efiXplorer

AI Summary: efiXplorer is an IDA plugin and loader designed for the analysis and automation of reverse engineering UEFI firmware. Its primary use case is to facilitate the discovery of vulnerabilities in UEFI firmware through automated static analysis, and it provides features that enhance the recovery of service function calls within such firmware. Notably, it supports integration with various hex-ray tools and includes comprehensive documentation for installation and usage.

README

efiXplorer - IDA plugin and loader for UEFI firmware analysis and reverse engineering automation

Documentation

• Plugin wiki
• Loader wiki
• Build instructions and installation

Publications

• efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
• Static analysis-based recovery of service function calls in UEFI firmware
• How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware

Acknowledgements

Special thanks to:

• Hex-Rays, for their support of this project through the Hex-Rays Contributor Program
• All contributors who have helped improve this project (see CONTRIBUTORS.md for a list)
• The authors of the projects listed below for their ideas and research efforts

References

• https://github.com/LongSoft/UEFITool
• https://github.com/yeggor/uefi_retool
• https://github.com/gdbinit/EFISwissKnife
• https://github.com/snare/ida-efiutils
• https://github.com/al3xtjames/ghidra-firmware-utils
• https://github.com/DSecurity/efiSeek
• https://github.com/p-state/ida-efitools2
• https://github.com/zznop/bn-uefi-helper