diff --git a/AMI_UCP_Extract.py b/AMI_UCP_Extract.py index ccee9d6..b35616b 100644 --- a/AMI_UCP_Extract.py +++ b/AMI_UCP_Extract.py @@ -7,9 +7,10 @@ AMI UCP BIOS Extractor Copyright (C) 2021-2022 Plato Mavropoulos """ -title = 'AMI UCP BIOS Extractor v2.0_a2' +title = 'AMI UCP BIOS Extractor v2.0_a3' import os +import re import sys import shutil import struct @@ -37,17 +38,28 @@ class UafHeader(ctypes.LittleEndianStructure): ('Checksum', uint16_t), # 0x08 ('Unknown0', uint8_t), # 0x0A ('Unknown1', uint8_t), # 0x0A - ('Reserved', uint32_t), # 0x0C + ('Reserved', uint8_t*4), # 0x0C # 0x10 ] + def _get_reserved(self): + res_bytes = bytes(self.Reserved) + + res_str = re.sub(r'[\n\t\r\x00 ]', '', res_bytes.decode('utf-8','ignore')) + + res_hex = '0x%0.*X' % (0x4 * 2, int.from_bytes(res_bytes, 'big')) + + res_out = res_hex + (' (%s)' % res_str if len(res_str) else '') + + return res_out + def struct_print(self, p): printer(['Tag :', self.ModuleTag.decode('utf-8')], p, False) printer(['Size :', '0x%X' % self.ModuleSize], p, False) printer(['Checksum :', '0x%0.4X' % self.Checksum], p, False) printer(['Unknown 0 :', '0x%0.2X' % self.Unknown0], p, False) printer(['Unknown 1 :', '0x%0.2X' % self.Unknown1], p, False) - printer(['Reserved :', '0x%0.8X' % self.Reserved], p, False) + printer(['Reserved :', self._get_reserved()], p, False) class UafModule(ctypes.LittleEndianStructure): _pack_ = 1 @@ -57,10 +69,11 @@ class UafModule(ctypes.LittleEndianStructure): # 0x08 ] - def struct_print(self, p, filename): + def struct_print(self, p, filename, description): printer(['Compress Size:', '0x%X' % self.CompressSize], p, False) printer(['Original Size:', '0x%X' % self.OriginalSize], p, False) - printer(['File Name :', filename], p, False) + printer(['Filename :', filename], p, False) + printer(['Description :', description], p, False) class UiiHeader(ctypes.LittleEndianStructure): _pack_ = 1 @@ -139,7 +152,7 @@ class DisModule(ctypes.LittleEndianStructure): printer(['Command :', self.Command.decode('utf-8').strip()], p, False) printer(['Description:', self.Description.decode('utf-8').strip()], p, False) -# Validate @UAF Module Checksum-16 +# Validate UCP Module Checksum-16 def chk16_validate(data, tag, padd=0): if get_chk_16(data) != 0: printer('Error: Invalid UCP Module %s Checksum!' % tag, padd, pause=True) @@ -148,9 +161,10 @@ def chk16_validate(data, tag, padd=0): # Get all input file AMI UCP patterns def get_ami_ucp(buffer): - uaf_len_max = 0x0 # Length of largest detected @UAF - uaf_hdr_off = 0x0 # Offset of largest detected @UAF - uaf_buf_bin = b'' # Buffer of largest detected @UAF + uaf_len_max = 0x0 # Length of largest detected @UAF|@HPU + uaf_hdr_off = 0x0 # Offset of largest detected @UAF|@HPU + uaf_buf_bin = b'' # Buffer of largest detected @UAF|@HPU + uaf_buf_tag = '@UAF' # Tag of largest detected @UAF|@HPU for uaf in PAT_AMI_UCP.finditer(buffer): uaf_len_cur = int.from_bytes(buffer[uaf.start() + 0x4:uaf.start() + 0x8], 'little') @@ -159,85 +173,89 @@ def get_ami_ucp(buffer): uaf_len_max = uaf_len_cur uaf_hdr_off = uaf.start() uaf_buf_bin = buffer[uaf_hdr_off:uaf_hdr_off + uaf_len_max] + uaf_buf_tag = uaf.group(0)[:4].decode('utf-8','ignore') - return uaf_hdr_off, uaf_buf_bin + return uaf_hdr_off, uaf_buf_bin, uaf_buf_tag -# Get list of @UAF Modules +# Get list of @UAF|@HPU Modules def get_uaf_mod(buffer, uaf_off=0x0): - uaf_all = [] # Initialize list of all @UAF Modules + uaf_all = [] # Initialize list of all @UAF|@HPU Modules while buffer[uaf_off] == 0x40: # ASCII of @ is 0x40 - uaf_hdr = get_struct(buffer, uaf_off, UafHeader) # Parse @UAF Module Structure + uaf_hdr = get_struct(buffer, uaf_off, UafHeader) # Parse @UAF|@HPU Module Structure - uaf_tag = uaf_hdr.ModuleTag.decode('utf-8') # Get unique @UAF Module Tag + uaf_tag = uaf_hdr.ModuleTag.decode('utf-8') # Get unique @UAF|@HPU Module Tag - uaf_all.append([uaf_tag, uaf_off, uaf_hdr]) # Store @UAF Module Info + uaf_all.append([uaf_tag, uaf_off, uaf_hdr]) # Store @UAF|@HPU Module Info - uaf_off += uaf_hdr.ModuleSize # Adjust to next @UAF Module offset + uaf_off += uaf_hdr.ModuleSize # Adjust to next @UAF|@HPU Module offset if uaf_off >= len(buffer): break # Stop parsing at EOF - # Check if @UAF Module NAL exists and place it first - # Parsing NAL first allows naming all @UAF Modules + # Check if @UAF|@HPU Module @NAL exists and place it first + # Parsing @NAL first allows naming all @UAF|@HPU Modules for mod_idx,mod_val in enumerate(uaf_all): if mod_val[0] == '@NAL': uaf_all.insert(1, uaf_all.pop(mod_idx)) # After UII for visual purposes - break # NAL found, skip the rest + break # @NAL found, skip the rest return uaf_all # Parse & Extract AMI UCP structures -def ucp_extract(buffer, output_path, padding=0, is_checksum=False): +def ucp_extract(buffer, out_path, ucp_tag='@UAF', padding=0, is_checksum=False): nal_dict = {} # Initialize @NAL Dictionary per UCP printer('Utility Configuration Program', padding) - extract_path = os.path.join(output_path + '_extracted', '') + extract_path = os.path.join(out_path + '_extracted', '') if os.path.isdir(extract_path): shutil.rmtree(extract_path) os.mkdir(extract_path) - uaf_hdr = get_struct(buffer, 0, UafHeader) # Parse @UAF Header Structure + uaf_hdr = get_struct(buffer, 0, UafHeader) # Parse @UAF|@HPU Header Structure - printer('Utility Auxiliary File > @UAF:\n', padding + 4) + printer('Utility Auxiliary File > %s:\n' % ucp_tag, padding + 4) uaf_hdr.struct_print(padding + 8) fake = struct.pack(' @UAF Module/Section +# Parse & Extract AMI UCP > @UAF|@HPU Module/Section def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, nal_dict=None): if nal_dict is None: nal_dict = {} uaf_tag,uaf_off,uaf_hdr = mod_info - uaf_data_all = buffer[uaf_off:uaf_off + uaf_hdr.ModuleSize] # @UAF Module Entire Data + uaf_data_all = buffer[uaf_off:uaf_off + uaf_hdr.ModuleSize] # @UAF|@HPU Module Entire Data - uaf_data_mod = uaf_data_all[UAF_HDR_LEN:] # @UAF Module EFI Data + uaf_data_mod = uaf_data_all[UAF_HDR_LEN:] # @UAF|@HPU Module EFI Data - uaf_data_raw = uaf_data_mod[UAF_MOD_LEN:] # @UAF Module Raw Data + uaf_data_raw = uaf_data_mod[UAF_MOD_LEN:] # @UAF|@HPU Module Raw Data printer('Utility Auxiliary File > %s:\n' % uaf_tag, padding) - uaf_hdr.struct_print(padding + 4) # Print @UAF Module Info + uaf_hdr.struct_print(padding + 4) # Print @UAF|@HPU Module Info uaf_mod = get_struct(buffer, uaf_off + UAF_HDR_LEN, UafModule) # Parse UAF Module EFI Structure - is_comp = uaf_mod.CompressSize != uaf_mod.OriginalSize # Detect @UAF Module EFI Compression + is_comp = uaf_mod.CompressSize != uaf_mod.OriginalSize # Detect @UAF|@HPU Module EFI Compression - if uaf_tag in nal_dict: uaf_name = nal_dict[uaf_tag] # Always prefer NAL naming first + if uaf_tag in nal_dict: uaf_name = nal_dict[uaf_tag] # Always prefer @NAL naming first elif uaf_tag in UAF_TAG_DICT: uaf_name = UAF_TAG_DICT[uaf_tag][0] # Otherwise use built-in naming elif uaf_tag == '@ROM': uaf_name = 'BIOS.bin' # BIOS/PFAT Firmware (w/o Signature) elif uaf_tag.startswith('@R0'): uaf_name = 'BIOS_0%s.bin' % uaf_tag[3:] # BIOS/PFAT Firmware @@ -246,22 +264,24 @@ def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, na elif uaf_tag.startswith('@DS'): uaf_name = 'DROM_0%s.sig' % uaf_tag[3:] # Thunderbolt Retimer Signature elif uaf_tag.startswith('@EC'): uaf_name = 'EC_0%s.bin' % uaf_tag[3:] # Embedded Controller Firmware elif uaf_tag.startswith('@ME'): uaf_name = 'ME_0%s.bin' % uaf_tag[3:] # Management Engine Firmware - else: uaf_name = uaf_tag # Could not name the @UAF Module, use Tag instead + else: uaf_name = uaf_tag # Could not name the @UAF|@HPU Module, use Tag instead uaf_fext = '' if uaf_name != uaf_tag else '.bin' - uaf_mod.struct_print(padding + 4, uaf_name + uaf_fext) # Print @UAF Module EFI Info + uaf_fdesc = UAF_TAG_DICT[uaf_tag][1] if uaf_tag in UAF_TAG_DICT else uaf_name - # Check if unknown @UAF Module Tag is present in NAL but not in built-in dictionary + uaf_mod.struct_print(padding + 4, uaf_name + uaf_fext, uaf_fdesc) # Print @UAF|@HPU Module EFI Info + + # Check if unknown @UAF|@HPU Module Tag is present in @NAL but not in built-in dictionary if uaf_tag in nal_dict and uaf_tag not in UAF_TAG_DICT and not uaf_tag.startswith(('@ROM','@R0','@S0','@DR','@DS')): - printer('Note: Detected new AMI UCP Module %s (%s) in NAL!' % (uaf_tag, nal_dict[uaf_tag]), padding, pause=True) + printer('Note: Detected new AMI UCP Module %s (%s) in @NAL!' % (uaf_tag, nal_dict[uaf_tag]), padding + 4, pause=True) - # Generate @UAF Module File name, depending on whether decompression will be required + # Generate @UAF|@HPU Module File name, depending on whether decompression will be required uaf_fname = os.path.join(extract_path, safe_name(uaf_name + ('.temp' if is_comp else uaf_fext))) if is_checksum: chk16_validate(uaf_data_all, uaf_tag, padding + 4) - # Parse Utility Identification Information @UAF Module (@UII) + # Parse Utility Identification Information @UAF|@HPU Module (@UII) if uaf_tag == '@UII': info_hdr = get_struct(uaf_data_raw, 0, UiiHeader) # Parse @UII Module Raw Structure @@ -281,38 +301,38 @@ def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, na with contextlib.redirect_stdout(uii_out): info_hdr.struct_print(0, info_desc) # Store @UII Module Info - # Adjust @UAF Module Raw Data for extraction + # Adjust @UAF|@HPU Module Raw Data for extraction if is_comp: - # Some Compressed @UAF Module EFI data lack necessary EOF padding + # Some Compressed @UAF|@HPU Module EFI data lack necessary EOF padding if uaf_mod.CompressSize > len(uaf_data_raw): comp_padd = b'\x00' * (uaf_mod.CompressSize - len(uaf_data_raw)) uaf_data_raw = uaf_data_mod[:UAF_MOD_LEN] + uaf_data_raw + comp_padd # Add missing padding for decompression else: uaf_data_raw = uaf_data_mod[:UAF_MOD_LEN] + uaf_data_raw # Add the EFI/Tiano Compression info before Raw Data else: - uaf_data_raw = uaf_data_raw[:uaf_mod.OriginalSize] # No compression, extend to end of Original @UAF Module size + uaf_data_raw = uaf_data_raw[:uaf_mod.OriginalSize] # No compression, extend to end of Original @UAF|@HPU Module size - # Store/Save @UAF Module file + # Store/Save @UAF|@HPU Module file if uaf_tag != '@UII': # Skip @UII binary, already parsed with open(uaf_fname, 'wb') as uaf_out: uaf_out.write(uaf_data_raw) - # @UAF Module EFI/Tiano Decompression + # @UAF|@HPU Module EFI/Tiano Decompression if is_comp and is_efi_compressed(uaf_data_raw, False): - dec_fname = uaf_fname.replace('.temp', uaf_fext) # Decompressed @UAF Module file path + dec_fname = uaf_fname.replace('.temp', uaf_fext) # Decompressed @UAF|@HPU Module file path if efi_decompress(uaf_fname, dec_fname, padding + 4) == 0: - with open(dec_fname, 'rb') as dec: uaf_data_raw = dec.read() # Read back the @UAF Module decompressed Raw data + with open(dec_fname, 'rb') as dec: uaf_data_raw = dec.read() # Read back the @UAF|@HPU Module decompressed Raw data - os.remove(uaf_fname) # Successful decompression, delete compressed @UAF Module file + os.remove(uaf_fname) # Successful decompression, delete compressed @UAF|@HPU Module file - uaf_fname = dec_fname # Adjust @UAF Module file path to the decompressed one + uaf_fname = dec_fname # Adjust @UAF|@HPU Module file path to the decompressed one - # Process and Print known text only @UAF Modules (after EFI/Tiano Decompression) + # Process and Print known text only @UAF|@HPU Modules (after EFI/Tiano Decompression) if uaf_tag in UAF_TAG_DICT and UAF_TAG_DICT[uaf_tag][2] == 'Text': printer(UAF_TAG_DICT[uaf_tag][1] + ':', padding + 4) printer(uaf_data_raw.decode('utf-8','ignore'), padding + 8) - # Parse Default Command Status @UAF Module (@DIS) + # Parse Default Command Status @UAF|@HPU Module (@DIS) if len(uaf_data_raw) and uaf_tag == '@DIS': dis_hdr = get_struct(uaf_data_raw, 0x0, DisHeader) # Parse @DIS Module Raw Header Structure @@ -343,11 +363,11 @@ def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, na os.remove(uaf_fname) # Delete @DIS Module binary, info exported as text - # Parse Name|Non-AMI List (?) @UAF Module (@NAL) + # Parse Name List @UAF|@HPU Module (@NAL) if len(uaf_data_raw) >= 5 and (uaf_tag,uaf_data_raw[0],uaf_data_raw[4]) == ('@NAL',0x40,0x3A): nal_info = uaf_data_raw.decode('utf-8','ignore').replace('\r','').strip().split('\n') - printer('@UAF Module Name List:\n', padding + 4) + printer('AMI UCP Module Name List:\n', padding + 4) # Parse all @NAL Module Entries for info in nal_info: @@ -357,7 +377,7 @@ def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, na nal_dict[info_tag] = os.path.basename(info_val) # Assign a file name (w/o path) to each Tag - # Parse Insyde BIOS @UAF Module (@INS) + # Parse Insyde BIOS @UAF|@HPU Module (@INS) if uaf_tag == '@INS' and is_7z_supported(uaf_fname): ins_dir = os.path.join(extract_path, safe_name(uaf_tag + '_nested-SFX')) # Generate extraction directory @@ -381,14 +401,14 @@ def uaf_extract(buffer, extract_path, mod_info, padding=0, is_checksum=False, na printer('Intel Management Engine (ME) Firmware:\n', padding + 4) printer('Use "ME Analyzer" from https://github.com/platomav/MEAnalyzer', padding + 8, False) - # Get best Nested AMI UCP Pattern match based on @UAF Size - nested_uaf_off,nested_uaf_bin = get_ami_ucp(uaf_data_raw) + # Get best Nested AMI UCP Pattern match based on @UAF|@HPU Size + nested_uaf_off,nested_uaf_bin,nested_uaf_tag = get_ami_ucp(uaf_data_raw) # Parse Nested AMI UCP Structure if nested_uaf_off: uaf_dir = os.path.join(extract_path, safe_name(uaf_tag + '_nested-UCP')) # Generate extraction directory - ucp_extract(nested_uaf_bin, uaf_dir, padding + 4, is_checksum) # Call recursively + ucp_extract(nested_uaf_bin, uaf_dir, nested_uaf_tag, padding + 4, is_checksum) # Call recursively os.remove(uaf_fname) # Delete raw nested AMI UCP Structure after successful recursion/extraction @@ -403,57 +423,58 @@ UII_HDR_LEN = ctypes.sizeof(UiiHeader) # AMI UCP Tag Dictionary UAF_TAG_DICT = { - '@3FI' : ['HpBiosUpdate32.efi', '', ''], - '@3S2' : ['HpBiosUpdate32.s12', '', ''], - '@3S4' : ['HpBiosUpdate32.s14', '', ''], - '@3S9' : ['HpBiosUpdate32.s09', '', ''], - '@3SG' : ['HpBiosUpdate32.sig', '', ''], + '@3FI' : ['HpBiosUpdate32.efi', 'HpBiosUpdate32.efi', ''], + '@3S2' : ['HpBiosUpdate32.s12', 'HpBiosUpdate32.s12', ''], + '@3S4' : ['HpBiosUpdate32.s14', 'HpBiosUpdate32.s14', ''], + '@3S9' : ['HpBiosUpdate32.s09', 'HpBiosUpdate32.s09', ''], + '@3SG' : ['HpBiosUpdate32.sig', 'HpBiosUpdate32.sig', ''], '@AMI' : ['UCP_Nested.bin', 'Nested AMI UCP', ''], - '@B12' : ['BiosMgmt.s12', '', ''], - '@B14' : ['BiosMgmt.s14', '', ''], - '@B32' : ['BiosMgmt32.s12', '', ''], - '@B34' : ['BiosMgmt32.s14', '', ''], - '@B39' : ['BiosMgmt32.s09', '', ''], - '@B3E' : ['BiosMgmt32.efi', '', ''], - '@BM9' : ['BiosMgmt.s09', '', ''], - '@BME' : ['BiosMgmt.efi', '', ''], + '@B12' : ['BiosMgmt.s12', 'BiosMgmt.s12', ''], + '@B14' : ['BiosMgmt.s14', 'BiosMgmt.s14', ''], + '@B32' : ['BiosMgmt32.s12', 'BiosMgmt32.s12', ''], + '@B34' : ['BiosMgmt32.s14', 'BiosMgmt32.s14', ''], + '@B39' : ['BiosMgmt32.s09', 'BiosMgmt32.s09', ''], + '@B3E' : ['BiosMgmt32.efi', 'BiosMgmt32.efi', ''], + '@BM9' : ['BiosMgmt.s09', 'BiosMgmt.s09', ''], + '@BME' : ['BiosMgmt.efi', 'BiosMgmt.efi', ''], '@CKV' : ['Check_Version.txt', 'Check Version', 'Text'], '@CMD' : ['AFU_Command.txt', 'AMI AFU Command', 'Text'], '@CPM' : ['AC_Message.txt', 'Confirm Power Message', ''], '@DCT' : ['DevCon32.exe', 'Device Console WIN32', ''], '@DCX' : ['DevCon64.exe', 'Device Console WIN64', ''], - '@DFE' : ['HpDevFwUpdate.efi', '', ''], - '@DFS' : ['HpDevFwUpdate.s12', '', ''], + '@DFE' : ['HpDevFwUpdate.efi', 'HpDevFwUpdate.efi', ''], + '@DFS' : ['HpDevFwUpdate.s12', 'HpDevFwUpdate.s12', ''], '@DIS' : ['Command_Status.bin', 'Default Command Status', ''], - '@ENB' : ['ENBG64.exe', '', ''], + '@ENB' : ['ENBG64.exe', 'ENBG64.exe', ''], + '@HPU' : ['UCP_Main.bin', 'Utility Auxiliary File (HP)', ''], '@INS' : ['Insyde_Nested.bin', 'Nested Insyde SFX', ''], - '@M32' : ['HpBiosMgmt32.s12', '', ''], - '@M34' : ['HpBiosMgmt32.s14', '', ''], - '@M39' : ['HpBiosMgmt32.s09', '', ''], - '@M3I' : ['HpBiosMgmt32.efi', '', ''], + '@M32' : ['HpBiosMgmt32.s12', 'HpBiosMgmt32.s12', ''], + '@M34' : ['HpBiosMgmt32.s14', 'HpBiosMgmt32.s14', ''], + '@M39' : ['HpBiosMgmt32.s09', 'HpBiosMgmt32.s09', ''], + '@M3I' : ['HpBiosMgmt32.efi', 'HpBiosMgmt32.efi', ''], '@MEC' : ['FWUpdLcl.txt', 'Intel FWUpdLcl Command', 'Text'], '@MED' : ['FWUpdLcl_DOS.exe', 'Intel FWUpdLcl DOS', ''], '@MET' : ['FWUpdLcl_WIN32.exe', 'Intel FWUpdLcl WIN32', ''], - '@MFI' : ['HpBiosMgmt.efi', '', ''], - '@MS2' : ['HpBiosMgmt.s12', '', ''], - '@MS4' : ['HpBiosMgmt.s14', '', ''], - '@MS9' : ['HpBiosMgmt.s09', '', ''], - '@NAL' : ['UAF_List.txt', 'Name List', ''], + '@MFI' : ['HpBiosMgmt.efi', 'HpBiosMgmt.efi', ''], + '@MS2' : ['HpBiosMgmt.s12', 'HpBiosMgmt.s12', ''], + '@MS4' : ['HpBiosMgmt.s14', 'HpBiosMgmt.s14', ''], + '@MS9' : ['HpBiosMgmt.s09', 'HpBiosMgmt.s09', ''], + '@NAL' : ['UCP_List.txt', 'AMI UCP Module Name List', ''], '@OKM' : ['OK_Message.txt', 'OK Message', ''], '@PFC' : ['BGT_Command.txt', 'AMI BGT Command', 'Text'], - '@R3I' : ['CryptRSA32.efi', '', ''], - '@RFI' : ['CryptRSA.efi', '', ''], - '@UAF' : ['UCP_Main.bin', 'Utility Auxiliary File', ''], - '@UFI' : ['HpBiosUpdate.efi', '', ''], + '@R3I' : ['CryptRSA32.efi', 'CryptRSA32.efi', ''], + '@RFI' : ['CryptRSA.efi', 'CryptRSA.efi', ''], + '@UAF' : ['UCP_Main.bin', 'Utility Auxiliary File (AMI)', ''], + '@UFI' : ['HpBiosUpdate.efi', 'HpBiosUpdate.efi', ''], '@UII' : ['UCP_Info.txt', 'Utility Identification Information', ''], - '@US2' : ['HpBiosUpdate.s12', '', ''], - '@US4' : ['HpBiosUpdate.s14', '', ''], - '@US9' : ['HpBiosUpdate.s09', '', ''], - '@USG' : ['HpBiosUpdate.sig', '', ''], + '@US2' : ['HpBiosUpdate.s12', 'HpBiosUpdate.s12', ''], + '@US4' : ['HpBiosUpdate.s14', 'HpBiosUpdate.s14', ''], + '@US9' : ['HpBiosUpdate.s09', 'HpBiosUpdate.s09', ''], + '@USG' : ['HpBiosUpdate.sig', 'HpBiosUpdate.sig', ''], '@VER' : ['OEM_Version.txt', 'OEM Version', 'Text'], - '@VXD' : ['amifldrv.vxd', '', ''], - '@W32' : ['amifldrv32.sys', '', ''], - '@W64' : ['amifldrv64.sys', '', ''], + '@VXD' : ['amifldrv.vxd', 'amifldrv.vxd', ''], + '@W32' : ['amifldrv32.sys', 'amifldrv32.sys', ''], + '@W64' : ['amifldrv64.sys', 'amifldrv64.sys', ''], } if __name__ == '__main__': @@ -477,8 +498,8 @@ if __name__ == '__main__': with open(input_file, 'rb') as in_file: input_buffer = in_file.read() - # Get best AMI UCP Pattern match based on @UAF Size - main_uaf_off,main_uaf_bin = get_ami_ucp(input_buffer) + # Get best AMI UCP Pattern match based on @UAF|@HPU Size + main_uaf_off,main_uaf_bin,main_uaf_tag = get_ami_ucp(input_buffer) if not main_uaf_off: printer('Error: This is not an AMI UCP BIOS executable!', padding) @@ -487,7 +508,7 @@ if __name__ == '__main__': extract_path = os.path.join(output_path, input_name) - ucp_extract(main_uaf_bin, extract_path, padding, is_checksum) + ucp_extract(main_uaf_bin, extract_path, main_uaf_tag, padding, is_checksum) printer('Extracted AMI UCP BIOS executable!', padding) diff --git a/common/patterns.py b/common/patterns.py index 0f7d81e..25e8cec 100644 --- a/common/patterns.py +++ b/common/patterns.py @@ -4,7 +4,7 @@ import re PAT_AMI_PFAT = re.compile(b'_AMIPFAT.AMI_BIOS_GUARD_FLASH_CONFIGURATIONS', re.DOTALL) -PAT_AMI_UCP = re.compile(br'\x40\x55\x41\x46.{12}\x40', re.DOTALL) +PAT_AMI_UCP = re.compile(br'@(UAF|HPU).{12}\x40', re.DOTALL) PAT_DELL_PKG = re.compile(br'\x72\x13\x55\x00.{45}\x37\x7A\x58\x5A', re.DOTALL) PAT_DELL_HDR = re.compile(br'\xEE\xAA\x76\x1B\xEC\xBB\x20\xF1\xE6\x51.\x78\x9C', re.DOTALL) PAT_DELL_FTR = re.compile(br'\xEE\xAA\xEE\x8F\x49\x1B\xE8\xAE\x14\x37\x90')