add efi_arch

e-m-b-a · Nov 4, 2022 · f2e7f67 · f2e7f67
1 parent c8de2c9
commit f2e7f67
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/modules/F50_base_aggregator.sh b/modules/F50_base_aggregator.sh
@@ -23,6 +23,7 @@ F50_base_aggregator() {
   CVE_AGGREGATOR_LOG="f20_vul_aggregator.txt"
   F20_EXPLOITS_LOG="$LOG_DIR"/f20_vul_aggregator/exploits-overview.txt
   P02_LOG="p02_firmware_bin_file_check.csv"
+  P35_LOG="p35_uefi_extractor.txt"
   S03_LOG="s03_firmware_bin_base_analyzer.txt"
   S05_LOG="s05_firmware_details.txt"
   S06_LOG="s06_distribution_identification.txt"
@@ -119,6 +120,11 @@ output_overview() {
       write_csv_log "architecture_verified" "unknown" "NA"
       write_csv_log "architecture_unverified" "$PRE_ARCH" "NA"
     fi
+    if [[ -n "$EFI_ARCH" ]]; then
+      print_output "[+] Detected architecture:""$ORANGE"" ""$EFI_ARCH""$NC"
+      write_link "p99"
+      write_csv_log "architecture_verified" "$EFI_ARCH" "NA"
+    fi
   else
     write_csv_log "architecture_verified" "unknown" "NA"
   fi
@@ -684,6 +690,7 @@ get_data() {
   export KNOWN_EXPLOITED_COUNTER=0
   export ENTROPY=""
   export PRE_ARCH=""
+  export EFI_ARCH=""
   export FILE_ARR_COUNT=0
   export DETECTED_DIR=0
   export LINUX_DISTRIS=()
@@ -731,6 +738,11 @@ get_data() {
   if [[ -f "$LOG_DIR"/"$P02_LOG" ]]; then
     ENTROPY=$(grep -a "Entropy" "$LOG_DIR"/"$P02_LOG" | cut -d\; -f2 | cut -d= -f2 | sed 's/^\ //' || true)
   fi
+  if [[ -f "$LOG_DIR"/"$P35_LOG" ]]; then
+    EFI_ARCH=$(grep -a "Possible architecture details found" "$LOG_DIR"/"$P35_LOG" | cut -d: -f2 | sed 's/\ //g' | tr '\n' '/' || true)
+    EFI_ARCH="${EFI_ARCH%\/}"
+    EFI_ARCH=$(strip_color_codes "$EFI_ARCH")
+  fi
   if [[ -f "$LOG_DIR"/"$S02_LOG" ]]; then
     FWHUNTER_CNT=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S02_LOG" | cut -d: -f2 || true)
   fi

diff --git a/modules/P35_UEFI_extractor.sh b/modules/P35_UEFI_extractor.sh
@@ -119,13 +119,13 @@ uefi_extractor(){
 
   NVARS=$(grep -c "NVAR entry" "$UEFI_EXTRACT_REPORT_FILE")
   PE32_IMAGE=$(grep -c "PE32 image" "$UEFI_EXTRACT_REPORT_FILE")
-  ARCHITECTURE=$(find "$EXTRACTION_DIR_" -name 'info.txt' -exec grep 'Machine type:' {} \; | sed -E 's/Machine\ type\:\ //g' | uniq )
+  EFI_ARCH=$(find "$EXTRACTION_DIR_" -name 'info.txt' -exec grep 'Machine type:' {} \; | sed -E 's/Machine\ type\:\ //g' | uniq )
 
-  if ! [[ -z "$ARCHITECTURE" ]]; then
-    print_output "[*] Found $ORANGE$PE32_IMAGE$NC PE32 images for architecture $ORANGE$ARCHITECTURE$ORANGE drivers."
-    # TODO set found architecture
-    export $ARCHITECTURE
-    backup_var "ARCHITECTURE" "$ARCHITECTURE"
+  if ! [[ -z "$EFI_ARCH" ]]; then
+    print_output "[*] Found $ORANGE$PE32_IMAGE$NC PE32 images for architecture $ORANGE$EFI_ARCH$ORANGE drivers."
+    print_output "[+] Possible architecture details found ($ORANGE UEFI Extractor $NC): $ORANGE$EFI_ARCH_$NC"
+    export EFI_ARCH
+    backup_var "EFI_ARCH" "$EFI_ARCH"
   fi
 
   FILES_UEFI=$(grep -c "File" "$UEFI_EXTRACT_REPORT_FILE")