![]() Universal IFR Extractor can be downloaded here. Next we run the Universal IFR Extractor tool on the extracted setup file. Once I had the BIOS as a binary file, I used UEFITool to extract the Setup UEFI Variable: Chipsec will run on Windows as well, although buidling the kernel driver is a manual process under Windows. The chipsec command is chipsec_util spi dump $OUT_FILE_NAME. I did this using Chipsec using Linux as the operating system on the target. The first step is to dump the system bios from the target machine. We will mostly be working with the UEFI Variables Menu, which can be accessed via alt+ =. It can be called at any time with alt+ qĮach menu can be accessed via pressing alt and the underline character key. There are seven menus available from the top menu bar:Īnd then the last menu, Quit simply exits the application. Once you have done that, you will be shown the initial application welcome message:Īfter dismissing the welcom screen you will be presented with the application. The commands look like this when RU.EFI is in /efi: Then if you boot off that same USB drive, you should see the EFI shell. You could even put ru.efi in /efi/boot/boot圆4.efi and boot directly into the RU.EFI application, if you so desired. ![]() I usually put it in EFI, but it does not matter where it is as long as its on the usb drive. You can then copy RU.EFI onto the USB drive. You can find a copy of the EFI shell in the chipsec repo here. Then create the directory structure /efi/boot/ and copy the UEFI shell binary into the boot directory naming it boot圆4.efi. I found the easiest way to boot into an EFI shell is to use a USB stick formatted as FAT. You will need to launch RU.EFI from a UEFI Shell. I haven’t observed any suspicious behavior, but without having the source code it is very difficult to know if there is any such behavior built in. Since RU.EFI is not open source, I don’t recommend running it on a production machine or a machine with “live” data if you will. Note that the zip file is encrypted with a password that can only be found in the aforementioned blogpost link. The latest version as of this writing can be found here. RU.EFI is an UEFI Application that can assist in the examination and modification of System BIOS on a running machine. However, this post will focus on using RU.EFI to modify UEFI Variables in BIOS as this is a topic that is not covered in depth in prior art. I will go through the steps of enabling DCI on a GPD Pocket 2 and show a system halt on the host machine of the target CPU. These two articles outline the process of enabling DCI. There is significant prior art in this area which I would like to credit: DCI is Intel’s Ring -2 debugging tool which enables a host to debug the BIOS and operating system of a target machine via a USB cable. The objective is to enable Intel DCI on a GDP Pocket 2. ![]() This post will describe how to use RU.EFI to modify UEFI Variables in system BIOS. The fastest way to check UEFI in Windows 10, I think, is the second one, check it in system information, it's intuitive.Project run by Nicholas Starke Music I have written 01 August 2020 Modifying BIOS Using RU.EFI If you disk size is larger than 2TB, convert to GPT disk is needed, you can use Partition Expert to do the conversion without data loss if you're sure UEFI is the default setting in motherboard. Right-click on "Disk 1", and the theory is the same in Disk Management, if it shows "Convert to GPT Disk" in this disk, it means right now we're using MBR Disk.Download Macrorit Partition Expert Portable Edition, and run it directly from the zip package.Right-click on Disk 0, and if there's " Convert to GPT Disk" option in the menu, then Windows 10 is now running on MBR disk if it shows "Convert to MBR Disk" instead, you're already in UEFI mode.Right-click on Windows 10 Start Menu, and select "Disk Management".Find BIOS Mode in System Summary, check it show "UEFI" or "legacy".Type "msinfo32" in Windows + R Run window, and press enter.In command prompt window, type " bcdedit / enum.Right-click on Command Prompt, and run it as administrator.Type "cmd" in Windows 10 search box, or Cortana, if you haven't disable Cortana.GPT disk is on the way to replace MBR disk, and GPT Disk needs UEFI to boot, there're 4 ways to check how Windows 10 boots: cmd command prompt, Windows 10 system information, Disk Management, and Macrorit Partition Expert.
0 Comments
Leave a Reply. |