![]() The main goal of this post is to show you how to solve emulation problems related to EFI and Unicorn. It is more efficient to solve the problems posed by specific targets you want to debug rather than to solve all problems before you even start. This is not an impossible mission (keep reading) but I think that is a waste of time and effort. The posted code isn’t a generic EFI emulator. gdb command syntax is far from perfect but still far better than LLDB. The debugger has a gdbinit appearance and most cli commands are copied from gdb. I spent some time cleaning up the code and fixing a few bugs found while writing this post. The main driver was “I want things working ASAP” so code quality isn’t the best and security is almost nonexistent (C is a lot more fun when you don’t care about security - that takes time and energy to implement). The pain wasn’t big since this was a couple of days project and it was quite fun to write.įor different reasons I never released the code and three years later it is finally time to do it and explain how it was built. I never tried them to see if they contained an interactive debugger like I wanted. After I wrote the blogpost some people directed me to some emulators ( TianoCore EmulatorPkg and efiperun). At the time I was working a lot with Unicorn so it was natural to use it to solve this problem (“if all you have is a hammer, everything looks like a nail”). My solution was to create an emulator and debugger based on Unicorn. (U)EFI debuggers can be found in the market but they are usually quite expensive (a couple thousand USD). Reading disassembly listings for long periods is tiring. I love debuggers because they allow you to quickly test ideas and cut corners while reversing a target. I made good reversing progress with static analysis, but dynamic analysis with a debugger would make the job much easier. That post is available at Apple EFI firmware passwords and the SCBO myth.Īll the interesting computing action happened at the EFI execution level. There was an old rumor that these files were able to unlock firmware password locked Macs (and even a sketchy video about a universal SCBO able to unlock any Mac). In 2016 I reversed Apple’s EFI firmware password reset scheme using SCBO files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |