Uncategorized

Nikolaj joins Apple!!

WOW!!, Nikolaj joins Apple!! First they hired Legbacore, now Nikolaj!

As well, UEFITool has new maintainers, Alex and Dmytro!!

Standard
Uncategorized

Reversing DXE drivers

Bruno Pujos has a presentation entitled  “Introduction to Reversing DXE drivers” from February of this year.

https://www.lse.epita.fr/data/lt/2016-02-09/slides/lt-2016-02-09-Bruno%20Pujos-RE%20DXE.pdf

If anyone knows where to find Audio or Video of this presentation, PLEASE leave a comment with an URL! Thanks.

Standard
Uncategorized

UEFITool NE A31.0 released

Nikolaj apparently never stops coding. 🙂 Changelog:

New feature release this time: added “Hex view…” action (Ctrl/Cmd + D) and dialog to preview the selected tree item without extracting it to FS. #56

Now the dialog is modal, but if anyone needs to open more than one, it can be implemented later. The feature uses QHexEdit2 library made by Simsys, big thanks.
https://github.com/LongSoft/UEFITool/releases/tag/NE.A31.0
Also see Nikolaj’s comments re: my last post, clarifying Qt usage in UEFITool, which my post was not clear on:
https://firmwaresecurity.com/2016/07/09/uefidump-created-uefitool-and-uefiextract-rewritten/#comments

Standard
Uncategorized

UEFIDump created, UEFITool and UEFIExtract rewritten

Nikolaj has been rewriting his suite of UEFI tools, so they are no longer dependent on the Qt framework, and uses his new engine “NE” tag. UEFITool (UT NE) no longer requires Qt. UEFIExtract (UE) no longer requires Qt. UEFIFind (UF) still requires Qt, and will be ported later. UEFIDump (UD) is a new tool! Described below. Extract of release notes:

UT NE A30 | UE 0.12.0 | UD 0.1.0
Almost no new features, but massive changes under the hood:
* engine (classes from /common) can now be build without Qt.
* added support for very rare Apple-specific images.
* fixed some quirks with report generation.
* UT and UE binaries rebuilt to include updated engine code.
* UEFIDump utility released, it’s a PoC analog of UEFIExtract, that generates the same report and dumps all leaf items into one .dump folder without hierarchy, “_%03d” suffix is added for duplicated items. The tool is an example of Qt-less engine usage.
* UEFIFind will be ported to non-Qt engine a bit later.

https://github.com/LongSoft/UEFITool/releases/tag/NE.A30
https://github.com/LongSoft/UEFITool/commits/new_engine
https://github.com/LongSoft/UEFITool/tree/new_engine
https://github.com/LongSoft/UEFITool

Standard
Uncategorized

Nikolaj on NVRAM formats, part 3

Nikolaj Schlej already has part 3 on his blog series on NVRAM formats in UEFI! Very long post with lot’s of information!

On NVRAM formats, part 3, about Phoenix SCT formats: FlashMap, EVSA, CMDB and some others common ones.

https://habrahabr.ru/post/281469/

http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=https%3A%2F%2Fhabrahabr.ru%2Fpost%2F281469%2F&sandbox=1

https://firmwaresecurity.com/2016/04/13/nikolaj-on-nvram-formats-volume-2/

Also it appears he’s also released UEFITool NE alpha 25:
https://github.com/LongSoft/UEFITool/releases/tag/NE.A25

Standard