Skip to content
Ghidra utilities for analyzing firmware
Branch: master
Clone or download
al3xtjames lib: Add XZ for Java library
This is needed for LZMA support in Apache Commons Compress.
Latest commit cd74930 Jun 17, 2019

Ghidra Firmware Utilities

Various modules for Ghidra to assist with PC firmware reverse-engineering. This was accepted as a coreboot project for GSoC 2019.

Features (very much WIP)

PCI option ROM loader

  • Implements a FS loader for PCI option ROMs (handles hybrid ROMs with multiple images, e.g. legacy x86 + UEFI)
  • Loads UEFI executables from PCI option ROMs (including compressed images)
  • Defines the entry point function and various header data types for legacy x86 option ROMs

Firmware image loader (WIP)

  • Implements a FS loader for Flash Map (FMAP) images (shows flash regions)
  • Implements a FS loader for Coreboot Filesystem (CBFS) images

Planned functionality / TODO

Firmware image loader

  • Implement FS loader for firmware images
  • Write parsers for Intel IFD (BIOS region), coreboot CBFS, and UEFI firmware volumes

UEFI loader

  • Write helper script to import GUIDs/etc (similar to ida-efitools)

Building & Installation

Ghidra's standard Gradle build system is used. Set the GHIDRA_INSTALL_DIR environment variable before building:

$ export GHIDRA_INSTALL_DIR="/path/to/ghidra"
$ gradle

The module ZIP will be output to dist/. Use File > Install Extensions and select the green plus to browse to the extension. Restart Ghidra when prompted.


PCI option ROM loader

Add a PCI option ROM to a Ghidra project. Legacy x86 option ROMs can be directly loaded for analysis. Ensure that the binary format is set to x86 PCI Option ROM, and import the binary.

UEFI option ROMs or option ROMs that contain more than one image should be imported using the filesystem loader. When prompted to select an import mode, select File system. The images contained within the option ROM will be displayed, and can be imported for analysis. Legacy x86 images will be handled the x86 PCI Option ROM loader, and UEFI images will be handled by the PE32 loader (compression is supported). Information for each image can be displayed by selecting Get Info in the right-click menu.


Apache 2.0, with some exceptions:

  • src/efidecompress/c/efidecompress.c: BSD


src/efidecompress/c/efidecompress.c is a lightly modified version of Decompress.c from uefi-firmware-parser (which itself is derived from the original in EDK2 BaseTools).

lib/xz-1.8.jar is taken from the XZ for Java project.

You can’t perform that action at this time.