Tag: UEFIExtract

UEFIDump replaced by UEFIExtract with ‘unpack’ option

~ hucktech ~ Leave a comment

UEFITool is a Qt-based GUI tool that works on Mac/Windows/Linux. In addition to the main Qt-based GUI tool, the project also has a few other command line tools, UEFIExtract, UEFIFind, UEFIDump. And there are two codebases on Github, master and new-engine.

Some of the command line tools have been changing: UEFIDump was a tool that dumped info. UEFIDump is now gone, replaced by UEFIExtract with the “unpack” option (the “dump” option is related).

https://github.com/LongSoft/UEFITool/blob/new_engine/UEFIExtract/uefiextract_main.cpp

UEFIDump/UEFIExtract aside, UEFIFind is also useful to find information:

https://github.com/LongSoft/UEFITool/blob/new_engine/UEFIFind/uefifind_main.cpp

 

scan_thinkpwn: searches for ThinkPwn vulnerability

~ hucktech ~ Leave a comment

THINKPWN SCANNER: This program is used to scan UEFI drivers extracted from firmware image for ThinkPwn vulnerability in vendor/model agnostic way.
AUTHORS:
@d_olex (aka Cr4sh) — initial Vivisect based version of the program;
@trufae (aka pankake) — radare2 based version (this one);

Read the source code for more user docs, including a detailed source comment about how the code works.

https://github.com/Cr4sh/ThinkPwn/blob/master/scan_thinkpwn.py

More info:
https://github.com/Cr4sh/ThinkPwn
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

UEFIDump created, UEFITool and UEFIExtract rewritten

~ hucktech ~ 1 Comment

Nikolaj has been rewriting his suite of UEFI tools, so they are no longer dependent on the Qt framework, and uses his new engine “NE” tag. UEFITool (UT NE) no longer requires Qt. UEFIExtract (UE) no longer requires Qt. UEFIFind (UF) still requires Qt, and will be ported later. UEFIDump (UD) is a new tool! Described below. Extract of release notes:

UT NE A30 | UE 0.12.0 | UD 0.1.0
Almost no new features, but massive changes under the hood:
* engine (classes from /common) can now be build without Qt.
* added support for very rare Apple-specific images.
* fixed some quirks with report generation.
* UT and UE binaries rebuilt to include updated engine code.
* UEFIDump utility released, it’s a PoC analog of UEFIExtract, that generates the same report and dumps all leaf items into one .dump folder without hierarchy, “_%03d” suffix is added for duplicated items. The tool is an example of Qt-less engine usage.
* UEFIFind will be ported to non-Qt engine a bit later.

https://github.com/LongSoft/UEFITool/releases/tag/NE.A30
https://github.com/LongSoft/UEFITool/commits/new_engine
https://github.com/LongSoft/UEFITool/tree/new_engine
https://github.com/LongSoft/UEFITool

UEFITool/UEFIExtract/UEFIFind updated

~ hucktech ~ Leave a comment

Nikolaj Schleg has updated UEFI Tool, and UEFI Extract and UEFI Find, with a fe new features and fixes:

*  improved parsing of Intel flash descriptor
* improved detection of Tiano/EFI 1.1 compression type
* added 2 UEFI capsule GUIDs used by Lenovo
* solved potential crash on very low memory available
 * UEFIExtract and UEFIFind update to include the latest parser changes

Alpha version of new UEFITool 0.30.0_alpha19 released for early adopters, still no image editing possible in this release.

https://github.com/LongSoft/UEFITool/releases/tag/NE.A19.1

https://github.com/LongSoft/UEFITool