The efiSeek fork with bugfixes and additional features:
- compatibility with Ghidra 12.0.1 and later versions
- analysis of AArch64 modules
- basic vulnerability scanner for SMM Callouts and double GetVariable issues
- based on the work done in retrage/efiSeek/tree/efi-xplorer
- extraction of information about NVRAM variables
- variable names
- vendor GUIDs
- variable attributes
- better strings/constants representation in pseudocode
- set mutability to "constant" for Unicode strings to display them directly in the pseudocode
- add "equates" for EFI_STATUS constants
- save all extracted properties to
Bookmarks(to enable easier navigation) - TE loader
- adopted from uefi_te (ghidra-firmware-utils)
- initial PEI modules analysis
export GHIDRA_INSTALL_DIR=/path/to/ghidra # e.g. export GHIDRA_INSTALL_DIR=~/ghidra_12.0.1_PUBLIC
./install.shAfter installation you are free to use this analyzer. When you open an EFI file, the analyzer is selected automatically.
To manually start the analyzer, press A or Analysis/Auto Analyze and press Analyze.