efiXplorer v6.1.2

Fixed

• make the guids.json file searchable when the plugin is installed via ida-hcli

efiXplorer v6.1.1

Added

• annotations for Attributes argument of SetVariable
• support for latest SDK versions
• plugin packaging compatible with hcli

Changed

• build process
• dependency builder logic
• refactoring and bug fixes

efiXplorer v6.1 [BHEU Edition]

• [plugin] Improved annotations/quality of pseudocode
  • use const CHAR16 instead of CHAR16 for NVRAM variable names so that they are automatically resolved to L"VariableName" strings
  • automatically resolve status code constants from MACRO_EFI (e.g. EFI_LOAD_ERROR, EFI_INVALID_PARAMETER, etc.)
• [plugin] Improved detection of variables based on Hex-Rays
• [loader] Improved UEFI firmware unpacking
  • if PE32 body is compressed
  • if UI section is located before PE32 section
• [loader] Updated deps.json and images.json formats:
  • dump contents of APRIORI files
  • dump kind of each module/image (@TakahiroHaruyama)
• Updated guiddb (@TakahiroHaruyama)
• Bug fixes and lots of refactoring for plugin and loader
• Improved build scripts and GitHub actions
• Support for IDA SDK 9.0 (IDA SDK v8.3 and IDA SDK v8.4 are still supported, but any new features will be added with the latest SDK in mind)

efiXplorer v6.0 [H2HC Edition]

• [plugin] Multiple bug fixes and exception handling
• [plugin] Improvements in the double GetVariable scanner (@river-li)
• [plugin] Improvements in the UEFI global variables identification
• [plugin] Improvements in the SMI handlers identification
• [plugin] Hex-Rays based analysis for PEI services detection
• [plugin] Use of shifted pointers to improve pseudocode in PEI modules
• [plugin] PEI modules analysis support for Ampere ARM firmware
• [plugin] Update guids.json database
• [plugin] Flush all cached decompilations to automatically update decompiler output (@pagabuc)
• [loader] Integrate patfind plugin to identify more functions (@pagabuc)
• [loader] Add PEI and DXE a priori dependencies to deps.json
• Update dependencies
• Improve FindIdaSdk.cmake
• Moving to support of IDA SDK v8.3

efiXplorer v5.2 [Xmas Edition]

• [bug fix] Avoid using of decompiler APIs if the decompiler is not present (#56)
• [bug fix] Fixed false positive recognition of gBS, gRT, gSmst
• [new feature] Improve search for SMM call-outs
  • detect use of pointers obtained with gBS->LocateProtocol() or gBS->AllocatePool() in SMI handlers
• Moving to support of IDA SDK v8.2
• Other minor improvements to the plugin

efiXplorer v5.1 [Ekoparty Edition]

• [bug fix] Fixed MacOS universal binaries building (#68)
• [new feature] AArch64 module analysis improved
• [new feature] Added support for AArch64-based firmware in efiXloader
• [bug fix] Improved module extraction in efiXloader
• [new feature] Added report generation for AArch64-based files (with native loader and efiXloader)
• Moving to support of IDA SDK v8.1

efiXplorer v5.0 [LABScon Edition]

• [FEATURE] GUIDs installation mechanism
• [FEATURE] The GUIDs database is now located in a separate repository: https://github.com/binarly-io/guiddb
• [FEATURE] The JSON report generated by efiXplorer now includes additional information, such as service arguments addresses
• [FEATURE] Improved SMM modules analysis
• [BUGFIX] efiXloader (thanks to @cc-crack)
• [FEATURE] Added attributes extraction for NVRAM variables
• [FEATURE] Improved detection of vulnerabilities related to improper use of GetVariable service (thanks to @naconaco)
• [FEATURE] Improved GUIDs detection
• [FEATURE] Added segment permissions fixes (to fix the results of decompilation of some modules)
• [FEATURE] Dependencies and idasdk updated to the latest versions
• [FEATURE] Added support for analysis of EFI modules with AArch64 architecture
• [FEATURE] Added tracking types of arguments that are passed to child functions to change child function prototypes
• [FEATURE] Other minor improvements to the plugin

Our blog contains a complete changelog: ARM-based Firmware Support in New efiXplorer v5.0 [LABScon Edition]

efiXplorer v4.1 [BHASIA Edition]

• [new feature] Improved SMI handlers recognition to support: SxSmiHandler, IoTrapSmiHandler, UsbSmiHandler and etc.
• [new feature] Improved child SW SMI handlers recognition and now annotated as ChildSwSmiHandler.
• [new feature] Added visual representation for NVRAM variables and additional context in JSON report: address, service name, var name and var GUID.
• [bug fix] Numerous improvements and bug fixes in code analyzer and firmware image loader
• Moving to support of IDA SDK v7.7

efiXplorer v4.0 [2021 Xmas Edition]

• efiXplorer:

  • [new feature] automatic type information recovery powered by Hex-Rays SDK
  • [new feature] import/export json report to transfer EFI specific type information and avoid re-analysis
  • [new feature] multiple improvements in search algorithm for SMM callouts patterns
  • [new feature] "efiXplorer: protocols" chooser:
    • shows dependencies between protocols
    • shows a list of EFI modules in order of execution

• efiXloader:

  • [new feature] support for Linux and macOS
  • [new feature] extract additional GUID's and protocols information from DEPEX sections
  • [bug fix] firmware parsing bugs and other issues

• A lot of small fixes and improvements. Enjoy!

efiXplorer v3.0 [BHEU Edition]

Release notes:

• EFI modules dependency graph inside efiXloader
• Potential vulnerability checkers:
  • SMM callout
  • GetVariable (PEI/DXE/SMM)
• Multiple improvements and bugfixes