{"id":13798145,"url":"https://github.com/DSecurity/efiSeek","last_synced_at":"2025-05-13T05:31:43.540Z","repository":{"id":37428774,"uuid":"277093823","full_name":"DSecurity/efiSeek","owner":"DSecurity","description":"Ghidra analyzer for UEFI firmware.","archived":false,"fork":false,"pushed_at":"2024-06-02T21:49:20.000Z","size":1478,"stargazers_count":316,"open_issues_count":10,"forks_count":19,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-11-18T13:44:23.154Z","etag":null,"topics":["firmware","ghidra-plugin","reverse-engineering","uefi"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-04T11:09:15.000Z","updated_at":"2024-11-17T10:50:26.000Z","dependencies_parsed_at":"2022-07-13T15:59:21.477Z","dependency_job_id":"0f094ca1-a7ab-478f-b601-120a74945222","html_url":"https://github.com/DSecurity/efiSeek","commit_stats":{"total_commits":23,"total_committers":5,"mean_commits":4.6,"dds":0.3913043478260869,"last_synced_commit":"573f4b9b5ba2731cdecafc6594d0fd0570e28fff"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DSecurity%2FefiSeek","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DSecurity%2FefiSeek/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DSecurity%2FefiSeek/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DSecurity%2FefiSeek/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DSecurity","download_url":"https://codeload.github.com/DSecurity/efiSeek/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253883119,"owners_count":21978611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firmware","ghidra-plugin","reverse-engineering","uefi"],"created_at":"2024-08-04T00:00:39.542Z","updated_at":"2025-05-13T05:31:40.796Z","avatar_url":"https://github.com/DSecurity.png","language":"Java","funding_links":[],"categories":["Tools :hammer:","Ghidra Scripts/Plugins/Extension"],"sub_categories":[],"readme":"# ***efiSeek for Ghidra***\n\n## About\n\nThe analyzer automates the process of researching EFI files, helps to discover and analyze well-known protocols, smi handlers, etc.\n\n## Features\n\n### Finds known EFI GUID's\n\n![guids](./img/guids.png)\n\n### Identifies protocols located with `LOCATE_PROTOCOL` function\n\n![locateProtocols](./img/locateProtocols.png)\n\n### Identifies functions used as the `NOTIFY` function\n\n![notify](./img/notify.png)\n\n### Identifies protocols installed in the module through `INSTALL_PROTOCOL_INTERFACE`\n\n![install](./img/install.png)\n\n### Identifies functions used as an interrupt function (like some hardware, software/child interrupt)\n\n![ioTrap](./img/ioTrap.png)\n\n![sx](./img/sx.png)\n\n![child](./img/child.png)\n\n![sw](./img/sw.png)\n\n### Script for loading efi modules to relevant directories in `Headless mode`\n\nSorting smm modules relying on meta information into next folders:\n\n* SwInterrupts\n* ChildInterrupts\n* HwInterrupts\n* UnknownInterrupts\n\n![sort](img/sort.png)\n\n## Installation\n\nSet `GHIDRA_INSTALL_DIR` environment variable to ghidra path.\n\nStart `gradlew.bat`, after the completion of building a copy archive from the `dist` directory to `GHIDRA_HOME_DIR/Extensions/Ghidra/`.\nAnd turn on this extention in your ghidra.\n\n## Usage\n\nAfter installation you are free to use this analyzer. If you open a EFI file, the analyzer appears selected automatically.\nTo start the analyzer, press `A` or `Analysis/Auto Analyze` and press `Analyze`.\n\n## References\n\n* https://github.com/al3xtjames/ghidra-firmware-utils\n* https://github.com/danse-macabre/ida-efitools/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDSecurity%2FefiSeek","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDSecurity%2FefiSeek","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDSecurity%2FefiSeek/lists"}