FwHunt
FwHunt copied to clipboard
binarly-io
No instructions on how to actually use this
Hi, I've been reading some about the recent UEFI firmware vulnerabilities on UEFI based on the InsydeH2O firmware. Barring the fact that I don't think my firmware should have any water Insyde it, I would like to test it for the leaks mentioned.
How do I use these rules? Can you please include a very basic howto in the readme?
Thank you for your question. It is very simple to start using FwHunt rules, simply run the uefi_r2 scanner and apply the rules. There are already instructions in the repo on how to get started. However, I agree with your point and will provide actionable information.
python -m pip install uefi-r2
./uefi_r2_analyzer.py scan --rule {rule_path} {image_path}
UEFI_R2 scans against DXE drivers (not firmware image), and to unpack DXE drivers from firmware image I recommend using UEFIExtract.
Salut on n'y comprend rien aucune explication pour lancer le scripte merci de donner plus d'info merci
Virus regarde ma video : deuxième partie je te montre comment faire sur mon debian (un kali linux à jour) : vérifie tes dépendances 👍
- sudo apt update && sudo apt full-upgrade
- sudo pip3 install --upgrade pip
- sudo pip3 install -r requirements.txt dans le clone du repo
- force la vérification : - sudo pip3 install uefi_r2 sudo pip3 install ninja sudo pip3 install meson
- clone le repo de rizin et compile via MESON/NINJA 👍 git clone https://github.com/rizinorg/rizin
- installation de rizin : a) sudo meson build b) sudo ninja -C build c) sudo ninja -C build install
- lance rizin pour être sûr que c'est bon : rizin, ensuite exit !
- tu clones le repo de FwHunt : git clone https://github.com/binarly-io/FwHunt.git
- tu clones le repo de https://github.com/binarly-io/uefi_r2.git
- tu va dans uefi_r2 et tu lances "sudo python3 setup.py install"
- tu as maintenant le script python3 uefi_r2_analyser dans le répertoire courant
- tu lances le script (j'ai mon bios.FD dans mon exemple (je l'ai extrait du site de mon fabriquant OEM) : et tu te tappes CHAQUE REGLE *.yml présente dans le répertoire "rules" de FWHUNT exemple : sudo python3 ./uefi_r2_analyser.py scan --rule (chemin relatif/absolu) UsbRt-CVE-2017-5721.yml BIOS.fd
Ma vidéo si tu veux mieux comprendre regarde vers la fin : https://youtu.be/mjbqgGFwsGQ
Thank you for your question. It is very simple to start using FwHunt rules, simply run the uefi_r2 scanner and apply the rules. There are already instructions in the repo on how to get started. However, I agree with your point and will provide actionable information.
python -m pip install uefi-r2./uefi_r2_analyzer.py scan --rule {rule_path} {image_path}UEFI_R2 scans against DXE drivers (not firmware image), and to unpack DXE drivers from firmware image I recommend using UEFIExtract.
There are no instructions on how to use the UEFIExtract. There's just an .exe file, which, when I double click on, does nothing. Where does it extract the image? How do we use that image? How do we use the command ./uefi_r2_analyzer.py scan --rule {rule_path} {image_path} ??
What is the rule path here? How do we download "rules"? Where to find them to be downloaded?
Virus regarde ma video : deuxième partie je te montre comment faire sur mon debian (un kali linux à jour) : vérifie tes dépendances 👍
- sudo apt update && sudo apt full-upgrade
- sudo pip3 install --upgrade pip
- sudo pip3 install -r requirements.txt dans le clone du repo
- force la vérification : - sudo pip3 install uefi_r2 sudo pip3 install ninja sudo pip3 install meson
- clone le repo de rizin et compile via MESON/NINJA 👍 git clone https://github.com/rizinorg/rizin
- installation de rizin : a) sudo meson build b) sudo ninja -C build c) sudo ninja -C build install
- lance rizin pour être sûr que c'est bon : rizin, ensuite exit !
- tu clones le repo de FwHunt : git clone https://github.com/binarly-io/FwHunt.git
- tu clones le repo de https://github.com/binarly-io/uefi_r2.git
- tu va dans uefi_r2 et tu lances "sudo python3 setup.py install"
- tu as maintenant le script python3 uefi_r2_analyser dans le répertoire courant
- tu lances le script (j'ai mon bios.FD dans mon exemple (je l'ai extrait du site de mon fabriquant OEM) : et tu te tappes CHAQUE REGLE *.yml présente dans le répertoire "rules" de FWHUNT exemple : sudo python3 ./uefi_r2_analyser.py scan --rule (chemin relatif/absolu) UsbRt-CVE-2017-5721.yml BIOS.fd
Ma vidéo si tu veux mieux comprendre regarde vers la fin : https://youtu.be/mjbqgGFwsGQ
Is there an English version to that tutorial, please?
@matrosov It should be documented on a website or some kind of GitHub wiki page, not by an open issue, I'll get to document it, if I play with it a bit and make it work.
@Saltinbank-SyS Your steps should be in a bash script, for most steps, also most of your steps can be Linux distro dependent (as you've said, you're using Kali Linux, Debian based), such as compiling Rizin from the AUR, on ArchLinux, it is easier.
To sum up : sudo apt update && sudo apt full-upgrade sudo pip3 install --upgrade pip sudo pip3 install -r requirements.txt in clone repo force verification: - sudo pip3 install uefi_r2 sudo pip3 install ninja sudo pip3 install meson clone rizin repo and compile via MESON/NINJA 👍 git clone https://github.com/rizinorg/rizin install rizin: a) sudo meson build b) sudo ninja -C build c) sudo ninja -C build install launch rizin to make sure it's good: rizin, then exit! you clone the FwHunt repo: git clone https://github.com/binarly-io/FwHunt.git you clone the repo from https://github.com/binarly-io/uefi_r2.git go to uefi_r2 and run "sudo python3 setup.py install" you now have the python3 script uefi_r2_analyse in the current directory you run the script (I have my bios.FD in my example (I extracted it from the site of my OEM manufacturer): and you type EACH RULE *.yml present in the "rules" directory of FWHUNT example: sudo python3 ./uefi_r2_analyse.py scan --rule (relative/absolute path) UsbRt-CVE-2017-5721.yml BIOS.fd
Thank you. Small correction: uefi_r2 is now fwhunt-scan. And analyzer/scanner named fwhunt_scan_analyzer.py
