UEFITool is a software program for reading and modifying EEPROM images with UEFI firmware.[1] It is written in C++ using the Qt library.[2] Features include the ability to view the flash regions and to extract and import them.[3] UEFITool allows the user to search for hex and text patterns.[4]

UEFITool
Original author(s)Nikolaj Schlej
Stable release
A62 / 2022 October 03; 2 years ago (03-10-2022)
Written inC++
Operating systemWindows, macOS, Linux
LicenseBSD-2-Clause license
Websitehttps://github.com/LongSoft/UEFITool/wiki

UEFITool presents UEFI firmware images in a tree-like structure. It highlights the modules which are protected by the Intel Boot Guard.[4]

References

edit
  1. ^ Lee, Micah (April 28, 2018). "It's Impossible to Prove Your Laptop Hasn't Been Hacked. I Spent Two Years Finding Out". The Intercept. Retrieved 2021-09-13.
  2. ^ Christensen, Jake; Anghel, Ionut Mugurel; Taglang, Rob; Chiroiu, Mihai; Sion, Radu (August 2020). "DECAF: automatic, adaptive de-bloating and hardening of COTS firmware" (PDF). SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium. Retrieved January 22, 2024.
  3. ^ Matrosov, Alex (2019). Rootkits and bootkits: reversing modern malware and next generation threats. Eugene Rodionov, Sergey Bratus. San Francisco: No Starch Press. pp. 380–390. ISBN 978-1-59327-883-0. OCLC 1005741834.
  4. ^ a b de Assumpção, Matheus Bichara; dos Reis, Marcelo Abdalla; Marcondes, Marcos Roberto; da Silva Eleutério, Pedro Monteiro; Vieira, Victor Hugo (March 2023). "Forensic method for decrypting TPM-protected BitLocker volumes using Intel DCI". Forensic Science International: Digital Investigation. 44. doi:10.1016/j.fsidi.2023.301514.
edit