![]() Or extraction from the distribution update mechanism (typically a PE). Not every update for every product will parse, some may required a-priori decompression This module has been tested on BIOS/UEFI/firmware updates from the following vendors. u, -unknowns When generating also print unknowns. d, -flash The input file is a flash descriptor. b, -brute The input file is a blob, search for firmware volume c, -capsule The input file is a firmware capsule, do not search. Output GUIDs for files, optionally write GUID structure file. This project will try to keep up-to-date with popular vendor GUIDs automatically. Using the -g LABEL the script will generate a Python dictionary-formatted output. There is an included script to generate additional GUID labels to import into IDA Python At the moment this is not-yet-scriptable. Note: when injecting into a firmware file the user will be prompted for which section to replace. f, -ff Inject payload into firmware file. c, -capsule The input file is a firmware capsule. Search a file for UEFI firmware volumes, parse and output. Usage: fv_injector.py -injection INJECTION Right-clicked the PE32 image section, chose Extract body, and named it IntelGopDriver.efi. Searched for 'Intel' and found the entry with the subtype 'IntelGopDriver'. Injection or GUID replacement (no addition/subtraction yet) can be performed on sections within a UEFI firmware file, or on UEFI firmware files within a firmware filesystem. I extracted my IntelGopDriver.efi using the following: I used the splitter.py script here to extract the BIOS file. Firmware descriptor generation using the parsed input volumes.Complete UEFI Firmware volume object hierarchy display.Tiano/EFI, and native LZMA (7z) compression.Intel ME modules parsing (ME, TXE, etc).UEFI Firmware Volumes, Capsules, FileSystems, Files, Sections parsing.$ uefi-firmware-parser -superbrute ~/firmware/970E32_1.40 The later performs a byte-by-byte type checker. If the -test option fails to identify the type, or calls it unknown, try to use the -b or -superbrute option. The firmware-type checker will decide how to best parse the file. If parsing and searching for internals in a shell the -echo option will print the input filename before parsing. ![]() ![]() If you need to parse and extract a large number of firmware files check out the -O option to auto-generate an output folder per file. To test a file or directory of files: $ uefi-firmware-parser -test ~/firmware/* test Test file parsing, output name/success. Generate a FDF, implies extraction (volumes only) e, -extract Extract all files/sections/volumes. c, -echo Echo the filename before parsing or extracting. O, -outputfolder Dump firmware objects to a folder based on filename superbrute The input is a blob and may contain any sort of b, -brute The input is a blob and may contain FV headers. h, -help show this help message and exit Parse, and optionally output, details and data on UEFI-related firmware. A Python script is installed uefi-firmware-parser $ uefi-firmware-parser -h
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |