{"id":13798182,"url":"https://github.com/al3xtjames/ghidra-firmware-utils","last_synced_at":"2025-04-08T09:09:52.879Z","repository":{"id":41165395,"uuid":"188863427","full_name":"al3xtjames/ghidra-firmware-utils","owner":"al3xtjames","description":"Ghidra utilities for analyzing PC firmware","archived":false,"fork":false,"pushed_at":"2025-01-15T01:07:52.000Z","size":10142,"stargazers_count":418,"open_issues_count":6,"forks_count":48,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-04-01T08:38:44.091Z","etag":null,"topics":["firmware","ghidra","reverse-engineering","uefi"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/al3xtjames.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-05-27T14:57:24.000Z","updated_at":"2025-03-30T00:45:43.000Z","dependencies_parsed_at":"2024-01-16T04:16:55.234Z","dependency_job_id":"d8f0c2ad-f12f-499f-93d8-dffb07b27a9c","html_url":"https://github.com/al3xtjames/ghidra-firmware-utils","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al3xtjames%2Fghidra-firmware-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al3xtjames%2Fghidra-firmware-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al3xtjames%2Fghidra-firmware-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/al3xtjames%2Fghidra-firmware-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/al3xtjames","download_url":"https://codeload.github.com/al3xtjames/ghidra-firmware-utils/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247809964,"owners_count":20999816,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firmware","ghidra","reverse-engineering","uefi"],"created_at":"2024-08-04T00:00:40.105Z","updated_at":"2025-04-08T09:09:52.848Z","avatar_url":"https://github.com/al3xtjames.png","language":"Java","funding_links":[],"categories":["Tools :hammer:","Reverse Engineering"],"sub_categories":["Ghidra"],"readme":"Ghidra Firmware Utilities\n=========================\n\nVarious modules for [Ghidra][1] to assist with PC firmware reverse engineering.\nThis was accepted as a [coreboot project for GSoC 2019][2].\n\n## Features\n### PCI option ROM loader\n - Implements a FS loader for PCI option ROMs (handles hybrid ROMs with\n   multiple images, e.g. legacy x86 + UEFI)\n - Loads UEFI executables from PCI option ROMs (including compressed images)\n - Defines the entry point function and various header data types for legacy\n   x86 option ROMs\n\n### Firmware image loader\n - Implements a FS loader for Flash Map (FMAP) images and Intel Flash\n   Descriptor (IFD) images (shows flash regions)\n - Implements a FS loader for Coreboot Filesystem (CBFS) images (displays\n   included files and handles compression)\n - Implements a FS loader for UEFI firmware volumes and nested firmware\n   filesystem (FFS) file/FFS section parsing\n\n### Terse Executable (TE) loader\n - Implements a binary loader for TE binaries (frequently used in UEFI PI)\n\n### UEFI helper script\n - Includes data type libraries for base UEFI types (taken from EDK2 MdePkg)\n - Fixes the signature of the entry point function\n - Defines known GUIDs in the binary's .data/.text segments\n - Locates and defines global copies of UEFI table pointers (gBS/gRT/gST/etc)\n\n## Building \u0026 Installation\nJDK 11 (or newer) and Ghidra 10.1 (or newer) are required.\n\nGhidra's standard Gradle build system is used. Set the `GHIDRA_INSTALL_DIR`\nenvironment variable before building, or set it as a Gradle property (useful\nfor building in an IDE):\n\n### Environment variable\n```bash\n$ export GHIDRA_INSTALL_DIR=\"/path/to/ghidra\"\n$ ./gradlew\n```\n\n### Gradle property\n```bash\necho GHIDRA_INSTALL_DIR=/path/to/ghidra \u003e gradle.properties\n```\n\nThe module ZIP will be output to `dist/`. Use **File \u003e Install Extensions** and\nselect the green plus to browse to the extension. Restart Ghidra when prompted.\n\nFor proper functionality, the plugin should be built with the same JRE used\nby your Ghidra installation. If you have multiple Java runtime environments\ninstalled, select the correct JRE by setting the `JAVA_HOME` environment\nvariable before building.\n\n## Usage\n### PCI option ROM loader\nAdd a PCI option ROM to a Ghidra project. Legacy x86 option ROMs can be\ndirectly loaded for analysis. Ensure that the binary format is set to\n**x86 PCI Option ROM**, and import the binary.\n\nUEFI option ROMs or option ROMs that contain more than one image should be\nimported using the filesystem loader. When prompted to select an import mode,\nselect **File system**. The images contained within the option ROM will be\ndisplayed, and can be imported for analysis. Legacy x86 images will be handled\nthe x86 PCI Option ROM loader, and UEFI images will be handled by the PE32\nloader (compression is supported). Information for each image can be displayed\nby selecting **Get Info** in the right-click menu.\n\n### Firmware image loader\nAdd a supported firmware image to a Ghidra project. The firmware image loader\nsupports Intel images with a Flash Descriptor, coreboot images with a FMAP/CBFS\nlayout, and UEFI firmware volumes. The **File system** import mode can be used\nto view embedded files within the specified firmware image.\n\nNote that some UEFI firmware images may store nested firmware volumes within\nfreeform/raw files (or freeform/raw FFS sections). Such files can be imported\nas firmware volumes by selecting **Open File System** in the right-click menu\nfor the specified freeform/raw file. If no nested firmware volume is found, an\nerror message will be displayed (`No file system provider for...`).\n\n### UEFI helper script\nThe helper script is included in the plugin's ghidra_scripts directory, which\nshould be automatically added to the list of script directories in Ghidra.\n\nRun the UEFI helper script by selecting UEFIHelper.java in the Script Manager\nwindow (accessed from **Window -\u003e Script Manager**).\n\nTo modify the UEFI data type library, modify the PRF template in\n`data/gen_prf.sh` as necessary and generate new PRF files. Open the generated\nPRF file in **File -\u003e Parse C Source**. Build the updated data type library\nby selecting **Parse to File...**. Overwrite the original data type libraries\nin `data` and rebuild the plugin.\n\n### Related projects\nThese are some interesting projects related to UEFI reversing:\n - [efiXplorer][3] - IDA plugin for UEFI firmware analysis and reverse\n   engineering automation\n - [Ghidra-EFI-Byte-Code-Processor][4] - EFI Byte Code (EBC) processor module\n   for Ghidra\n\n## License\nApache 2.0, with some exceptions:\n - `src/efidecompress/c/efidecompress.c`: BSD\n\n## Credits\n`src/efidecompress/c/efidecompress.c` is a lightly modified version of\n[Decompress.c][5] from uefi-firmware-parser (which itself is derived from\n[the original in EDK2 BaseTools][6]).\n\n`lib/xz-1.8.jar` is taken from the [XZ for Java][7] project.\n\nThe IFD FS loader in `src/main/java/firmware/ifd` used the parser from\n[UEFITool][8] as a reference.\n\nThe GUID database in `data/guids.csv` is taken from [UEFITool][9].\n\nThe UEFI data type libraries in `data/uefi_*.gdt` were generated with\n`data/gen_prf.sh`, which is partially based off the UEFI parser definition\nfrom [a Ghidra pull request by wrffrz][10]. These data type libraries use\nheaders from [EDK2 MdePkg][11].\n\n[GhidraVitaLoader by xerpi][12] was used as a reference for some parts of the\nUEFI helper script.\n\n[1]: https://ghidra-sre.org/\n[2]: https://summerofcode.withgoogle.com/projects/#6413737605464064\n[3]: https://github.com/binarly-io/efiXplorer\n[4]: https://github.com/meromwolff/Ghidra-EFI-Byte-Code-Processor\n[5]: https://github.com/theopolis/uefi-firmware-parser/blob/21106baf019db9dcd046a3c01ee7b32212de45a5/uefi_firmware/compression/Tiano/Decompress.c\n[6]: https://github.com/tianocore/edk2/blob/2e351cbe8e190271b3716284fc1076551d005472/BaseTools/Source/C/Common/Decompress.c\n[7]: https://tukaani.org/xz/java.html\n[8]: https://github.com/LongSoft/UEFITool\n[9]: https://github.com/LongSoft/UEFITool/blob/f863caac9df1c5258e9bcc0441a695b6a3bbaf7c/common/guids.csv\n[10]: https://github.com/NationalSecurityAgency/ghidra/pull/501#issuecomment-498374810\n[11]: https://github.com/tianocore/edk2/tree/d21e5dbbbf11589113d39619b3e01eb1e8966819/MdePkg/Include\n[12]: https://github.com/xerpi/GhidraVitaLoader\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fal3xtjames%2Fghidra-firmware-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fal3xtjames%2Fghidra-firmware-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fal3xtjames%2Fghidra-firmware-utils/lists"}