Tools to help with Reverse Engineering UEFI-based firmware
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

UEFI reverse engineering tools

This is a collection of tools to help reverse UEFI-based firwmare.


Load and run EFI PE image files on your favorite operation system (Linux). See efiperun/ for more information.


Scan .dec files (from e.g. TianoCore EDK2) for GUIDs and output them in C-source file format. A database of known guids is in guiddb/efi_guid.c.


Tools to dump UEFI memory. There's a patch against EdkShell that makes the memmap command dump memory, pipe that to a file called mdmp. Then, run dmp2seg to convert that output file into many files with the actual memory contents. Then, run make_elf.rb to make a single ELF file with all the memory contents. The ELF file is not executable or anything, it's just a convenient format to store memory segments.


A class file that will provides a Ruby tree abstraction for a firmware tree on your filesystem previously extracted by UEFIExtract (from UEFITool). Use UEFITool commit bf2c9f59 or newer.

Also included is an example script that uses said abstraction.

Other tools

I highly recommend UEFITool by Nikolaj Schlej.