Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for binarly-io from gravatar.com binarly-io

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: FwHunt team
Classifiers

Project description

License: GPL v3 fwhunt-scan CI fwhunt-scan pypi

fwhunt Logo

FwHunt Community Scanner

Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules.

Dependencies

rizin (v0.6.2)

Installation

Install with pip (tested on python3.6 and above):

$ python -m pip install fwhunt-scan

Install manually:

$ git clone https://github.com/binarly-io/fwhunt-scan.git && cd fwhunt-scan
$ python setup.py install

Example

With script

Analyze/scan separate module:

$ python3 fwhunt_scan_analyzer.py analyze-module {image_path} -o out.json
$ python3 fwhunt_scan_analyzer.py scan-module --rule {rule_path} {image_path}

Scan the entire firmware image:

$ python3 fwhunt_scan_analyzer.py scan-firmware -r rules/BRLY-2021-001.yml -r rules/BRLY-2021-004.yml -r rules/RsbStuffingCheck.yml test/fw.bin

With docker

To avoid installing dependencies, you can use the docker image.

You can build a docker image locally as follows:

docker build -t fwhunt_scan .

Or pull the latest image from ghcr.

Example of use:

docker run --rm -it -v {module_path}:/tmp/image:ro \
  fwhunt_scan analyze-module /tmp/image # to analyze EFI module

docker run --rm -it -v {module_path}:/tmp/image:ro -v {rule_path}:/tmp/rule.yml:ro \
  fwhunt_scan scan-module /tmp/image -r /tmp/rule.yml # to scan EFI module with specified FwHunt rule

docker run --rm -it -v {module_path}:/tmp/image:ro -v {rule_path}:/tmp/rule.yml:ro \
  fwhunt_scan scan-firmware /tmp/image -r /tmp/rule.yml # to scan firmware image with specified FwHunt rule

docker run --rm -it -v {module_path}:/tmp/image:ro -v {rules_directory}:/tmp/rules:ro \
  fwhunt_scan scan-firmware /tmp/image --rules_dir /tmp/rules # to scan firmware image with specified rules directory

All these steps are automated in the fwhunt_scan_docker.py script:

python3 fwhunt_scan_docker.py analyze-module {module_path} # to analyze EFI module

python3 fwhunt_scan_docker.py scan-module -r {rule_path} {module_path} # to scan EFI module with specified FwHunt rule

python3 fwhunt_scan_docker.py scan-firmware -r {rule_path} {firmware_path} # to scan firmware image with specified FwHunt rule

python3 fwhunt_scan_docker.py scan-firmware --rules_dir {rules_directory} {firmware_path} # to scan firmware image with specified rules directory

From code

UefiAnalyzer

Basic usage examples:

from fwhunt_scan import UefiAnalyzer

...
uefi_analyzer = UefiAnalyzer(image_path=module_path)
print(uefi_analyzer.get_summary())
uefi_analyzer.close()

from fwhunt_scan import UefiAnalyzer

...
with UefiAnalyzer(image_path=module_path) as uefi_analyzer:
    print(uefi_analyzer.get_summary())

On Linux platforms, you can pass blob for analysis instead of file:

from fwhunt_scan import UefiAnalyzer

...
with UefiAnalyzer(blob=data) as uefi_analyzer:
    print(uefi_analyzer.get_summary())

UefiScanner

from fwhunt_scan import UefiAnalyzer, UefiRule, UefiScanner

...
uefi_analyzer = UefiAnalyzer(module_path)

# rule1 and rule2 - contents of the rules on YAML format
uefi_rules = [UefiRule(rule1), UefiRule(rule2)]

scanner = UefiScanner(uefi_analyzer, uefi_rules)
result = scanner.result

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for binarly-io from gravatar.com binarly-io

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0)
  • Author: FwHunt team
Classifiers

Release history Release notifications | RSS feed

This version

2.3.5

2.3.3

2.3.2

2.3.0

2.2.6

2.2.5

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.1

2.1.0

2.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fwhunt_scan-2.3.5.tar.gz (133.6 kB view details)

Uploaded Source

Built Distribution

fwhunt_scan-2.3.5-py3-none-any.whl (139.5 kB view details)

Uploaded Python 3

File details

Details for the file fwhunt_scan-2.3.5.tar.gz.

File metadata

  • Download URL: fwhunt_scan-2.3.5.tar.gz
  • Upload date:
  • Size: 133.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.7

File hashes

Hashes for fwhunt_scan-2.3.5.tar.gz
Algorithm Hash digest
SHA256 f6420e9649c7bfa770b099d37aae11434200b9a6af1fc91809370788c13dae6b
MD5 5181b7d4151f95c37ab90bd8f0d3c8a8
BLAKE2b-256 061b967f7c20051aebdff39cdb3a5eb24e54cae15f80524911ba7fc4b301d25d

See more details on using hashes here.

File details

Details for the file fwhunt_scan-2.3.5-py3-none-any.whl.

File metadata

  • Download URL: fwhunt_scan-2.3.5-py3-none-any.whl
  • Upload date:
  • Size: 139.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.11.7

File hashes

Hashes for fwhunt_scan-2.3.5-py3-none-any.whl
Algorithm Hash digest
SHA256 ca5076425c80cd2667a63f4fc928c51d5588abb2e45f73fde8cda508520630fa
MD5 23d28cdfd2e7a76548204a28845081ac
BLAKE2b-256 b8607f69fc7290676b741fccc09070b3191acb9e204d58b90637fc3ca7537f86

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page