Tool Review: UBU-helpers
[UPDATED, with feedback from reader. Thanks!]
UBU-helpers is a collection of tools used to examine UEFI binaries. The UBU-helpers code is portable C, built with CMake, so it should work on most UNIX systems as well as other common platforms with decent C compilers. The project is maintained: the tools were updated a few days ago. Currently there three tools: Hex Find (hexfind), Find Version (findver), and Driver Version (drvver).
1) Hex Find (hexfind) is a simple tool that searches for a pattern in a file.
hexfind v0.1.2
Usage: hexfind PATTERN FILENAME
2) Find Version (finder) is simple tool that also searches for version-based patterns in a file.
findver v0.3.2
Prints version string found in input file
Usage: findver prefix pattern offset end_marker max_length FILE
Options:
prefix – Prefix string, ASCII symbols
pattern – Pattern to find, hex digits
offset – Offset of version string, integer
end_marker – Pattern that marks end of version string, 2 hex digits
max_length – Maximum length of printed version string, integer
num_location- Number of location, integer
3) Driver Version (driver) searches for multiple UEFI drivers/applications via hardcoded string/offset searches. It — as do the other two tools — uses a Boyer-Moore-Horspool algorithm for it’s find algorithm.
drvver v0.19.2
Reads versions from input EFI-file
Usage: drvver DRIVERFILE
Support:
GOP driver Intel, AMD, ASPEED.
SATA driver Intel, AMD, Marvell
LAN driver Intel, Realtek, Broadcom
Here’s the printf statements of what drvver recognizes:
EFI GOP Driver SandyBridge – 2.0.%s
EFI GOP Driver IvyBridge – 3.0.%s
EFI GOP Driver Haswell – 5.0.%s
EFI GOP Driver Broadwell – 5.5.%s
EFI GOP Driver CloverView – 6.0.%s%S
EFI GOP Driver ValleyView – 7.%c.%s%S
EFI GOP Driver CherryView – 8.0.%s
EFI GOP Driver SkyLake – 9.0.%s
EFI GOP AMD – %s_signed
EFI GOP AMD – %s
EFI GOP-in-OROM ASPEED – %x.%02x.%02x
EFI GOP ASPEED – %x.%02x.%02x
EFI IRST RAID for SATA – %s
EFI AMD RAID – %s
EFI AMD Utility – %s
EFI AMD Utility – %c.0.0.%c%c
EFI IRSTe RAID for SCU – %s
EFI IRSTe RAID for sSATA – %s
EFI IRSTe RAID for SATA – %s
EFI Marvell SATA RAID – %x.%x.%x.%04x
EFI Marvell SATA AHCI – %x.%x.%x.%04x
EFI Intel 40GbE UNDI – %x.%x.%02x
EFI Intel 10GbE UNDI – %x.%x.%02x
EFI Intel PRO/Server UNDI – %x.%x.%02x
EFI Intel Gigabit UNDI – %x.%x.%02x
EFI Intel PRO/1000 UNDI – %x.%x.%02x
EFI Intel FCoE Boot – %s
EFI Broadcom UNDI – %d.%d.%d
EFI Realtek UNDI – %x.%03x %X%s
EFI Realtek UNDI – %x.%03X%s
CPU Microcode 040671 BDW – %02X
CPU Microcode 0306C3 HSW – %02X
CPU Microcode 0206A9 IVB – %02X
CPU Microcode 0306A7 SNB – %02X
CPU Microcode 0306F2 HSW-E – %02X
CPU Microcode 0506E3 SKL-S – %02X
Unknown version GOP Driver
Unknown Intel LAN version.
Unknown Broadcom LAN version.
Unknown Realtek LAN version.
Unknown Realtek LAN version.
If you need to search for specific EFI strings in EFI binaries, these tools might be just what you needed. For more information, see the source code:
https://github.com/LongSoft/UBU-helpers
These tools were created to augment another tool which I’ve not used yet, “UEFI BIOS Updater (UBU)”. Here’s more information on that:
http://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html
Firmware Security 
You must be logged in to post a comment.