Compare
Choose a tag to compare
  • [new feature] UEFI image loader (loading the whole image to IDA Pro)
  • Support of analyzing 32-bit images
  • Support of analyzing SMM images
  • [new feature] PEI images analyzer
  • Multiple improvements and fixes

efiXplorer v1.0 [REcon Edition]

30 Jun 23:53
Compare
Choose a tag to compare

Make your UEFI RE life easier with efiXplorer

  • identify Boot/Runtime Services
  • identify EFI Protocols
  • recognize known EFI GUID's