This project forked from donovan6000/universal-ifr-extractor
Utility that can extract the internal forms represenation from both EFI and UEFI modules.
License: GNU General Public License v3.0
This fork is not supported anymore, and this repository is archived.
Please consider using https://github.com/LongSoft/IFRExtractor-RS instead.
Utility to extract the internal forms representation from both EFI and UEFI drivers/applications into human readable text file.
A fork of Donovan6000's project with bugfixes and additions.
Original code by Donovan6000, rewritten UEFI.cpp by TomRus88, fixes and additions by DeathBringer, Fernando Rodriguez and Seth Stahlman.
IFR Extractor LS crashes while trying to extract the text file from a Lenovo Yoga 720-13IKB BIOS. It seems that only the original IFR Extractor v0.5 works, at some extend, as it manages to extract the txt file before also crashing.
I don't think it's a secret what most users are using this program for.
It would be nice if instead of the "proper" decoding with all the pseudo-code and structures, there was also something idiot-proof like this, where variables are the "root" of the tree list rather than the last branch.
motherboard: ASUS P8Z77-V LK
./ifrextract Setup.bin Setup.txt
Input: Setup.bin
Output: Setup.txt
Protocol: UNKNOWN
error: Unknown protocol
Hi there,
is there any way to run ifrextract from Linux?
Many thanks
Here's my ROM image
IFR.rom.zip
Here's what the resulting txt file looks like:
Environment: MacBook Air M1, Apple Siliicon, ifrextract version 0.3.7
When extracting the stock HUANANZHI-X99-F8 UEFI BIOS (read from CH341A) with
./ifrextract ./X99F8_Backup.bin ./X99F8_Backup.txt,
it reports:
Input: ./X99F8_Backup.bin
Output: ./X99F8_Backup.txt
Protocol: UNKNOWN
error: Unknown protocol
and no file is output.
With the modified UEFI BIOS, CX99DE29.BIN, from https://github.com/BIOS-iEngineer/HUANANZHI-X99-F8-2021,
./ifrextract ./CX99DE29.bin ./CX99DE29.txt,
it shows:
Input: ./CX99DE29.BIN
Output: ./CX99DE29.txt
Protocol: UEFI;
however, ifrextract only putouts the Realtek Ethernet Controller report (see the attached file).
The files are attached here:
HUANANZHI-X99-F8.zip
So, take for example this structure from my laptop bios (FE3542FE-C1D3-4EF8-657C-8048606FF670)
Form: Boot, FormId: 0x1 {01 86 01 00 CA 00}
Subtitle: Statement.Prompt: , Flags: 0x0 {02 87 54 01 00 00 00}
End {29 02}
Gray Out If {19 82}
True {46 02}
Suppress If {0A 82}
QuestionId: 0x6 equals value in list (0x1) {14 08 06 00 01 00 01 00}
Gray Out If {19 82}
QuestionId: 0x6 equals value 0x2 {12 86 06 00 02 00}
QuestionId: 0x1 equals value in list (0x2, 0x3) {14 0A 01 00 02 00 02 00 03 00}
QuestionId: 0x2 equals value 0x1 {12 06 02 00 01 00}
And {15 02}
Or {16 02}
End {29 02}
One Of: Boot Mode:, VarStoreInfo (VarOffset/VarName): 0x79, VarStore: 0x1234, QuestionId: 0xA015, Size: 1, Min: 0x1, Max 0x2, Step: 0x0 {05 91 CB 00 CC 00 15 A0 34 12 79 00 04 10 01 02 00}
One Of Option: UEFI, Value (8 bit): 0x2 (default) {09 07 CD 00 10 00 02}
Suppress If {0A 82}
True {46 02}
One Of Option: Legacy, Value (8 bit): 0x1 {09 07 CE 00 00 00 01}
End If {29 02}
End One Of {29 02}
End If {29 02}
End If {29 02}
End If {29 02}
Even though, I would guess, the And and Or should somehow mix with the surrounding/preceding statements.. they are instead at the end of the relative block.
It becomes then next to impossible to understand the QuestionIds meaning.
hi, i have this old bios and cant open modules. any idea? protocol UNKNOW
MAXIMUS-IX-FORMULA-ASUS-1301.CAP (last)
use this method
https://www.win-raid.com/t3908f16-GUIDE-Grub-Fix-Intel-FPT-Error-BIOS-Lock-Asus-Other-Mod-BIOS-Flash.html
but give wrong txt
EFI Protocol Detected
--------------------------------------------------------------------------------
String Packages
--------------------------------------------------------------------------------
Offset: Language:
--------------------------------------------------------------------------------
0x6992C A port. (0x0)
Form Sets
--------------------------------------------------------------------------------
Offset: Title:
--------------------------------------------------------------------------------
Internal Forms Representation
--------------------------------------------------------------------------------
Offset: Instruction:
--------------------------------------------------------------------------------
MinSize and MaxSize are printed as characters, not ints:
0x1A04E4 String: Local IP Address,
VarStoreInfo (VarOffset/VarName): 0x2,
VarStore: 0x1,
QuestionId: 0x102,
MinSize: 0x^G,
MaxSize: 0x^O
{1C 90 08 00 09 00 02 01 01 00 02 00 04 07 0F 00}
Should the types be unsigned or something more specific?
diff --git a/UEFI.cpp b/UEFI.cpp
index 157fa80..30558c0 100644
--- a/UEFI.cpp
+++ b/UEFI.cpp
@@ -441,8 +441,8 @@ void generateUEFIIFRDump(const string &outputFile, const vector<UEFI_IFR_STRING_
// Display temp
fout << "Password: " << strings[temp->Question.Header.Prompt + strPackageOffset] << ", VarStoreInfo (VarOffset/VarName): 0x" << hex << uppercase << temp->Question.VarStoreInfo.VarOffset << ", VarStore: 0x" << temp->Question.VarStoreId << ", QuestionId: 0x" << temp->Question.QuestionId;
- fout << ", MinSize: 0x" << temp->MinSize;
- fout << ", MaxSize 0x" << temp->MaxSize;
+ fout << ", MinSize: 0x" << (unsigned) temp->MinSize;
+ fout << ", MaxSize 0x" << (unsigned) temp->MaxSize;
}
else if (buffer[j] == EFI_IFR_ONE_OF_OPTION_OP) {
@@ -644,7 +644,7 @@ void generateUEFIIFRDump(const string &outputFile, const vector<UEFI_IFR_STRING_
EFI_IFR_STRING *temp = (EFI_IFR_STRING*)&buffer[j];
// Display temp
- fout << "String: " << strings[temp->Question.Header.Prompt + strPackageOffset] << ", VarStoreInfo (VarOffset/VarName): 0x" << hex << uppercase << temp->Question.VarStoreInfo.VarOffset << ", VarStore: 0x" << temp->Question.VarStoreId << ", QuestionId: 0x" << temp->Question.QuestionId << ", MinSize: 0x" << temp->MinSize << ", MaxSize: 0x" << temp->MaxSize;
+ fout << "String: " << strings[temp->Question.Header.Prompt + strPackageOffset] << ", VarStoreInfo (VarOffset/VarName): 0x" << hex << uppercase << temp->Question.VarStoreInfo.VarOffset << ", VarStore: 0x" << temp->Question.VarStoreId << ", QuestionId: 0x" << temp->Question.QuestionId << ", MinSize: 0x" << (unsigned) temp->MinSize << ", MaxSize: 0x" << (unsigned) temp->MaxSize;
}
else if (buffer[j] == EFI_IFR_REFRESH_OP) {
searching the entry in UEFITool A58:
searching the entry in the .txt file after extraction and conversion of the .sct file with IRFExtractor_0.3.6_win.zip:
Most (?) other entries are there (at least I haven't come across other missing ones except this one).
Please point me in the right way to compile IFR Extractor in Windows?
Thanks
When I try to open the exe in Windows 10 PE, a terminal window flashes then closes and nothing happens.
This fork of Universal-IFR-Extractor uses CMake which makes it compilable on unix systems such as macOS.
There are a couple issues:
static inline size_t strlen16(register const char16_t * string) {
if (!string) return 0;
register size_t len = 0;
while(string[len++]);
return len;
}
In UEFI.cpp, this line can trigger an out-of-bound vector access when parsing the UEFI form sets:
tempFormSet.title = strings[tempFormSet.titleString + stringPackages[tempFormSet.usingStringPackage].structureOffset];This is still applicable to v0.3.3 (503cd54) using the attached file brix_setup_section.tar.gz. Either the program will crash, or loop forever while filling the disk when writing the output file.
Building with AddressSanitizer highlights the issue; add set(CMAKE_CXX_FLAGS "-g -fsanitize=address") in CMakeLists.txt and:
$ ./ifrextract brix_setup_section.bin output.txt
Input: brix_setup_section.bin
Output: output.txt
Protocol: UEFI
ASAN:DEADLYSIGNAL
=================================================================
==51086==ERROR: AddressSanitizer: SEGV on unknown address 0x00010df488c0 (pc 0x7fff9dd0f9b0 bp 0x7fff5565ba30 sp 0x7fff5565ba20 T0)
==51086==The signal is caused by a READ memory access.
#0 0x7fff9dd0f9af in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::operator=(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) (libc++.1.dylib:x86_64+0x3d9af)
#1 0x10a64d842 in getUEFIFormSets(std::__1::vector<UEFI_IFR_FORM_SET_PACK, std::__1::allocator<UEFI_IFR_FORM_SET_PACK> >&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<UEFI_IFR_STRING_PACK, std::__1::allocator<UEFI_IFR_STRING_PACK> > const&, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) UEFI.cpp:204
#2 0x10a6a3a7b in main main-cli.cpp:160
#3 0x7fff9f13b254 in start (libdyld.dylib:x86_64+0x5254)
==51086==Register values:
rax = 0x000000000000c208 rbx = 0x00007fff5565bbf8 rcx = 0x000000010df488c0 rdx = 0x000000010a6c67c0
rdi = 0x00007fff5565bbf8 rsi = 0x000000010df488c0 rbp = 0x00007fff5565ba30 rsp = 0x00007fff5565ba20
r8 = 0x00001000214d8cf8 r9 = 0x0000100000000000 r10 = 0x0000100000000000 r11 = 0x0000100000000000
r12 = 0x00007fff5565ba60 r13 = 0x00007fff5565baa0 r14 = 0x0000100000000000 r15 = 0x000000010a6bc143
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (libc++.1.dylib:x86_64+0x3d9af) in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::operator=(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
==51086==ABORTING
[1] 51086 abort ./ifrextract brix_setup_section.bin output.txt
Pull request #6 should fix it.
When running the command line tool it successfully creates the output .txt file.
However, in that file it says that I have to set or reset my administrator password.
On macOS it also creates the output .txt file but in terminal it says „segmentation fault“ and the actual .txt file stops just after a few lines.
I’ll try to upload both windows and macOS output files.
Trying to extract from Setup PE32 image, results in truncated output. Error below.
(There is supposed to be a "CFG Lock" section, but the file ends at "Ref")
leo@Henrys-MacBook-Pro UEFI % ./ifrextract Setup.efi Setup.txt
Input: Setup.efi
Output: Setup.txt
Protocol: UEFI
ifrextract(775,0x11d90bdc0) malloc: can't allocate region
*** mach_vm_map(size=8410472299710251008) failed (error code=3)
ifrextract(775,0x11d90bdc0) malloc: *** set a breakpoint in malloc_error_break to debug
leo@Henrys-MacBook-Pro UEFI %
When extracting a file, the application will crash and generate a huge file with only:
0xE6 Form Set: N/A [0003ECE0-0760-000B-0000-00009C040000] {}
Hello,
thanks for your great work!
On some Gigabyte bioses is problem, they say Protocol: UNKNOWN
Problematic section file attached.
Thanks for fix.
Best
Vaclav
If last UEFIFormSet is at the end of the file, then it is considered incorrect and dropped.
This also applies to UEFIStringPackages
Replace in file UEFI.cpp
16) < buffer.size()
with
16) <= buffer.size()
Section_PE32_image_DriverSampleDxe_SetupUtility_body.zip
here is the SetupUtility dxe.
Should happen once feature parity is reached: https://github.com/LongSoft/IFRExtractor-RS/issues/6. Please file issues in https://github.com/LongSoft/IFRExtractor-RS, where applicable.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.