Another Linux-friendly Universal-IFR-Extractor fork

Re: https://firmwaresecurity.com/2017/10/30/universal-ifr-extractor/ and https://firmwaresecurity.com/2015/07/07/two-uefi-form-tools-plus-one-uefi-c-module-complexity-tool/ :

There’s another Universal-IFR-Extractor fork …I think. The original one was Windows-centric, I think motivation for some forks was from non-Windows users. Today’s new fork might have some new/interesting features or — I didn’t study the code — it might be a fork of one of the other Linux-friendly forks.

Visual Forms Representation (VFR) is the “source code” to UEFI forms-based app, IVR is the Internal Forms Representation that is included in binaries, and of interest to reverse engineers and modders. An example of how a modder uses it:

https://github.com/roncapat/W230SD-Unlocked-AMI-BIOS

I don’t think the security researcher community has done much research in IFR-based attacks to this binary format that includes multiple complex structures in C that impact control flow.

Original tool: https://github.com/donovan6000/Universal-IFR-Extractor

Forks of tool:
https://github.com/LongSoft/Universal-IFR-Extractor

https://github.com/tomrus88/Universal-IFR-Extractor

https://github.com/therealgudv1n/Universal-IFR-Extractor-Linux (this latest one)

I suspect one of the more recent forkers didn’t first check if there was another Linux-friendly fork already exists. Besides this tool “family”, there’s also a few other IFR tools, one is:

https://firmwaresecurity.com/2017/12/04/ifrviewer-viewer-for-ifr-structures/

I’m pretty sure I blogged on another one, but I’m not great at adding tags to blog posts, so I can’t find it at the moment. 😦

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s