Re: https://firmwaresecurity.com/2017/10/30/universal-ifr-extractor/ and https://firmwaresecurity.com/2015/07/07/two-uefi-form-tools-plus-one-uefi-c-module-complexity-tool/ :
There’s another Universal-IFR-Extractor fork …I think. The original one was Windows-centric, I think motivation for some forks was from non-Windows users. Today’s new fork might have some new/interesting features or — I didn’t study the code — it might be a fork of one of the other Linux-friendly forks.
Visual Forms Representation (VFR) is the “source code” to UEFI forms-based app, IVR is the Internal Forms Representation that is included in binaries, and of interest to reverse engineers and modders. An example of how a modder uses it:
https://github.com/roncapat/W230SD-Unlocked-AMI-BIOS
I don’t think the security researcher community has done much research in IFR-based attacks to this binary format that includes multiple complex structures in C that impact control flow.
Original tool: https://github.com/donovan6000/Universal-IFR-Extractor
Forks of tool:
https://github.com/LongSoft/Universal-IFR-Extractor
https://github.com/tomrus88/Universal-IFR-Extractor
https://github.com/therealgudv1n/Universal-IFR-Extractor-Linux (this latest one)
I suspect one of the more recent forkers didn’t first check if there was another Linux-friendly fork already exists. Besides this tool “family”, there’s also a few other IFR tools, one is:
https://firmwaresecurity.com/2017/12/04/ifrviewer-viewer-for-ifr-structures/
I’m pretty sure I blogged on another one, but I’m not great at adding tags to blog posts, so I can’t find it at the moment. 😦
Firmware Security 