EFI firmware image analyser / dumper / ripper

As part of the joggler work, I’ve developed a set of tools for pulling EFI firmware images apart. I did have a look for others, but I initially couldn’t find anything. Later I did find some, but they relied on some non-64bit-clean C code for decompression, or were closed source. So I’ve implemented my own (hopefully) easily maintained version, available here.

Just run "efidump.py <bios image>" and it’ll output lots of information about the structure, and dump any extracted binary files in the current directory.

EFI has its own specific compression algorithm: the best summary which I can come up with for it is unnecessary. It is almost the same as the standard deflate algorithm, only more horrible. The existing sample C code I found had a lot of clever table lookup optimisations in it, which had the downside of making it very hard to understand. In this implementation I’ve optimised for clarity of code rather than performance since this is just a dumper.

I’m particularly pleased with my huffman decompressor implementation:

while type(hufftree) == list:
    hufftree = hufftree[bits.read(1)]
return hufftree

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: