Tools to help with Reverse Engineering UEFI-based firmware
C C++ Ruby Objective-C Makefile
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
efiperun
guiddb
memdmp
tree
COPYING
README.md Publish memdmp and update README Feb 26, 2015

README.md

UEFI reverse engineering tools

This is a collection of tools to help reverse UEFI-based firwmare.

efiperun

Load and run EFI PE image files on your favorite operation system (Linux). See efiperun/README.md for more information.

guiddb

Scan .dec files (from e.g. TianoCore EDK2) for GUIDs and output them in C-source file format. A database of known guids is in guiddb/efi_guid.c.

memdmp

Tools to dump UEFI memory. There's a patch against EdkShell that makes the memmap command dump memory, pipe that to a file called mdmp. Then, run dmp2seg to convert that output file into many files with the actual memory contents. Then, run make_elf.rb to make a single ELF file with all the memory contents. The ELF file is not executable or anything, it's just a convenient format to store memory segments.

tree

A class file that will provides a Ruby tree abstraction for a firmware tree on your filesystem previously extracted by UEFIExtract (from UEFITool). Use UEFITool commit bf2c9f59 or newer.

Also included is an example script that uses said abstraction.

Other tools

I highly recommend UEFITool by Nikolaj Schlej.