ME Analyzer v1.70.0 adds full parsing & unpacking of all Intel CSE ME/TXE/SPS File Systems (MFS/AFS) based on the amazing initial research by @_Dmit. MEA can now show the FS state and log all low-level details. General CSE firmware analysis also improved.
Tag: ME Analyzer
ME Analyzer 1.33.0 released (and microcode document revised)
Plato updates ME Analyzer, and an Intel microcode document!
https://github.com/platomav/MEAnalyzer
https://github.com/platomav/MCExtractor/wiki/Intel-Microcode-Extra-Undocumented-Header
ME Analyzer 1.16.3 released
ME Analyzer Features:
Supports all Engine firmware generations (ME 1 – 11, TXE 1 – 3 & SPS 1 – 4)
Supports all types of file images (Engine Regions, SPI/BIOS images etc)
Detection of Family, Version, SKU, Date, Revision, Platform etc info
Detection of Production, Pre-Production, ROM-Bypass, MERecovery etc Releases
Detection of Region (Stock/clean or Extracted/dirty), Update etc Types
Detection of Security Version Number (SVN), Version Control Number (VCN) & PV
Detection of firmware’s Flash Image Tool platform configuration for ME 11 & up
Detection of Intel SPI Flash Descriptor region’s Access Permissions
Detection of whether the imported Engine firmware is updated
Detection of unusual Engine firmware (Corrupted, Compressed, OEM etc)
Detection of multiple Engine regions in input file, number only
Detection of special Engine firmware BIOS GUIDs via UEFIFind
Detection of unique mobile Apple Macintosh Engine firmware SKUs
Advanced detection & validation of Engine region’s firmware Size
Ability to analyze multiple files by drag & drop or by input path
Ability to unpack all Engine x86 firmware (ME >= 11, TXE >= 3, SPS >= 4)
Ability to detect & categorize firmware which require attention
Ability to validate Engine region’s $FPT checksums & entries counter
Ability to detect various important firmware problems and corruptions
Supports SoniX/LS_29’s UBU, Lordkag’s UEFIStrip & CodeRush’s UEFIFind
Reports all firmware which are not found at the Engine Repository Database
Reports any new, unknown, problematic, incomplete etc Engine firmware images
Features command line parameters to enhance functionality & assist research
Features user friendly messages & proper handling of unexpected code errors
Shows colored text to signify the importance of notes, warnings & errors
Open Source project licensed under GNU GPL v3, comment assisted code
https://github.com/platomav/MEAnalyzer/commits/master
https://github.com/platomav/MEAnalyzer
ME Analyzer 1.11.1 released
ME Analyzer is a tool which can show various details about Intel Engine Firmware (Management Engine, Trusted Execution Engine, Service Platform Services) images. It can be used to identify whether the firmware is updated, healthy, what Release, Type, SKU it is etc.[…]
https://github.com/platomav/MEAnalyzer
http://www.win-raid.com/t840f39-ME-Analyzer-Intel-Engine-Firmware-Analysis-Tool.html#msg14803
ME Analyzer switches from closed-source to open-source
Great news, the tool “ME Analyzer” — for analyzing the Intel Management Engine (ME) — has switched from closed-source freeware to open source!!
Plutomaniac’s ME Analyzer
There are three tools from the win-raid.com firmware modding community that I’ve not used, but I’ve heard are quite awesome tools. The first is UBU[1], the second is GOPupd[2], and the third is ME Analyzer, the subject of this blog post. ME Analyzer is a tool by Plutomaniac, a member of the win-raid.com firmware modding community. The tool parses Intel BIOS images and provides various infos about Management Engine Firmware in them. It also has a related Firmware Database which contains a lot of interesting information.
ME Analyzer is an Intel Engine Firmware Analysis Tool, a tool that you can show various details about Intel Engine Firmware (Management Engine, Trusted Execution Engine, Service Platform Services) images. It can be used to identify whether the firmware is updated, what Release, Type, SKU it is etc. Features:
* Supports all current & legacy Engine firmware (ME 1.x – 11.x , TXE 1.x – 2.x & SPS 1 – 4)
* All types of firmware files are supported (ME/TXE/SPS Regions, BIOS images etc)
* Partial Firmware Update support for Corporate ME 8-11 enabled platforms
* UEFI Bios Updater (UBU) and Lordkag’s Extractor integration support
* Firmware Family (ME, TXE or SPS), Date & Version number detection
* Production, Pre-Production & ROM-Bypass firmware release detection
* Region (Stock or Extracted) & Update firmware type detection
* Identification of the platform that the firmware was configured for via FITC
* SKU & target platform detection for all supported firmware releases
* Security Version Number (SVN), Version Control Number (VCN) & PV-bit detection
* Intel SPI Flash Descriptor Access Region detection, Skylake compatible
* Identification of whether the imported Engine firmware is up-to-date
* Proper CPT/PBG SKU & BlackList Table detection for ME 7.x firmware
* Special Apple Macintosh ME 7.0 & 9.5 firmware SKU support
* FWUpdate OEMID detection at Region & SPI/BIOS images
* Multiple drag & drop & sorting of rare/problematic Engine Firmware
* Multiple Engine Firmware Region detection, number only
* Unidentifiable Engine Firmware Region (ex: Corrupted, Compressed) detection
* Reports unknown firmware not found at the Engine Repository Database
* Reports unknown firmware Major, Minor, SKU, Type etc releases
* Shows colored text to signify the importance of notes, warnings, errors etc
Engine Firmware Repository Database:
ME Analyzer’s main goal is to allow users to quickly determine & report new firmware versions without the use of special Intel tools (FIT/FITC, FWUpdate) or Hex Editors. To do that effectively, a database had to be built. The Intel Engine Firmware Repositories is a collection of every ME, TXE & SPS firmware I have found. It’s existence is very important for ME Analyzer as it allows me to find new types of firmware, compare same major version releases for similarities, check for updated firmware etc. Bundled with ME Analyzer there’s a file called MEA.dat which is required for the program to run. It includes all CSE firmware that are available at the Repository thread. This accommodates two actions: a) Check whether the imported firmware is up to date and b) Help find new CSE firmware releases sooner by reporting them at the Intel Management Engine: Drivers, Firmware & System Tools or Intel Trusted Execution Engine: Drivers, Firmware & System Tools threads respectively.
ME Analyzer is closed source freeware, targetting Microsoft Windows platform. As always, if you can’t review the code, be cautious where/how you use it, until you are ready to ‘trust’ the author.
ME Analyzer requires ME Util v0.1, and includes a modified version of it:
https://github.com/skochinsky/me-tools
More information:
http://www.win-raid.com/t840f39-ME-Analyzer-Intel-Engine-Firmware-Analysis-Tool.html
http://www.win-raid.com/t832f39-Intel-Management-amp-Trusted-Execution-Engine-Firmware-Repository.html
http://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
http://www.win-raid.com/t624f39-Intel-Trusted-Execution-Engine-Drivers-Firmware-amp-System-Tools.html
[1]
[2]
Firmware Security 