Skip to content
/ fwhunt-ida Public

Helper tool for generating FwHunt compliant rules in IDA

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

binarly-io/fwhunt-ida

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

fwhunt

fwhunt

 
 

rsrc

rsrc

 
 

.gitignore

.gitignore

 
 

fwhunt.py

fwhunt.py

 
 

mypy.ini

mypy.ini

 
 

readme.md

readme.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

FwHunt IDA plugin

Watch the demo

Installation

Copy fwhunt.py and fwhunt to IDA plugins directory

Usage

  • Analyze UEFI module with fwhunt-scan

  • Open analyzed module in IDA

  • Open Edit/Plugins/FwHunt (at this step you will see FwHunt rule generator window):

    img1.png

  • Press the Load button to load the report generated in the first step

  • Use the search box to find the protocols, GUIDs, PPIs, NVRAM variables you need

    • you can add them to the FwHunt rule by right-clicking:

      img2.png

    • you can find them in the IDA database:

      img3.png

  • Use actions in IDA text view to add GUIDs, ascii strings, wide strings, hex strings, and code patterns:

    img4.png

  • FwHunt rule preview window will contain the current state of the rule:

    img5.png

  • Use Reset button to clear rule and Save button to dump rule in YAML file

About

Helper tool for generating FwHunt compliant rules in IDA

Resources

Readme
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages