Git Product home page Git Product logo

ghidra-firmware-utils's Introduction

Ghidra Firmware Utilities

Various modules for Ghidra to assist with PC firmware reverse-engineering. This was accepted as a coreboot project for GSoC 2019.

Features (very much WIP)

PCI option ROM loader

  • Implements a FS loader for PCI option ROMs (handles hybrid ROMs with multiple images, e.g. legacy x86 + UEFI)
  • Loads UEFI executables from PCI option ROMs (including compressed images)
  • Defines the entry point function and various header data types for legacy x86 option ROMs

Planned functionality / TODO

Firmware image loader

  • Implement FS loader for firmware images
  • Write parsers for Intel IFD (BIOS region), coreboot CBFS/FMAP, and UEFI firmware volumes

UEFI loader

  • Write helper script to import GUIDs/etc (similar to ida-efitools)

Building & Installation

Ghidra's standard Gradle build system is used. Set the GHIDRA_INSTALL_DIR environment variable before building:

$ export GHIDRA_INSTALL_DIR="/path/to/ghidra"
$ gradle

The module ZIP will be output to dist/. Use File > Install Extensions and select the green plus to browse to the extension. Restart Ghidra when prompted.

Usage

PCI option ROM loader

Add a PCI option ROM to a Ghidra project. Legacy x86 option ROMs can be directly loaded for analysis. Ensure that the binary format is set to x86 PCI Option ROM, and import the binary.

UEFI option ROMs or option ROMs that contain more than one image should be imported using the filesystem loader. When prompted to select an import mode, select File system. The images contained within the option ROM will be displayed, and can be imported for analysis. Legacy x86 images will be handled the x86 PCI Option ROM loader, and UEFI images will be handled by the PE32 loader (compression is supported). Information for each image can be displayed by selecting Get Info in the right-click menu.

License

Apache 2.0, with some exceptions:

  • src/efidecompress/c/efidecompress.c: BSD

Credits

src/efidecompress/c/efidecompress.c is a lightly modified version of Decompress.c from uefi-firmware-parser (which itself is derived from the original in EDK2 BaseTools).

ghidra-firmware-utils's People

Contributors

al3xtjames avatar fengjixuchui avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.