Finbarr’s UEFI-Utilities-2018

Finbarr Murphy has updated UEFI Utilities again. Earlier it was GNU-EFI based, now it is EDK2 based, and uses VS2018.


Maybe not finished migrating yet, but there are more tools in the older version than this, so don’t ignore the old tools.


And sometimes it seems the latest tools are only available the HTML of recent blob posts, so look there as well:




ShowSLIC.efi: Access ACPI-based Windows SLIC License Key

FPMurphy has a new blog post with source to a new tool, and mentions plans for 3-4 new tools/year!

Those who follow my work in the UEFI Shell space are aware that I usually develop a number of new, and hopefully useful, UEFI shell utilities each year. This year, I plan to write three or four new utilities and enhance a number of existing utilities. This is the first of these new utilities. In this post, I describe the ShowSLIC utility. It is the first of my new utilities and came about from license and booting issues caused by a disk failure on a friend’s laptop that was running Windows 7. ShowSLIC is designed to enable you to retrieve SLIC (System License Internal Certificate) information from a UEFI-based Microsoft Windows PC or laptop. Such information is accessible (exposed) via the ACPI (Advanced Configuration and Power Interface) SLIP table.[…]



Looks like you have to scrape the source from the HTML blog post, not included in latest UEFI-Utilities, AFAICT:



Finnbarr on state of Intel ME hacking tools

Finbarr has a new article on Intel ME, in which he’s wondering if current tools are acquiring bitrot:

[…]It seems to me there is little ongoing work to enhance existing ME analysis tools such as me_unpack or the meloader IDA plugin to support ME firmware versions 9.5.X.X or later. Possible reasons for this state of affairs include the lack of available documentation for ME versions above 9, no ROMB-enabled ME firmware later the version 9 in the wild, or simply that the ME tool developers have moved on to other projects.


Also, this post pointed out an Intel ME web site I had not seen before:


It has an invalid HTTPS cert, and appears to have been last updated a few years ago.

PS: Also, if you are using Finnbarr’s UEFI-Utilities, note that he’s recently started including ThinkPwn as one of the binaries, so be careful how you deploy it. CHIPSEC blacklists ThinkPwn as one of handful of known UEFI malware modules.


ShowPCIx: UEFI tool to show PCI devices using PCI.IDS database








New UEFI RNG tool

Finnbarr P. Murphy has a new UEFI tool that checks your firmware for RNGs, and it sounds like he’s found some Lenovo Thinkpad errors with it:

[…] Here is a small UEFI shell utility that checks your firmware for available RNGs: […] I built the utility on a 64-bit Fedora 24 platform using GCC and UDK2015. I have not tried building a 32-bit utility nor have I build it using Visual Studio or other development frameworks – so do not be surprised if you have modify either the code or the build recipe in these cases. I tested the utility on a Lenovo T450 using firmware version JBET60WW (1.24) and was surprised to find that the firmware did not appear to support any RNGs as evidenced by the zero RNG algorithm count returned. However, by explicitly, testing for the default RNG if the count was zero, it was possible to determine that the T450 did in fact at least support the default RNG. Perhaps, I am not parsing the UEFI specification correctly but I would expect the RNG count returned by GetInfo to include the default RNG. Interestingly, when I build and load the UDK2015 test RNG DXE driver which contains a reference counter mode DRBG (Deterministic Random Bit Generator) conforming to NIST SP 800-90a, the algorithm count returned by GetInfo jumps to 2. This leads me to suspect that their is a bug in the firmware w.r.t. to the RNG protocol implementation. Please let me know if I am incorrect in my assumptions or observations.



Finnbarr on diagnosing Windows UEFI startup issues

Finnbarr has a new blog post, on diagnosing UEFI-centric issues with modern Windows systems, with lots of figures and screenshots and background information:

[…] I hope this detailed explanation of how Windows 10 boots on a UEFI-platform will help you keep your sanity the next time you boot and see a missing or corrupt BCD message. Remember to always configure your platform so that you can boot into a UEFI shell using the UEFI firmware-based boot manager and make a backup of your BCD store.