Jim Fear joins Apple

I missed this, earlier this month. Wow, Apple has hired MANY great UEFI security researchers. Looking forward to seeing the results of their product.

https://twitter.com/snare/status/809436303980838912

I hope the open source project Voltron, and his EFI tools will be maintained. It seems some who join Apple are not permitted to work on open source projects.

https://github.com/snare/ida-efiutils
https://github.com/snare/efitools
https://github.com/snare/efiguid
http://ho.ax/tag/efi/

(In vaguely-related news, last night my MacBook just self-destructed, the non-replacable battery expanded and popped the system open, knocking the trackpad out. The sausage expired. 😦

tool mini-review: UEFI Xmod

UEFI Xmod is a to work with EFI images (extracting specific modules, batch processing, etc.). This Python-based command line tool is by “danse-macabre”. It is only 2 days old, so watch for it to evolve.

usage:
uefi_xmod.py [-h] [-g GUID] [-n NAME] [-r REGEX] [-p] [-o OUTDIR] [-t] target [target …]
target : EFI image file or directory which contains such files
-h, –help : show this help message and exit
-g GUID, –guid GUID : extract module with specified GUID
-n NAME, –name NAME : extract module with specified user interface name
-r REGEX, –regex REGEX : extract modules whose names match against given RE
-p, –prefix : add prefix to extracted file
-o OUTDIR, –outdir OUTDIR : store extracted modules in specified directory
-t, –test : do not extract anything but instead check the presence of the specified module

(UEFI Xmode aside, dans-macabre also has another set of UEFI tools: ida-efitools, which is a rewrite of another ida-efitools project, with multiple scripts to help IDA Pro users with UEFI analysis.)

More Information:
https://github.com/danse-macabre/uefi_xmod
https://github.com/danse-macabre/ida-efitools