Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/DSecurity/efiSeek

Ghidra analyzer for UEFI firmware.
https://github.com/DSecurity/efiSeek

firmware ghidra-plugin reverse-engineering uefi

Last synced: about 2 months ago
JSON representation

Ghidra analyzer for UEFI firmware.

Host: GitHub
URL: https://github.com/DSecurity/efiSeek
Owner: DSecurity
License: apache-2.0
Created: 2020-07-04T11:09:15.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-07-04T13:19:32.000Z (over 1 year ago)
Last Synced: 2024-04-08T20:14:17.609Z (9 months ago)
Topics: firmware, ghidra-plugin, reverse-engineering, uefi
Language: Java
Homepage:
Size: 1.41 MB
Stars: 300
Watchers: 16
Forks: 19
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-uefi-security - efiSeek
awesome-ghidra - efiSeek for Ghidra - The analyzer automates the process of researching EFI files. (Ghidra Scripts/Plugins/Extension)

README

# ***efiSeek for Ghidra***

## About

The analyzer automates the process of researching EFI files, helps to discover and analyze well-known protocols, smi handlers, etc.

## Features

### Finds known EFI GUID's

![guids](./img/guids.png)

### Identifies protocols located with `LOCATE_PROTOCOL` function

![locateProtocols](./img/locateProtocols.png)

### Identifies functions used as the `NOTIFY` function

![notify](./img/notify.png)

### Identifies protocols installed in the module through `INSTALL_PROTOCOL_INTERFACE`

![install](./img/install.png)

### Identifies functions used as an interrupt function (like some hardware, software/child interrupt)

![ioTrap](./img/ioTrap.png)

![sx](./img/sx.png)

![child](./img/child.png)

![sw](./img/sw.png)

### Script for loading efi modules to relevant directories in `Headless mode`

Sorting smm modules relying on meta information into next folders:

* SwInterrupts
* ChildInterrupts
* HwInterrupts
* UnknownInterrupts

![sort](img/sort.png)

## Installation

Set `GHIDRA_INSTALL_DIR` environment variable to ghidra path.

Start `gradlew.bat`, after the completion of building a copy archive from the `dist` directory to `GHIDRA_HOME_DIR/Extensions/Ghidra/`.
And turn on this extention in your ghidra.

## Usage

After installation you are free to use this analyzer. If you open a EFI file, the analyzer appears selected automatically.
To start the analyzer, press `A` or `Analysis/Auto Analyze` and press `Analyze`.

## References

* https://github.com/al3xtjames/ghidra-firmware-utils
* https://github.com/danse-macabre/ida-efitools/