Releases: binarly-io/efiXplorer
Releases · binarly-io/efiXplorer
efiXplorer v6.1 [BHEU Edition]
- [plugin] Improved annotations/quality of pseudocode
- use
const CHAR16
instead ofCHAR16
for NVRAM variable names so that they are automatically resolved toL"VariableName"
strings - automatically resolve status code constants from
MACRO_EFI
(e.g.EFI_LOAD_ERROR
,EFI_INVALID_PARAMETER
, etc.)
- use
- [plugin] Improved detection of variables based on Hex-Rays
- [loader] Improved UEFI firmware unpacking
- if PE32 body is compressed
- if UI section is located before PE32 section
- [loader] Updated
deps.json
andimages.json
formats:- dump contents of
APRIORI
files - dump
kind
of each module/image (@TakahiroHaruyama)
- dump contents of
- Updated
guiddb
(@TakahiroHaruyama) - Bug fixes and lots of refactoring for
plugin
andloader
- Improved build scripts and GitHub actions
- Support for
IDA SDK 9.0
(IDA SDK v8.3
andIDA SDK v8.4
are still supported, but any new features will be added with the latest SDK in mind)
efiXplorer v6.0 [H2HC Edition]
- [plugin] Multiple bug fixes and exception handling
- [plugin] Improvements in the double GetVariable scanner (@river-li)
- [plugin] Improvements in the UEFI global variables identification
- [plugin] Improvements in the SMI handlers identification
- [plugin] Hex-Rays based analysis for PEI services detection
- [plugin] Use of shifted pointers to improve pseudocode in PEI modules
- [plugin] PEI modules analysis support for Ampere ARM firmware
- [plugin] Update
guids.json
database - [plugin] Flush all cached decompilations to automatically update decompiler output (@pagabuc)
- [loader] Integrate patfind plugin to identify more functions (@pagabuc)
- [loader] Add PEI and DXE a priori dependencies to
deps.json
- Update dependencies
- Improve
FindIdaSdk.cmake
- Moving to support of IDA SDK v8.3
efiXplorer v5.2 [Xmas Edition]
- [bug fix] Avoid using of decompiler APIs if the decompiler is not present (#56)
- [bug fix] Fixed false positive recognition of gBS, gRT, gSmst
- [new feature] Improve search for SMM call-outs
- detect use of pointers obtained with
gBS->LocateProtocol()
orgBS->AllocatePool()
in SMI handlers
- detect use of pointers obtained with
- Moving to support of IDA SDK v8.2
- Other minor improvements to the plugin
efiXplorer v5.1 [Ekoparty Edition]
- [bug fix] Fixed MacOS universal binaries building (#68)
- [new feature] AArch64 module analysis improved
- [new feature] Added support for AArch64-based firmware in efiXloader
- [bug fix] Improved module extraction in efiXloader
- [new feature] Added report generation for AArch64-based files (with native loader and efiXloader)
- Moving to support of IDA SDK v8.1
efiXplorer v5.0 [LABScon Edition]
- [FEATURE] GUIDs installation mechanism
- [FEATURE] The GUIDs database is now located in a separate repository: https://github.com/binarly-io/guiddb
- [FEATURE] The JSON report generated by efiXplorer now includes additional information, such as service arguments addresses
- [FEATURE] Improved SMM modules analysis
- [BUGFIX] efiXloader (thanks to @cc-crack)
- [FEATURE] Added attributes extraction for NVRAM variables
- [FEATURE] Improved detection of vulnerabilities related to improper use of GetVariable service (thanks to @naconaco)
- [FEATURE] Improved GUIDs detection
- [FEATURE] Added segment permissions fixes (to fix the results of decompilation of some modules)
- [FEATURE] Dependencies and idasdk updated to the latest versions
- [FEATURE] Added support for analysis of EFI modules with AArch64 architecture
- [FEATURE] Added tracking types of arguments that are passed to child functions to change child function prototypes
- [FEATURE] Other minor improvements to the plugin
Our blog contains a complete changelog: ARM-based Firmware Support in New efiXplorer v5.0 [LABScon Edition]
efiXplorer v4.1 [BHASIA Edition]
- [new feature] Improved SMI handlers recognition to support: SxSmiHandler, IoTrapSmiHandler, UsbSmiHandler and etc.
- [new feature] Improved child SW SMI handlers recognition and now annotated as ChildSwSmiHandler.
- [new feature] Added visual representation for NVRAM variables and additional context in JSON report: address, service name, var name and var GUID.
- [bug fix] Numerous improvements and bug fixes in code analyzer and firmware image loader
- Moving to support of IDA SDK v7.7
efiXplorer v4.0 [2021 Xmas Edition]
-
efiXplorer:
- [new feature] automatic type information recovery powered by Hex-Rays SDK
- [new feature] import/export json report to transfer EFI specific type information and avoid re-analysis
- [new feature] multiple improvements in search algorithm for SMM callouts patterns
- [new feature] "efiXplorer: protocols" chooser:
- shows dependencies between protocols
- shows a list of EFI modules in order of execution
-
efiXloader:
- [new feature] support for Linux and macOS
- [new feature] extract additional GUID's and protocols information from DEPEX sections
- [bug fix] firmware parsing bugs and other issues
-
A lot of small fixes and improvements. Enjoy!
efiXplorer v3.0 [BHEU Edition]
Release notes:
- EFI modules dependency graph inside efiXloader
- Potential vulnerability checkers:
- SMM callout
- GetVariable (PEI/DXE/SMM)
- Multiple improvements and bugfixes
efiXplorer v2.0 [Hex-Rays Contest Edition]
- [new feature] UEFI image loader (loading the whole image to IDA Pro)
- Support of analyzing 32-bit images
- Support of analyzing SMM images
- [new feature] PEI images analyzer
- Multiple improvements and fixes
efiXplorer v1.0 [REcon Edition]
Make your UEFI RE life easier with efiXplorer
- identify Boot/Runtime Services
- identify EFI Protocols
- recognize known EFI GUID's