Skip to content
/ fwhunt-ida Public

Helper tool for generating FwHunt compliant rules in IDA

9 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

binarly-io/fwhunt-ida

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
fwhunt
fwhunt
 
 
rsrc
rsrc
 
 
.gitignore
.gitignore
 
 
fwhunt.py
fwhunt.py
 
 
mypy.ini
mypy.ini
 
 
readme.md
readme.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

FwHunt IDA plugin

Watch the demo

Installation

Copy fwhunt.py and fwhunt to IDA plugins directory

Usage

  • Analyze UEFI module with fwhunt-scan

  • Open analyzed module in IDA

  • Open Edit/Plugins/FwHunt (at this step you will see FwHunt rule generator window):

    img1.png

  • Press the Load button to load the report generated in the first step

  • Use the search box to find the protocols, GUIDs, PPIs, NVRAM variables you need

    • you can add them to the FwHunt rule by right-clicking:

      img2.png

    • you can find them in the IDA database:

      img3.png

  • Use actions in IDA text view to add GUIDs, ascii strings, wide strings, hex strings, and code patterns:

    img4.png

  • FwHunt rule preview window will contain the current state of the rule:

    img5.png

  • Use Reset button to clear rule and Save button to dump rule in YAML file

About

Helper tool for generating FwHunt compliant rules in IDA

Resources

Readme
Activity
Custom properties

Stars

9 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages